binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze_air/models/cloud_forensics.py

@@ -0,0 +1,145 @@
+"""
+Cloud Forensics models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field
+
+from ..base import AIRBaseModel
+
+
+class CloudVendor(str, Enum):
+    """Cloud vendor enumeration."""
+    AWS = "aws"
+    AZURE = "azure"
+    GCP = "gcp"
+
+
+class CloudAccountStatus(str, Enum):
+    """Cloud account status enumeration."""
+    CONFIGURED = "configured"
+    SYNCING = "syncing"
+    FAILED = "failed"
+
+
+class CloudCredentials(AIRBaseModel):
+    """Cloud credentials model."""
+    
+    access_key_id: Optional[str] = Field(default=None, alias="accessKeyId")
+    secret_access_key: Optional[str] = Field(default=None, alias="secretAccessKey")
+    # Azure credentials
+    tenant_id: Optional[str] = Field(default=None, alias="tenantId")
+    client_id: Optional[str] = Field(default=None, alias="clientId")
+    client_secret: Optional[str] = Field(default=None, alias="clientSecret")
+    # GCP credentials
+    service_account_key: Optional[str] = Field(default=None, alias="serviceAccountKey")
+    project_id: Optional[str] = Field(default=None, alias="projectId")
+
+
+class CloudAccount(AIRBaseModel):
+    """Cloud account model."""
+    
+    id: str = Field(alias="_id")
+    cloud_vendor: CloudVendor = Field(alias="cloudVendor")
+    organization_id: int = Field(alias="organizationId")
+    account_id: str = Field(alias="accountId")
+    detected_assets_count: int = Field(default=0, alias="detectedAssetsCount")
+    status: CloudAccountStatus
+    credentials: CloudCredentials
+    account_name: str = Field(alias="accountName")
+    last_sync_date: Optional[datetime] = Field(default=None, alias="lastSyncDate")
+    errors: List[str] = Field(default_factory=list)
+    created_at: datetime = Field(alias="createdAt")
+    updated_at: datetime = Field(alias="updatedAt")
+
+
+class CloudAccountFilter(AIRBaseModel):
+    """Filter parameters for cloud accounts."""
+    
+    page_size: Optional[int] = Field(default=10, alias="pageSize")
+    page_number: Optional[int] = Field(default=1, alias="pageNumber")
+    sort_type: Optional[str] = Field(default="DESC", alias="sortType")  # ASC or DESC
+    sort_by: Optional[str] = Field(default="createdAt", alias="sortBy")  # status, cloudVendor, detectedAssetsCount, lastSyncDate, createdAt
+    search_term: Optional[str] = Field(default=None, alias="searchTerm")
+    cloud_vendor: Optional[CloudVendor] = Field(default=None, alias="cloudVendor")
+    status: Optional[CloudAccountStatus] = Field(default=None)
+    organization_ids: Optional[List[int]] = Field(default=None, alias="organizationIds")
+
+
+class CloudAccountsPaginatedResponse(AIRBaseModel):
+    """Paginated response for cloud accounts."""
+    
+    entities: List[CloudAccount]
+    filters: List[Dict[str, Any]]
+    sortables: List[str]
+    total_entity_count: int = Field(alias="totalEntityCount")
+    current_page: int = Field(alias="currentPage")
+    page_size: int = Field(alias="pageSize")
+    previous_page: int = Field(alias="previousPage")
+    total_page_count: int = Field(alias="totalPageCount")
+    next_page: int = Field(alias="nextPage")
+
+
+class CreateCloudAccountRequest(AIRBaseModel):
+    """Request model for creating cloud accounts."""
+    
+    cloud_vendor: CloudVendor = Field(alias="cloudVendor")
+    account_name: str = Field(alias="accountName")
+    credentials: CloudCredentials
+    organization_id: int = Field(alias="organizationId")
+
+
+class UpdateCloudAccountRequest(AIRBaseModel):
+    """Request model for updating cloud accounts."""
+    
+    account_name: Optional[str] = Field(default=None, alias="accountName")
+    credentials: Optional[CloudCredentials] = Field(default=None)
+
+
+class CloudAccountSyncResult(AIRBaseModel):
+    """Cloud account sync result model."""
+    
+    account_id: str = Field(alias="accountId")
+    status: str
+    assets_discovered: int = Field(default=0, alias="assetsDiscovered")
+    sync_started_at: datetime = Field(alias="syncStartedAt")
+    sync_completed_at: Optional[datetime] = Field(default=None, alias="syncCompletedAt")
+    errors: List[str] = Field(default_factory=list)
+
+
+class CloudVendorSyncResult(AIRBaseModel):
+    """Cloud vendor sync result model."""
+    
+    cloud_vendor: Optional[CloudVendor] = Field(default=None, alias="cloudVendor")
+    accounts_synced: int = Field(default=0, alias="accountsSynced")
+    total_assets_discovered: int = Field(default=0, alias="totalAssetsDiscovered")
+    sync_started_at: Optional[datetime] = Field(default=None, alias="syncStartedAt")
+    sync_completed_at: Optional[datetime] = Field(default=None, alias="syncCompletedAt")
+    account_results: List[CloudAccountSyncResult] = Field(default_factory=list, alias="accountResults")
+
+
+class CloudAsset(AIRBaseModel):
+    """Cloud asset model."""
+    
+    id: str = Field(alias="_id")
+    account_id: str = Field(alias="accountId")
+    cloud_vendor: CloudVendor = Field(alias="cloudVendor")
+    asset_type: str = Field(alias="assetType")
+    asset_name: str = Field(alias="assetName")
+    region: Optional[str] = Field(default=None)
+    status: str
+    tags: Dict[str, str] = Field(default_factory=dict)
+    metadata: Dict[str, Any] = Field(default_factory=dict)
+    discovered_at: datetime = Field(alias="discoveredAt")
+    last_updated: datetime = Field(alias="lastUpdated")
+
+
+class CloudForensicsExportRequest(AIRBaseModel):
+    """Export request model for cloud forensics data."""
+    
+    format: str = Field(default="csv")  # csv, json, xlsx
+    filters: Optional[CloudAccountFilter] = Field(default=None)
+    include_credentials: bool = Field(default=False, alias="includeCredentials")
+    include_assets: bool = Field(default=False, alias="includeAssets") 

binalyze_air/models/event_subscription.py

@@ -1,172 +1,171 @@
-"""
-Event Subscription API models for the Binalyze AIR SDK.
-"""
-
-from typing import List, Optional, Dict, Any
-from datetime import datetime
-from enum import Enum
-from pydantic import Field, field_validator
-
-from ..base import AIRBaseModel, Filter
-
-
-class SubscriptionStatus(str, Enum):
-    """Event subscription status."""
-    ACTIVE = "active"
-    INACTIVE = "inactive"
-    PENDING = "pending"
-    FAILED = "failed"
-
-
-class EventType(str, Enum):
-    """Event types for subscriptions."""
-    # Real API event names from JSON specification
-    DEPLOYMENT_TOKEN_REGENERATED = "DeploymentTokenRegeneratedEvent"
-    TASK_PROCESSING_FAILED = "TaskProcessingFailedEvent"
-    TASK_PROCESSING_COMPLETED = "TaskProcessingCompletedEvent"
-    CASE_FILE_SAVED = "CaseFileSavedEvent"
-    
-    # Additional common event types (these may exist in the system)
-    ASSET_CREATED = "AssetCreatedEvent"
-    ASSET_UPDATED = "AssetUpdatedEvent"
-    ASSET_DELETED = "AssetDeletedEvent"
-    CASE_CREATED = "CaseCreatedEvent"
-    CASE_UPDATED = "CaseUpdatedEvent"
-    CASE_CLOSED = "CaseClosedEvent"
-    TASK_STARTED = "TaskStartedEvent"
-    POLICY_EXECUTED = "PolicyExecutedEvent"
-    ALERT_TRIGGERED = "AlertTriggeredEvent"
-
-
-class DeliveryMethod(str, Enum):
-    """Event delivery methods."""
-    WEBHOOK = "webhook"
-    EMAIL = "email"
-    SYSLOG = "syslog"
-
-
-class EventSubscription(AIRBaseModel):
-    """Event subscription model."""
-    
-    id: str = Field(alias="id")  # API returns int, but we'll convert to string
-    name: str
-    description: Optional[str] = None
-    event_types: Optional[List[EventType]] = Field(default=[], alias="events")  # API: events -> SDK: event_types
-    delivery_method: Optional[DeliveryMethod] = Field(default=None, alias="deliveryMethod")
-    endpoint_url: Optional[str] = Field(default=None, alias="url")  # API: url -> SDK: endpoint_url
-    email_addresses: Optional[List[str]] = Field(default=None, alias="emailAddresses")
-    syslog_server: Optional[str] = Field(default=None, alias="syslogServer")
-    status: Optional[SubscriptionStatus] = None
-    active: Optional[bool] = None  # API uses active boolean instead of status enum
-    organization_id: Optional[int] = Field(default=None, alias="organizationId")
-    created_by: Optional[str] = Field(default=None, alias="createdBy")
-    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
-    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
-    last_triggered: Optional[datetime] = Field(default=None, alias="lastTriggered")
-    trigger_count: int = Field(default=0, alias="triggerCount")
-    retry_count: int = Field(default=3, alias="retryCount")
-    retry_interval: int = Field(default=300, alias="retryInterval")  # seconds
-    headers: Optional[Dict[str, str]] = None  # For webhook headers
-    authentication: Optional[Dict[str, Any]] = None
-    filters: Optional[Dict[str, Any]] = None  # Event filtering criteria
-    url: Optional[str] = None  # Keep original API field name for backward compatibility
-    auth_token: Optional[str] = Field(default=None, alias="authToken")
-    
-    @field_validator('id', mode='before')
-    @classmethod
-    def convert_id_to_string(cls, v):
-        """Convert ID from int to string as API returns numbers."""
-        return str(v) if v is not None else v
-
-
-class CreateEventSubscriptionRequest(AIRBaseModel):
-    """Request model for creating event subscriptions."""
-    
-    name: str
-    description: Optional[str] = None
-    event_types: List[EventType]
-    delivery_method: DeliveryMethod
-    endpoint_url: Optional[str] = None
-    email_addresses: Optional[List[str]] = None
-    syslog_server: Optional[str] = None
-    organization_id: int
-    retry_count: Optional[int] = 3
-    retry_interval: Optional[int] = 300
-    headers: Optional[Dict[str, str]] = None
-    authentication: Optional[Dict[str, Any]] = None
-    filters: Optional[Dict[str, Any]] = None
-
-
-class UpdateEventSubscriptionRequest(AIRBaseModel):
-    """Request model for updating event subscriptions."""
-    
-    name: Optional[str] = None
-    description: Optional[str] = None
-    event_types: Optional[List[EventType]] = None
-    delivery_method: Optional[DeliveryMethod] = None
-    endpoint_url: Optional[str] = None
-    email_addresses: Optional[List[str]] = None
-    syslog_server: Optional[str] = None
-    status: Optional[SubscriptionStatus] = None
-    retry_count: Optional[int] = None
-    retry_interval: Optional[int] = None
-    headers: Optional[Dict[str, str]] = None
-    authentication: Optional[Dict[str, Any]] = None
-    filters: Optional[Dict[str, Any]] = None
-
-
-class EventSubscriptionFilter(Filter):
-    """Filter for event subscription queries."""
-    
-    name: Optional[str] = None
-    event_type: Optional[EventType] = None
-    delivery_method: Optional[DeliveryMethod] = None
-    status: Optional[SubscriptionStatus] = None
-    created_by: Optional[str] = None
-    is_active: Optional[bool] = None  # API uses isActive
-    url: Optional[str] = None  # API supports URL filtering
-    
-    def to_params(self) -> Dict[str, Any]:
-        """Convert filter to API parameters with proper field mapping."""
-        params = {}
-        
-        # Pagination parameters (not in filter namespace)
-        if self.page_number is not None:
-            params["pageNumber"] = self.page_number
-        if self.page_size is not None:
-            params["pageSize"] = self.page_size
-        if self.sort_by is not None:
-            params["sortBy"] = self.sort_by
-        if self.sort_type is not None:
-            params["sortType"] = self.sort_type
-        
-        # Filter parameters with proper field mapping
-        field_mappings = {
-            "search_term": "searchTerm",
-            "organization_ids": "organizationId",  # API expects single organizationId in filter
-            "name": "name",
-            "event_type": "eventType",
-            "delivery_method": "deliveryMethod", 
-            "status": "status",
-            "created_by": "createdBy",
-            "is_active": "isActive",
-            "url": "url"
-        }
-        
-        for field_name, field_value in self.model_dump(exclude_none=True).items():
-            # Skip pagination/sorting fields as they're handled above
-            if field_name in ["page_number", "page_size", "sort_by", "sort_type"]:
-                continue
-                
-            if field_value is not None:
-                api_field_name = field_mappings.get(field_name, field_name)
-                
-                # Special handling for organization_ids - use first ID for organizationId filter
-                if field_name == "organization_ids" and isinstance(field_value, list) and len(field_value) > 0:
-                    params[f"filter[{api_field_name}]"] = str(field_value[0])
-                elif isinstance(field_value, list):
-                    params[f"filter[{api_field_name}]"] = ",".join(map(str, field_value))
-                else:
-                    params[f"filter[{api_field_name}]"] = str(field_value)
-        
+"""
+Event Subscription API models for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+from datetime import datetime
+from enum import Enum
+from pydantic import Field, field_validator
+
+from ..base import AIRBaseModel, Filter
+
+
+class SubscriptionStatus(str, Enum):
+    """Event subscription status."""
+    ACTIVE = "active"
+    INACTIVE = "inactive"
+    PENDING = "pending"
+    FAILED = "failed"
+
+
+class EventType(str, Enum):
+    """Event types for subscriptions."""
+    # Real API event names from JSON specification
+    DEPLOYMENT_TOKEN_REGENERATED = "DeploymentTokenRegeneratedEvent"
+    TASK_PROCESSING_FAILED = "TaskProcessingFailedEvent"
+    TASK_PROCESSING_COMPLETED = "TaskProcessingCompletedEvent"
+    CASE_FILE_SAVED = "CaseFileSavedEvent"
+    
+    # Additional event types found in the API
+    TASK_FAILED = "TaskFailedEvent"  # Found in API response
+    ENDPOINT_ONLINE = "EndpointOnlineEvent"  # Found in API response
+    ENDPOINT_OFFLINE = "EndpointOfflineEvent"  # Found in API response
+    TASK_COMPLETED = "TaskCompletedEvent"  # Found in API response
+    
+    # Additional common event types (these may exist in the system)
+    ASSET_CREATED = "AssetCreatedEvent"
+    ASSET_UPDATED = "AssetUpdatedEvent"
+    ASSET_DELETED = "AssetDeletedEvent"
+    CASE_CREATED = "CaseCreatedEvent"
+    CASE_UPDATED = "CaseUpdatedEvent"
+    CASE_CLOSED = "CaseClosedEvent"
+    TASK_STARTED = "TaskStartedEvent"
+    POLICY_EXECUTED = "PolicyExecutedEvent"
+    ALERT_TRIGGERED = "AlertTriggeredEvent"
+
+
+class DeliveryMethod(str, Enum):
+    """Event delivery methods."""
+    WEBHOOK = "webhook"
+    EMAIL = "email"
+    SYSLOG = "syslog"
+
+
+class EventSubscription(AIRBaseModel):
+    """Event subscription model."""
+    
+    id: str = Field(alias="id")  # API returns int, but we'll convert to string
+    name: str
+    description: Optional[str] = None
+    event_types: Optional[List[EventType]] = Field(default=[], alias="events")  # API: events -> SDK: event_types
+    delivery_method: Optional[DeliveryMethod] = Field(default=None, alias="deliveryMethod")
+    endpoint_url: Optional[str] = Field(default=None, alias="url")  # API: url -> SDK: endpoint_url
+    email_addresses: Optional[List[str]] = Field(default=None, alias="emailAddresses")
+    syslog_server: Optional[str] = Field(default=None, alias="syslogServer")
+    status: Optional[SubscriptionStatus] = None
+    active: Optional[bool] = None  # API uses active boolean instead of status enum
+    organization_id: Optional[int] = Field(default=None, alias="organizationId")
+    created_by: Optional[str] = Field(default=None, alias="createdBy")
+    created_at: Optional[datetime] = Field(default=None, alias="createdAt")
+    updated_at: Optional[datetime] = Field(default=None, alias="updatedAt")
+    last_triggered: Optional[datetime] = Field(default=None, alias="lastTriggered")
+    trigger_count: int = Field(default=0, alias="triggerCount")
+    retry_count: int = Field(default=3, alias="retryCount")
+    retry_interval: int = Field(default=300, alias="retryInterval")  # seconds
+    headers: Optional[Dict[str, str]] = None  # For webhook headers
+    authentication: Optional[Dict[str, Any]] = None
+    filters: Optional[Dict[str, Any]] = None  # Event filtering criteria
+    url: Optional[str] = None  # Keep original API field name for backward compatibility
+    auth_token: Optional[str] = Field(default=None, alias="authToken")
+    
+    @field_validator('id', mode='before')
+    @classmethod
+    def convert_id_to_string(cls, v):
+        """Convert ID from int to string as API returns numbers."""
+        return str(v) if v is not None else v
+
+
+class CreateEventSubscriptionRequest(AIRBaseModel):
+    """Request model for creating event subscriptions."""
+    
+    name: str
+    description: Optional[str] = None
+    event_types: List[EventType]
+    delivery_method: DeliveryMethod
+    endpoint_url: Optional[str] = None
+    email_addresses: Optional[List[str]] = None
+    syslog_server: Optional[str] = None
+    organization_id: int
+    retry_count: Optional[int] = 3
+    retry_interval: Optional[int] = 300
+    headers: Optional[Dict[str, str]] = None
+    authentication: Optional[Dict[str, Any]] = None
+    filters: Optional[Dict[str, Any]] = None
+
+
+class UpdateEventSubscriptionRequest(AIRBaseModel):
+    """Request model for updating event subscriptions."""
+    
+    name: Optional[str] = None
+    description: Optional[str] = None
+    event_types: Optional[List[EventType]] = None
+    delivery_method: Optional[DeliveryMethod] = None
+    endpoint_url: Optional[str] = None
+    email_addresses: Optional[List[str]] = None
+    syslog_server: Optional[str] = None
+    status: Optional[SubscriptionStatus] = None
+    retry_count: Optional[int] = None
+    retry_interval: Optional[int] = None
+    headers: Optional[Dict[str, str]] = None
+    authentication: Optional[Dict[str, Any]] = None
+    filters: Optional[Dict[str, Any]] = None
+
+
+class EventSubscriptionFilter(Filter):
+    """Filter for event subscription queries."""
+    
+    # Override the default organization_ids to not use organization filtering
+    organization_ids: Optional[List[int]] = None
+    
+    # Add organizationId (singular) as required by the API
+    organization_id: Optional[int] = None
+    
+    name: Optional[str] = None
+    event_type: Optional[EventType] = None
+    delivery_method: Optional[DeliveryMethod] = None
+    status: Optional[SubscriptionStatus] = None
+    created_by: Optional[str] = None
+    is_active: Optional[bool] = None  # API uses isActive
+    url: Optional[str] = None  # API supports URL filtering
+    
+    def to_params(self) -> Dict[str, Any]:
+        """Convert filter to API parameters, using organizationId (singular) for event subscriptions."""
+        params = {}
+        
+        # Pagination parameters (not in filter namespace)
+        if self.page_number is not None:
+            params["pageNumber"] = self.page_number
+        if self.page_size is not None:
+            params["pageSize"] = self.page_size
+        if self.sort_by is not None:
+            params["sortBy"] = self.sort_by
+        if self.sort_type is not None:
+            params["sortType"] = self.sort_type
+        
+        # Always add organizationId (required by API) - default to 0 if not set
+        organization_id = self.organization_id if self.organization_id is not None else 0
+        params["filter[organizationId]"] = str(organization_id)
+        
+        # Filter parameters (in filter namespace) - EXCLUDE organization_ids and organization_id
+        for field_name, field_value in self.model_dump(exclude_none=True).items():
+            # Skip pagination/sorting fields and organization fields (handled above)
+            if field_name in ["page_number", "page_size", "sort_by", "sort_type", "organization_ids", "organization_id"]:
+                continue
+                
+            if field_value is not None:
+                if isinstance(field_value, list):
+                    if len(field_value) > 0:  # Only add non-empty lists
+                        params[f"filter[{field_name}]"] = ",".join([str(x) for x in field_value])
+                else:
+                    params[f"filter[{field_name}]"] = str(field_value)
         return params 

binalyze_air/models/evidence.py

@@ -1,66 +1,66 @@
-"""
-Evidence-related data models for the Binalyze AIR SDK.
-"""
-
-from typing import Optional, List, Dict, Any
-from datetime import datetime
-
-from ..base import AIRBaseModel
-
-
-class EvidencePPC(AIRBaseModel):
-    """Evidence PPC (Portable Pre-processor Configuration) model for binary file downloads."""
-    
-    endpoint_id: str
-    task_id: str
-    content: bytes  # Binary content of the PPC file
-    content_type: Optional[str] = None  # MIME type of the file
-    content_length: Optional[int] = None  # Size of the file in bytes
-    filename: Optional[str] = None  # Suggested filename
-    
-    def save_to_file(self, filepath: str) -> bool:
-        """Save the PPC content to a file."""
-        try:
-            with open(filepath, 'wb') as f:
-                f.write(self.content)
-            return True
-        except Exception:
-            return False
-
-
-class EvidenceReportFileInfo(AIRBaseModel):
-    """Evidence report file info model."""
-    
-    endpoint_id: str
-    task_id: str
-    file_name: Optional[str] = None
-    file_size: Optional[int] = None
-    created_at: Optional[datetime] = None
-    status: Optional[str] = None
-    # Additional fields from API
-    file_path: Optional[str] = None  # Full path to the file
-    encoding: Optional[str] = None  # File encoding (e.g., "7bit")
-    mime_type: Optional[str] = None  # MIME type (e.g., "application/octet-stream")
-    file_hash: Optional[str] = None  # File hash/checksum
-    organization_id: Optional[int] = None  # Organization ID
-    is_purged: Optional[bool] = None  # Whether file has been purged
-
-
-class EvidenceReport(AIRBaseModel):
-    """Evidence report model."""
-    
-    endpoint_id: str
-    task_id: str
-    content: bytes  # Binary content of the report file
-    content_type: Optional[str] = None
-    content_length: Optional[int] = None
-    filename: Optional[str] = None
-    
-    def save_to_file(self, filepath: str) -> bool:
-        """Save the report content to a file."""
-        try:
-            with open(filepath, 'wb') as f:
-                f.write(self.content)
-            return True
-        except Exception:
+"""
+Evidence-related data models for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+from datetime import datetime
+
+from ..base import AIRBaseModel
+
+
+class EvidencePPC(AIRBaseModel):
+    """Evidence PPC (Portable Pre-processor Configuration) model for binary file downloads."""
+    
+    endpoint_id: str
+    task_id: str
+    content: bytes  # Binary content of the PPC file
+    content_type: Optional[str] = None  # MIME type of the file
+    content_length: Optional[int] = None  # Size of the file in bytes
+    filename: Optional[str] = None  # Suggested filename
+    
+    def save_to_file(self, filepath: str) -> bool:
+        """Save the PPC content to a file."""
+        try:
+            with open(filepath, 'wb') as f:
+                f.write(self.content)
+            return True
+        except Exception:
+            return False
+
+
+class EvidenceReportFileInfo(AIRBaseModel):
+    """Evidence report file info model."""
+    
+    endpoint_id: str
+    task_id: str
+    file_name: Optional[str] = None
+    file_size: Optional[int] = None
+    created_at: Optional[datetime] = None
+    status: Optional[str] = None
+    # Additional fields from API
+    file_path: Optional[str] = None  # Full path to the file
+    encoding: Optional[str] = None  # File encoding (e.g., "7bit")
+    mime_type: Optional[str] = None  # MIME type (e.g., "application/octet-stream")
+    file_hash: Optional[str] = None  # File hash/checksum
+    organization_id: Optional[int] = None  # Organization ID
+    is_purged: Optional[bool] = None  # Whether file has been purged
+
+
+class EvidenceReport(AIRBaseModel):
+    """Evidence report model."""
+    
+    endpoint_id: str
+    task_id: str
+    content: bytes  # Binary content of the report file
+    content_type: Optional[str] = None
+    content_length: Optional[int] = None
+    filename: Optional[str] = None
+    
+    def save_to_file(self, filepath: str) -> bool:
+        """Save the report content to a file."""
+        try:
+            with open(filepath, 'wb') as f:
+                f.write(self.content)
+            return True
+        except Exception:
             return False