regscale-cli 6.16.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (481) hide show
  1. regscale/__init__.py +1 -0
  2. regscale/airflow/__init__.py +9 -0
  3. regscale/airflow/azure/__init__.py +9 -0
  4. regscale/airflow/azure/cli.py +89 -0
  5. regscale/airflow/azure/upload_dags.py +116 -0
  6. regscale/airflow/click_dags.py +127 -0
  7. regscale/airflow/click_mixins.py +82 -0
  8. regscale/airflow/config.py +25 -0
  9. regscale/airflow/factories/__init__.py +0 -0
  10. regscale/airflow/factories/connections.py +58 -0
  11. regscale/airflow/factories/workflows.py +78 -0
  12. regscale/airflow/hierarchy.py +88 -0
  13. regscale/airflow/operators/__init__.py +0 -0
  14. regscale/airflow/operators/click.py +36 -0
  15. regscale/airflow/sensors/__init__.py +0 -0
  16. regscale/airflow/sensors/sql.py +107 -0
  17. regscale/airflow/sessions/__init__.py +0 -0
  18. regscale/airflow/sessions/sql/__init__.py +3 -0
  19. regscale/airflow/sessions/sql/queries.py +64 -0
  20. regscale/airflow/sessions/sql/sql_server_queries.py +248 -0
  21. regscale/airflow/tasks/__init__.py +0 -0
  22. regscale/airflow/tasks/branches.py +22 -0
  23. regscale/airflow/tasks/cli.py +116 -0
  24. regscale/airflow/tasks/click.py +73 -0
  25. regscale/airflow/tasks/debugging.py +9 -0
  26. regscale/airflow/tasks/groups.py +116 -0
  27. regscale/airflow/tasks/init.py +60 -0
  28. regscale/airflow/tasks/states.py +47 -0
  29. regscale/airflow/tasks/workflows.py +36 -0
  30. regscale/ansible/__init__.py +9 -0
  31. regscale/core/__init__.py +0 -0
  32. regscale/core/app/__init__.py +3 -0
  33. regscale/core/app/api.py +571 -0
  34. regscale/core/app/application.py +665 -0
  35. regscale/core/app/internal/__init__.py +136 -0
  36. regscale/core/app/internal/admin_actions.py +230 -0
  37. regscale/core/app/internal/assessments_editor.py +873 -0
  38. regscale/core/app/internal/catalog.py +316 -0
  39. regscale/core/app/internal/comparison.py +459 -0
  40. regscale/core/app/internal/control_editor.py +571 -0
  41. regscale/core/app/internal/encrypt.py +79 -0
  42. regscale/core/app/internal/evidence.py +1240 -0
  43. regscale/core/app/internal/file_uploads.py +151 -0
  44. regscale/core/app/internal/healthcheck.py +66 -0
  45. regscale/core/app/internal/login.py +305 -0
  46. regscale/core/app/internal/migrations.py +240 -0
  47. regscale/core/app/internal/model_editor.py +1701 -0
  48. regscale/core/app/internal/poam_editor.py +632 -0
  49. regscale/core/app/internal/workflow.py +105 -0
  50. regscale/core/app/logz.py +74 -0
  51. regscale/core/app/utils/XMLIR.py +258 -0
  52. regscale/core/app/utils/__init__.py +0 -0
  53. regscale/core/app/utils/api_handler.py +358 -0
  54. regscale/core/app/utils/app_utils.py +1110 -0
  55. regscale/core/app/utils/catalog_utils/__init__.py +0 -0
  56. regscale/core/app/utils/catalog_utils/common.py +91 -0
  57. regscale/core/app/utils/catalog_utils/compare_catalog.py +193 -0
  58. regscale/core/app/utils/catalog_utils/diagnostic_catalog.py +97 -0
  59. regscale/core/app/utils/catalog_utils/download_catalog.py +103 -0
  60. regscale/core/app/utils/catalog_utils/update_catalog.py +718 -0
  61. regscale/core/app/utils/catalog_utils/update_catalog_v2.py +1378 -0
  62. regscale/core/app/utils/catalog_utils/update_catalog_v3.py +1272 -0
  63. regscale/core/app/utils/catalog_utils/update_plans.py +334 -0
  64. regscale/core/app/utils/file_utils.py +238 -0
  65. regscale/core/app/utils/parser_utils.py +81 -0
  66. regscale/core/app/utils/pickle_file_handler.py +57 -0
  67. regscale/core/app/utils/regscale_utils.py +319 -0
  68. regscale/core/app/utils/report_utils.py +119 -0
  69. regscale/core/app/utils/variables.py +226 -0
  70. regscale/core/decorators.py +31 -0
  71. regscale/core/lazy_group.py +65 -0
  72. regscale/core/login.py +63 -0
  73. regscale/core/server/__init__.py +0 -0
  74. regscale/core/server/flask_api.py +473 -0
  75. regscale/core/server/helpers.py +373 -0
  76. regscale/core/server/rest.py +64 -0
  77. regscale/core/server/static/css/bootstrap.css +6030 -0
  78. regscale/core/server/static/css/bootstrap.min.css +6 -0
  79. regscale/core/server/static/css/main.css +176 -0
  80. regscale/core/server/static/images/regscale-cli.svg +49 -0
  81. regscale/core/server/static/images/regscale.svg +38 -0
  82. regscale/core/server/templates/base.html +74 -0
  83. regscale/core/server/templates/index.html +43 -0
  84. regscale/core/server/templates/login.html +28 -0
  85. regscale/core/server/templates/make_base64.html +22 -0
  86. regscale/core/server/templates/upload_STIG.html +109 -0
  87. regscale/core/server/templates/upload_STIG_result.html +26 -0
  88. regscale/core/server/templates/upload_ssp.html +144 -0
  89. regscale/core/server/templates/upload_ssp_result.html +128 -0
  90. regscale/core/static/__init__.py +0 -0
  91. regscale/core/static/regex.py +14 -0
  92. regscale/core/utils/__init__.py +117 -0
  93. regscale/core/utils/click_utils.py +13 -0
  94. regscale/core/utils/date.py +238 -0
  95. regscale/core/utils/graphql.py +254 -0
  96. regscale/core/utils/urls.py +23 -0
  97. regscale/dev/__init__.py +6 -0
  98. regscale/dev/analysis.py +454 -0
  99. regscale/dev/cli.py +235 -0
  100. regscale/dev/code_gen.py +492 -0
  101. regscale/dev/dirs.py +69 -0
  102. regscale/dev/docs.py +384 -0
  103. regscale/dev/monitoring.py +26 -0
  104. regscale/dev/profiling.py +216 -0
  105. regscale/exceptions/__init__.py +4 -0
  106. regscale/exceptions/license_exception.py +7 -0
  107. regscale/exceptions/validation_exception.py +9 -0
  108. regscale/integrations/__init__.py +1 -0
  109. regscale/integrations/commercial/__init__.py +486 -0
  110. regscale/integrations/commercial/ad.py +433 -0
  111. regscale/integrations/commercial/amazon/__init__.py +0 -0
  112. regscale/integrations/commercial/amazon/common.py +106 -0
  113. regscale/integrations/commercial/aqua/__init__.py +0 -0
  114. regscale/integrations/commercial/aqua/aqua.py +91 -0
  115. regscale/integrations/commercial/aws/__init__.py +6 -0
  116. regscale/integrations/commercial/aws/cli.py +322 -0
  117. regscale/integrations/commercial/aws/inventory/__init__.py +110 -0
  118. regscale/integrations/commercial/aws/inventory/base.py +64 -0
  119. regscale/integrations/commercial/aws/inventory/resources/__init__.py +19 -0
  120. regscale/integrations/commercial/aws/inventory/resources/compute.py +234 -0
  121. regscale/integrations/commercial/aws/inventory/resources/containers.py +113 -0
  122. regscale/integrations/commercial/aws/inventory/resources/database.py +101 -0
  123. regscale/integrations/commercial/aws/inventory/resources/integration.py +237 -0
  124. regscale/integrations/commercial/aws/inventory/resources/networking.py +253 -0
  125. regscale/integrations/commercial/aws/inventory/resources/security.py +240 -0
  126. regscale/integrations/commercial/aws/inventory/resources/storage.py +91 -0
  127. regscale/integrations/commercial/aws/scanner.py +823 -0
  128. regscale/integrations/commercial/azure/__init__.py +0 -0
  129. regscale/integrations/commercial/azure/common.py +32 -0
  130. regscale/integrations/commercial/azure/intune.py +488 -0
  131. regscale/integrations/commercial/azure/scanner.py +49 -0
  132. regscale/integrations/commercial/burp.py +78 -0
  133. regscale/integrations/commercial/cpe.py +144 -0
  134. regscale/integrations/commercial/crowdstrike.py +1117 -0
  135. regscale/integrations/commercial/defender.py +1511 -0
  136. regscale/integrations/commercial/dependabot.py +210 -0
  137. regscale/integrations/commercial/durosuite/__init__.py +0 -0
  138. regscale/integrations/commercial/durosuite/api.py +1546 -0
  139. regscale/integrations/commercial/durosuite/process_devices.py +101 -0
  140. regscale/integrations/commercial/durosuite/scanner.py +637 -0
  141. regscale/integrations/commercial/durosuite/variables.py +21 -0
  142. regscale/integrations/commercial/ecr.py +90 -0
  143. regscale/integrations/commercial/gcp/__init__.py +237 -0
  144. regscale/integrations/commercial/gcp/auth.py +96 -0
  145. regscale/integrations/commercial/gcp/control_tests.py +238 -0
  146. regscale/integrations/commercial/gcp/variables.py +18 -0
  147. regscale/integrations/commercial/gitlab.py +332 -0
  148. regscale/integrations/commercial/grype.py +165 -0
  149. regscale/integrations/commercial/ibm.py +90 -0
  150. regscale/integrations/commercial/import_all/__init__.py +0 -0
  151. regscale/integrations/commercial/import_all/import_all_cmd.py +467 -0
  152. regscale/integrations/commercial/import_all/scan_file_fingerprints.json +27 -0
  153. regscale/integrations/commercial/jira.py +1046 -0
  154. regscale/integrations/commercial/mappings/__init__.py +0 -0
  155. regscale/integrations/commercial/mappings/csf_controls.json +713 -0
  156. regscale/integrations/commercial/mappings/nist_800_53_r5_controls.json +1516 -0
  157. regscale/integrations/commercial/nessus/__init__.py +0 -0
  158. regscale/integrations/commercial/nessus/nessus_utils.py +429 -0
  159. regscale/integrations/commercial/nessus/scanner.py +416 -0
  160. regscale/integrations/commercial/nexpose.py +90 -0
  161. regscale/integrations/commercial/okta.py +798 -0
  162. regscale/integrations/commercial/opentext/__init__.py +0 -0
  163. regscale/integrations/commercial/opentext/click.py +99 -0
  164. regscale/integrations/commercial/opentext/scanner.py +143 -0
  165. regscale/integrations/commercial/prisma.py +91 -0
  166. regscale/integrations/commercial/qualys.py +1462 -0
  167. regscale/integrations/commercial/salesforce.py +980 -0
  168. regscale/integrations/commercial/sap/__init__.py +0 -0
  169. regscale/integrations/commercial/sap/click.py +31 -0
  170. regscale/integrations/commercial/sap/sysdig/__init__.py +0 -0
  171. regscale/integrations/commercial/sap/sysdig/click.py +57 -0
  172. regscale/integrations/commercial/sap/sysdig/sysdig_scanner.py +190 -0
  173. regscale/integrations/commercial/sap/tenable/__init__.py +0 -0
  174. regscale/integrations/commercial/sap/tenable/click.py +49 -0
  175. regscale/integrations/commercial/sap/tenable/scanner.py +196 -0
  176. regscale/integrations/commercial/servicenow.py +1756 -0
  177. regscale/integrations/commercial/sicura/__init__.py +0 -0
  178. regscale/integrations/commercial/sicura/api.py +855 -0
  179. regscale/integrations/commercial/sicura/commands.py +73 -0
  180. regscale/integrations/commercial/sicura/scanner.py +481 -0
  181. regscale/integrations/commercial/sicura/variables.py +16 -0
  182. regscale/integrations/commercial/snyk.py +90 -0
  183. regscale/integrations/commercial/sonarcloud.py +260 -0
  184. regscale/integrations/commercial/sqlserver.py +369 -0
  185. regscale/integrations/commercial/stig_mapper_integration/__init__.py +0 -0
  186. regscale/integrations/commercial/stig_mapper_integration/click_commands.py +38 -0
  187. regscale/integrations/commercial/stig_mapper_integration/mapping_engine.py +353 -0
  188. regscale/integrations/commercial/stigv2/__init__.py +0 -0
  189. regscale/integrations/commercial/stigv2/ckl_parser.py +349 -0
  190. regscale/integrations/commercial/stigv2/click_commands.py +95 -0
  191. regscale/integrations/commercial/stigv2/stig_integration.py +202 -0
  192. regscale/integrations/commercial/synqly/__init__.py +0 -0
  193. regscale/integrations/commercial/synqly/assets.py +46 -0
  194. regscale/integrations/commercial/synqly/ticketing.py +132 -0
  195. regscale/integrations/commercial/synqly/vulnerabilities.py +223 -0
  196. regscale/integrations/commercial/synqly_jira.py +840 -0
  197. regscale/integrations/commercial/tenablev2/__init__.py +0 -0
  198. regscale/integrations/commercial/tenablev2/authenticate.py +31 -0
  199. regscale/integrations/commercial/tenablev2/click.py +1584 -0
  200. regscale/integrations/commercial/tenablev2/scanner.py +504 -0
  201. regscale/integrations/commercial/tenablev2/stig_parsers.py +140 -0
  202. regscale/integrations/commercial/tenablev2/utils.py +78 -0
  203. regscale/integrations/commercial/tenablev2/variables.py +17 -0
  204. regscale/integrations/commercial/trivy.py +162 -0
  205. regscale/integrations/commercial/veracode.py +96 -0
  206. regscale/integrations/commercial/wizv2/WizDataMixin.py +97 -0
  207. regscale/integrations/commercial/wizv2/__init__.py +0 -0
  208. regscale/integrations/commercial/wizv2/click.py +429 -0
  209. regscale/integrations/commercial/wizv2/constants.py +1001 -0
  210. regscale/integrations/commercial/wizv2/issue.py +361 -0
  211. regscale/integrations/commercial/wizv2/models.py +112 -0
  212. regscale/integrations/commercial/wizv2/parsers.py +339 -0
  213. regscale/integrations/commercial/wizv2/sbom.py +115 -0
  214. regscale/integrations/commercial/wizv2/scanner.py +416 -0
  215. regscale/integrations/commercial/wizv2/utils.py +796 -0
  216. regscale/integrations/commercial/wizv2/variables.py +39 -0
  217. regscale/integrations/commercial/wizv2/wiz_auth.py +159 -0
  218. regscale/integrations/commercial/xray.py +91 -0
  219. regscale/integrations/integration/__init__.py +2 -0
  220. regscale/integrations/integration/integration.py +26 -0
  221. regscale/integrations/integration/inventory.py +17 -0
  222. regscale/integrations/integration/issue.py +100 -0
  223. regscale/integrations/integration_override.py +149 -0
  224. regscale/integrations/public/__init__.py +103 -0
  225. regscale/integrations/public/cisa.py +641 -0
  226. regscale/integrations/public/criticality_updater.py +70 -0
  227. regscale/integrations/public/emass.py +411 -0
  228. regscale/integrations/public/emass_slcm_import.py +697 -0
  229. regscale/integrations/public/fedramp/__init__.py +0 -0
  230. regscale/integrations/public/fedramp/appendix_parser.py +548 -0
  231. regscale/integrations/public/fedramp/click.py +479 -0
  232. regscale/integrations/public/fedramp/components.py +714 -0
  233. regscale/integrations/public/fedramp/docx_parser.py +259 -0
  234. regscale/integrations/public/fedramp/fedramp_cis_crm.py +1124 -0
  235. regscale/integrations/public/fedramp/fedramp_common.py +3181 -0
  236. regscale/integrations/public/fedramp/fedramp_docx.py +388 -0
  237. regscale/integrations/public/fedramp/fedramp_five.py +2343 -0
  238. regscale/integrations/public/fedramp/fedramp_traversal.py +138 -0
  239. regscale/integrations/public/fedramp/import_fedramp_r4_ssp.py +279 -0
  240. regscale/integrations/public/fedramp/import_workbook.py +495 -0
  241. regscale/integrations/public/fedramp/inventory_items.py +244 -0
  242. regscale/integrations/public/fedramp/mappings/__init__.py +0 -0
  243. regscale/integrations/public/fedramp/mappings/fedramp_r4_parts.json +7388 -0
  244. regscale/integrations/public/fedramp/mappings/fedramp_r5_params.json +8636 -0
  245. regscale/integrations/public/fedramp/mappings/fedramp_r5_parts.json +9605 -0
  246. regscale/integrations/public/fedramp/mappings/system_roles.py +34 -0
  247. regscale/integrations/public/fedramp/mappings/user.py +175 -0
  248. regscale/integrations/public/fedramp/mappings/values.py +141 -0
  249. regscale/integrations/public/fedramp/markdown_parser.py +150 -0
  250. regscale/integrations/public/fedramp/metadata.py +689 -0
  251. regscale/integrations/public/fedramp/models/__init__.py +59 -0
  252. regscale/integrations/public/fedramp/models/leveraged_auth_new.py +168 -0
  253. regscale/integrations/public/fedramp/models/poam_importer.py +522 -0
  254. regscale/integrations/public/fedramp/parts_mapper.py +107 -0
  255. regscale/integrations/public/fedramp/poam/__init__.py +0 -0
  256. regscale/integrations/public/fedramp/poam/scanner.py +851 -0
  257. regscale/integrations/public/fedramp/properties.py +201 -0
  258. regscale/integrations/public/fedramp/reporting.py +84 -0
  259. regscale/integrations/public/fedramp/resources.py +496 -0
  260. regscale/integrations/public/fedramp/rosetta.py +110 -0
  261. regscale/integrations/public/fedramp/ssp_logger.py +87 -0
  262. regscale/integrations/public/fedramp/system_characteristics.py +922 -0
  263. regscale/integrations/public/fedramp/system_control_implementations.py +582 -0
  264. regscale/integrations/public/fedramp/system_implementation.py +190 -0
  265. regscale/integrations/public/fedramp/xml_utils.py +87 -0
  266. regscale/integrations/public/nist_catalog.py +275 -0
  267. regscale/integrations/public/oscal.py +1946 -0
  268. regscale/integrations/public/otx.py +169 -0
  269. regscale/integrations/scanner_integration.py +2692 -0
  270. regscale/integrations/variables.py +25 -0
  271. regscale/models/__init__.py +7 -0
  272. regscale/models/app_models/__init__.py +5 -0
  273. regscale/models/app_models/catalog_compare.py +213 -0
  274. regscale/models/app_models/click.py +252 -0
  275. regscale/models/app_models/datetime_encoder.py +21 -0
  276. regscale/models/app_models/import_validater.py +321 -0
  277. regscale/models/app_models/mapping.py +260 -0
  278. regscale/models/app_models/pipeline.py +37 -0
  279. regscale/models/click_models.py +413 -0
  280. regscale/models/config.py +154 -0
  281. regscale/models/email_style.css +67 -0
  282. regscale/models/hierarchy.py +8 -0
  283. regscale/models/inspect_models.py +79 -0
  284. regscale/models/integration_models/__init__.py +0 -0
  285. regscale/models/integration_models/amazon_models/__init__.py +0 -0
  286. regscale/models/integration_models/amazon_models/inspector.py +262 -0
  287. regscale/models/integration_models/amazon_models/inspector_scan.py +206 -0
  288. regscale/models/integration_models/aqua.py +247 -0
  289. regscale/models/integration_models/azure_alerts.py +255 -0
  290. regscale/models/integration_models/base64.py +23 -0
  291. regscale/models/integration_models/burp.py +433 -0
  292. regscale/models/integration_models/burp_models.py +128 -0
  293. regscale/models/integration_models/cisa_kev_data.json +19333 -0
  294. regscale/models/integration_models/defender_data.py +93 -0
  295. regscale/models/integration_models/defenderimport.py +143 -0
  296. regscale/models/integration_models/drf.py +443 -0
  297. regscale/models/integration_models/ecr_models/__init__.py +0 -0
  298. regscale/models/integration_models/ecr_models/data.py +69 -0
  299. regscale/models/integration_models/ecr_models/ecr.py +239 -0
  300. regscale/models/integration_models/flat_file_importer.py +1079 -0
  301. regscale/models/integration_models/grype_import.py +247 -0
  302. regscale/models/integration_models/ibm.py +126 -0
  303. regscale/models/integration_models/implementation_results.py +85 -0
  304. regscale/models/integration_models/nexpose.py +140 -0
  305. regscale/models/integration_models/prisma.py +202 -0
  306. regscale/models/integration_models/qualys.py +720 -0
  307. regscale/models/integration_models/qualys_scanner.py +160 -0
  308. regscale/models/integration_models/sbom/__init__.py +0 -0
  309. regscale/models/integration_models/sbom/cyclone_dx.py +139 -0
  310. regscale/models/integration_models/send_reminders.py +620 -0
  311. regscale/models/integration_models/snyk.py +155 -0
  312. regscale/models/integration_models/synqly_models/__init__.py +0 -0
  313. regscale/models/integration_models/synqly_models/capabilities.json +1 -0
  314. regscale/models/integration_models/synqly_models/connector_types.py +22 -0
  315. regscale/models/integration_models/synqly_models/connectors/__init__.py +7 -0
  316. regscale/models/integration_models/synqly_models/connectors/assets.py +97 -0
  317. regscale/models/integration_models/synqly_models/connectors/ticketing.py +583 -0
  318. regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +169 -0
  319. regscale/models/integration_models/synqly_models/ocsf_mapper.py +331 -0
  320. regscale/models/integration_models/synqly_models/param.py +72 -0
  321. regscale/models/integration_models/synqly_models/synqly_model.py +733 -0
  322. regscale/models/integration_models/synqly_models/tenants.py +39 -0
  323. regscale/models/integration_models/tenable_models/__init__.py +0 -0
  324. regscale/models/integration_models/tenable_models/integration.py +187 -0
  325. regscale/models/integration_models/tenable_models/models.py +513 -0
  326. regscale/models/integration_models/trivy_import.py +231 -0
  327. regscale/models/integration_models/veracode.py +217 -0
  328. regscale/models/integration_models/xray.py +135 -0
  329. regscale/models/locking.py +100 -0
  330. regscale/models/platform.py +110 -0
  331. regscale/models/regscale_models/__init__.py +67 -0
  332. regscale/models/regscale_models/assessment.py +570 -0
  333. regscale/models/regscale_models/assessment_plan.py +52 -0
  334. regscale/models/regscale_models/asset.py +567 -0
  335. regscale/models/regscale_models/asset_mapping.py +190 -0
  336. regscale/models/regscale_models/case.py +42 -0
  337. regscale/models/regscale_models/catalog.py +261 -0
  338. regscale/models/regscale_models/cci.py +46 -0
  339. regscale/models/regscale_models/change.py +167 -0
  340. regscale/models/regscale_models/checklist.py +372 -0
  341. regscale/models/regscale_models/comment.py +49 -0
  342. regscale/models/regscale_models/compliance_settings.py +112 -0
  343. regscale/models/regscale_models/component.py +412 -0
  344. regscale/models/regscale_models/component_mapping.py +65 -0
  345. regscale/models/regscale_models/control.py +38 -0
  346. regscale/models/regscale_models/control_implementation.py +1128 -0
  347. regscale/models/regscale_models/control_objective.py +261 -0
  348. regscale/models/regscale_models/control_parameter.py +100 -0
  349. regscale/models/regscale_models/control_test.py +34 -0
  350. regscale/models/regscale_models/control_test_plan.py +75 -0
  351. regscale/models/regscale_models/control_test_result.py +52 -0
  352. regscale/models/regscale_models/custom_field.py +245 -0
  353. regscale/models/regscale_models/data.py +109 -0
  354. regscale/models/regscale_models/data_center.py +40 -0
  355. regscale/models/regscale_models/deviation.py +203 -0
  356. regscale/models/regscale_models/email.py +97 -0
  357. regscale/models/regscale_models/evidence.py +47 -0
  358. regscale/models/regscale_models/evidence_mapping.py +40 -0
  359. regscale/models/regscale_models/facility.py +59 -0
  360. regscale/models/regscale_models/file.py +382 -0
  361. regscale/models/regscale_models/filetag.py +37 -0
  362. regscale/models/regscale_models/form_field_value.py +94 -0
  363. regscale/models/regscale_models/group.py +169 -0
  364. regscale/models/regscale_models/implementation_objective.py +335 -0
  365. regscale/models/regscale_models/implementation_option.py +275 -0
  366. regscale/models/regscale_models/implementation_role.py +33 -0
  367. regscale/models/regscale_models/incident.py +177 -0
  368. regscale/models/regscale_models/interconnection.py +43 -0
  369. regscale/models/regscale_models/issue.py +1176 -0
  370. regscale/models/regscale_models/leveraged_authorization.py +125 -0
  371. regscale/models/regscale_models/line_of_inquiry.py +52 -0
  372. regscale/models/regscale_models/link.py +205 -0
  373. regscale/models/regscale_models/meta_data.py +64 -0
  374. regscale/models/regscale_models/mixins/__init__.py +0 -0
  375. regscale/models/regscale_models/mixins/parent_cache.py +124 -0
  376. regscale/models/regscale_models/module.py +224 -0
  377. regscale/models/regscale_models/modules.py +191 -0
  378. regscale/models/regscale_models/objective.py +14 -0
  379. regscale/models/regscale_models/parameter.py +87 -0
  380. regscale/models/regscale_models/ports_protocol.py +81 -0
  381. regscale/models/regscale_models/privacy.py +89 -0
  382. regscale/models/regscale_models/profile.py +50 -0
  383. regscale/models/regscale_models/profile_link.py +68 -0
  384. regscale/models/regscale_models/profile_mapping.py +124 -0
  385. regscale/models/regscale_models/project.py +63 -0
  386. regscale/models/regscale_models/property.py +278 -0
  387. regscale/models/regscale_models/question.py +85 -0
  388. regscale/models/regscale_models/questionnaire.py +87 -0
  389. regscale/models/regscale_models/questionnaire_instance.py +177 -0
  390. regscale/models/regscale_models/rbac.py +132 -0
  391. regscale/models/regscale_models/reference.py +86 -0
  392. regscale/models/regscale_models/regscale_model.py +1643 -0
  393. regscale/models/regscale_models/requirement.py +29 -0
  394. regscale/models/regscale_models/risk.py +274 -0
  395. regscale/models/regscale_models/sbom.py +54 -0
  396. regscale/models/regscale_models/scan_history.py +436 -0
  397. regscale/models/regscale_models/search.py +53 -0
  398. regscale/models/regscale_models/security_control.py +132 -0
  399. regscale/models/regscale_models/security_plan.py +204 -0
  400. regscale/models/regscale_models/software_inventory.py +159 -0
  401. regscale/models/regscale_models/stake_holder.py +64 -0
  402. regscale/models/regscale_models/stig.py +647 -0
  403. regscale/models/regscale_models/supply_chain.py +152 -0
  404. regscale/models/regscale_models/system_role.py +188 -0
  405. regscale/models/regscale_models/system_role_external_assignment.py +40 -0
  406. regscale/models/regscale_models/tag.py +37 -0
  407. regscale/models/regscale_models/tag_mapping.py +19 -0
  408. regscale/models/regscale_models/task.py +133 -0
  409. regscale/models/regscale_models/threat.py +196 -0
  410. regscale/models/regscale_models/user.py +175 -0
  411. regscale/models/regscale_models/user_group.py +55 -0
  412. regscale/models/regscale_models/vulnerability.py +242 -0
  413. regscale/models/regscale_models/vulnerability_mapping.py +162 -0
  414. regscale/models/regscale_models/workflow.py +55 -0
  415. regscale/models/regscale_models/workflow_action.py +34 -0
  416. regscale/models/regscale_models/workflow_instance.py +269 -0
  417. regscale/models/regscale_models/workflow_instance_step.py +114 -0
  418. regscale/models/regscale_models/workflow_template.py +58 -0
  419. regscale/models/regscale_models/workflow_template_step.py +45 -0
  420. regscale/regscale.py +815 -0
  421. regscale/utils/__init__.py +7 -0
  422. regscale/utils/b64conversion.py +14 -0
  423. regscale/utils/click_utils.py +118 -0
  424. regscale/utils/decorators.py +48 -0
  425. regscale/utils/dict_utils.py +59 -0
  426. regscale/utils/files.py +79 -0
  427. regscale/utils/fxns.py +30 -0
  428. regscale/utils/graphql_client.py +113 -0
  429. regscale/utils/lists.py +16 -0
  430. regscale/utils/numbers.py +12 -0
  431. regscale/utils/shell.py +148 -0
  432. regscale/utils/string.py +121 -0
  433. regscale/utils/synqly_utils.py +165 -0
  434. regscale/utils/threading/__init__.py +8 -0
  435. regscale/utils/threading/threadhandler.py +131 -0
  436. regscale/utils/threading/threadsafe_counter.py +47 -0
  437. regscale/utils/threading/threadsafe_dict.py +242 -0
  438. regscale/utils/threading/threadsafe_list.py +83 -0
  439. regscale/utils/version.py +104 -0
  440. regscale/validation/__init__.py +0 -0
  441. regscale/validation/address.py +37 -0
  442. regscale/validation/record.py +48 -0
  443. regscale/visualization/__init__.py +5 -0
  444. regscale/visualization/click.py +34 -0
  445. regscale_cli-6.16.0.0.dist-info/LICENSE +21 -0
  446. regscale_cli-6.16.0.0.dist-info/METADATA +659 -0
  447. regscale_cli-6.16.0.0.dist-info/RECORD +481 -0
  448. regscale_cli-6.16.0.0.dist-info/WHEEL +5 -0
  449. regscale_cli-6.16.0.0.dist-info/entry_points.txt +6 -0
  450. regscale_cli-6.16.0.0.dist-info/top_level.txt +2 -0
  451. tests/fixtures/__init__.py +2 -0
  452. tests/fixtures/api.py +87 -0
  453. tests/fixtures/models.py +91 -0
  454. tests/fixtures/test_fixture.py +144 -0
  455. tests/mocks/__init__.py +0 -0
  456. tests/mocks/objects.py +3 -0
  457. tests/mocks/response.py +32 -0
  458. tests/mocks/xml.py +13 -0
  459. tests/regscale/__init__.py +0 -0
  460. tests/regscale/core/__init__.py +0 -0
  461. tests/regscale/core/test_api.py +232 -0
  462. tests/regscale/core/test_app.py +406 -0
  463. tests/regscale/core/test_login.py +37 -0
  464. tests/regscale/core/test_logz.py +66 -0
  465. tests/regscale/core/test_sbom_generator.py +87 -0
  466. tests/regscale/core/test_validation_utils.py +163 -0
  467. tests/regscale/core/test_version.py +78 -0
  468. tests/regscale/models/__init__.py +0 -0
  469. tests/regscale/models/test_asset.py +71 -0
  470. tests/regscale/models/test_config.py +26 -0
  471. tests/regscale/models/test_control_implementation.py +27 -0
  472. tests/regscale/models/test_import.py +97 -0
  473. tests/regscale/models/test_issue.py +36 -0
  474. tests/regscale/models/test_mapping.py +52 -0
  475. tests/regscale/models/test_platform.py +31 -0
  476. tests/regscale/models/test_regscale_model.py +346 -0
  477. tests/regscale/models/test_report.py +32 -0
  478. tests/regscale/models/test_tenable_integrations.py +118 -0
  479. tests/regscale/models/test_user_model.py +121 -0
  480. tests/regscale/test_about.py +19 -0
  481. tests/regscale/test_authorization.py +65 -0
regscale/models/integration_models/synqly_models/capabilities.json ADDED
@@ -0,0 +1 @@
1
+ {"result":[{"id":"assets_servicenow","name":"assets_servicenow","fullname":"ServiceNow Configuration Management Database (CMDB)","description":"Configuration for ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for ServiceNow as an Assets Provider","properties":{"credential":{"oneOf":[{"description":"Username and password used to authenticate with ServiceNow. The password can be a token that is generated following [this guide to generate an API token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be Washington D.C. or later.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"ServiceNowCredential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"assets_servicenow"},"url":{"description":"URL for the ServiceNow API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.service-now.com\".","type":"string"}},"required":["credential","type","url"],"title":"ServiceNow CMDB","type":"object"}},{"id":"identity_okta","name":"identity_okta","fullname":"Okta Identity","description":"Configuration for the Okta Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"class_uid","type":"string","operators":["eq"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"status_id","type":"string","operators":["eq"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.type","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"time","type":"date","operators":["eq","gt","gte","lt","lte"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.manager.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.user_status_id","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the Okta Identity Provider","properties":{"credential":{"oneOf":[{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OktaCredential"}},{"description":"Token to authenticate with Okta. Follow [this guide to generate an API token](https://developer.okta.com/docs/guides/create-an-api-token). The token must have access to list records in the system audit log. (Not for production use. Use `o_auth_client` instead)\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"OktaCredential"}}],"title":"OktaCredential","x-synqly-credential":{"extends":["OAuthClientCredential","TokenCredential"],"type":"OktaCredential"}},"type":{"const":"identity_okta"},"url":{"description":"URL for the Okta API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.okta.com\".","type":"string"}},"required":["credential","type","url"],"title":"Okta","type":"object"}},{"id":"siem_q_radar","name":"siem_q_radar","fullname":"QRadar","description":"Configuration for IBM QRadar as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.app_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"count","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"end_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.host","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.port","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.url_string","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_provider","type":"string","operators":["eq"]},{"name":"process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.owner.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"end_time","type":"datetime","operators":["lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"start_time","type":"datetime","operators":["gte"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for IBM QRadar as a SIEM Provider.","properties":{"collection_port":{"description":"The QRadar HTTP Receiver URL, stored as a secret. This URL has a special port in QRadar and is stored in a credential to protect that information. See https://www.youtube.com/watch?v=UEBLVVNpyfg for a demonstration of setting up and mapping and HTTP Receiver in QRadar.","title":"Collection Port","type":"integer"},"credential":{"description":"QRadar authorized service token. Follow [this guide to generate a token](https://www.ibm.com/docs/en/qradar-common?topic=app-creating-authorized-service-token-qradar-operations).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"QRadarCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"QRadarCredential"}},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the QRadar server's TLS certificate.","type":"boolean"},"type":{"const":"siem_q_radar"},"url":{"description":"URL for the QRadar instance. This should be the base URL instance, without any path components and must be HTTPS. For example, \"https://qradar.westus2.cloudapp.azure.com\".","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["collection_port","credential","skip_tls_verify","type","url"],"title":"IBM QRadar","type":"object"}},{"id":"siem_rapid7_insightidr","name":"siem_rapid7_insightidr","fullname":"Rapid7 InsightIDR","description":"Configuration for Rapid7 InsightIDR as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"investigations","type":"","operators":null}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Rapid7 InsightIDR as a SIEM Provider.","properties":{"credential":{"description":"Rapid7 Insight Cloud authentication token. Follow [this guide to generate an API token](https://docs.rapid7.com/insight/managing-platform-api-keys/).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Rapid7InsightCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"siem_rapid7_insightidr"},"url":{"description":"URL for the Rapid7 API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://us2.api.insight.rapid7.com\".","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Rapid7 InsightIDR","type":"object"}},{"id":"ticketing_pagerduty","name":"ticketing_pagerduty","fullname":"PagerDuty Operations Cloud","description":"Configuration for PagerDuty as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","project","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true}],"provider_config":{"description":"Configuration for PagerDuty as a Ticketing Provider","properties":{"credential":{"description":"PagerDuty authentication token. Follow [this guide to generate an REST API token](https://support.pagerduty.com/docs/api-access-keys#rest-api-keys).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"PagerDutyCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PagerDutyCredential"}},"type":{"const":"ticketing_pagerduty"},"url":{"description":"URL for the PagerDuty API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://api.pagerduty.com\".","type":"string"}},"required":["credential","type","url"],"title":"PagerDuty","type":"object"}},{"id":"ticketing_servicenow","name":"ticketing_servicenow","fullname":"ServiceNow IT Service Management (ITSM)","description":"Configuration for ServiceNow as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow as a Ticketing Provider","properties":{"credential":{"oneOf":[{"description":"Username and password used to authenticate with ServiceNow. The password can be a token that is generated following [this guide to generate an API token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be Washington D.C. or later.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"ServiceNowCredential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. If not provided, defaults to the incident table.","nullable":true,"type":"string"},"type":{"const":"ticketing_servicenow"},"url":{"description":"URL for the ServiceNow API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.service-now.com\".","type":"string"}},"required":["credential","type","url"],"title":"ServiceNow ITSM","type":"object"}},{"id":"vulnerabilities_nucleus","name":"vulnerabilities_nucleus","fullname":"Nucleus Vulnerability Management","description":"Configuration for Nucleus as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/assets/{assetId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/findings/{findingId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UpdateFindingRequest"}}}],"provider_config":{"description":"Configuration for Nucleus as a Vulnerabilities Provider","properties":{"credential":{"description":"The Nucleus API key can be generated and copied from the **User Profile** settings, accessible via the avatar in the top-right corner.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"NucleusCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"NucleusCredential"}},"project_id":{"description":"The **project_id** is a string representing a numeric ID (e.g., \"12345\") and can be found in the Nucleus UI by selecting **Global Dashboard** from the left-hand menu, then choosing **All Projects** at the top, where the **Projects** widget lists all projects with their IDs.","pattern":"^\\d+$","title":"Project ID","type":"string"},"type":{"const":"vulnerabilities_nucleus"},"url":{"description":"URL for the Nucleus API. This should be the base URL for the API, without any path components and must be HTTPS, e.g. \"https://{sandbox}.nucleussec.com\" .","pattern":"^https://.*$","title":"Nucleus API URL","type":"string"}},"required":["credential","project_id","type","url"],"title":"Nucleus Vulnerability Management","type":"object"}},{"id":"vulnerabilities_tanium_cloud","name":"vulnerabilities_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tanium Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Tanium™ API authentication tokens allow users to maintain extended sessions with Tanium Cloud, eliminating the need for repeated authentication in long-running workflows that aren't continuously active. Each token is tied to a specific user or persona, authenticating based on their credentials and permissions. Multiple tokens can be created per user or persona, with a configurable expiration period. To avoid workflow disruptions, users should regularly rotate tokens by requesting new ones and revoking the old ones before they expire. For more details on generating, managing, rotating, or revoking an API token, please refer to [this API Token guide](https://help.tanium.com/bundle/ug_console_cloud/page/platform_user/console_api_tokens.html#add_API_tokens). A persona in Tanium is a set of roles and computer groups selected for a session, allowing different restrictions for a user without needing multiple accounts. For example, a user managing endpoints across various countries can have one persona for client maintenance in a specific country and another for security patch installations in only certain computer groups. For more details please refer our [Tanium Authentication Guide](ref:tanium-setup).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TaniumCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"vulnerabilities_tanium_cloud"},"url":{"description":"URL for the Tanium Cloud API. This should be the base URL for the API, without any path components and must be HTTPS, e.g. \"https://\u003ccustomername\u003e-api.cloud.tanium.com\" or \"https://\u003ccustomername\u003e-api.titankube.com\".","pattern":"^https://.*$","title":"Tanium Cloud API URL","type":"string"}},"required":["credential","type","url"],"title":"Tanium Vulnerability Management","type":"object"}},{"id":"edr_sentinelone","name":"edr_sentinelone","fullname":"SentinelOne Singularity™ Endpoint","description":"Configuration for the SentinelOne EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.domain","type":"string","operators":["eq","like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["like"]},{"name":"device.instance_uid","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.mac","type":"string","operators":["like"]},{"name":"device.name","type":"string","operators":["eq","like"]},{"name":"device.os.name","type":"string","operators":["like"]},{"name":"device.os.type","type":"string","operators":["eq","like"]},{"name":"device.os.version","type":"string","operators":["like"]},{"name":"device.type","type":"string","operators":["eq","like"]},{"name":"device.uid","type":"string","operators":["eq","like"]},{"name":"status","type":"string","operators":["eq","like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref","type":"string","operators":["like"]},{"name":"description","type":"string","operators":["like"]},{"name":"extensions.accountIds","type":"string","operators":["eq"]},{"name":"extensions.batchId","type":"string","operators":["eq"]},{"name":"extensions.category","type":"string","operators":["eq"]},{"name":"extensions.externalId","type":"string","operators":["eq"]},{"name":"extensions.groupIds","type":"string","operators":["eq"]},{"name":"extensions.sideIds","type":"string","operators":["eq"]},{"name":"extensions.source","type":"string","operators":["eq"]},{"name":"extensions.uploadTime","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"name","type":"string","operators":["like"]},{"name":"pattern","type":"string","operators":["eq"]},{"name":"value","type":"string","operators":["eq"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.groups.uid","type":"string","operators":["eq"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.id","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"malware.classifications","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the SentinelOne EDR Provider","properties":{"credential":{"description":"SentinelOne API token for authentication. Follow the API DOC overview once logged into your SentinelOne Management URL, \"https://your_management_url/docs/en/generating-api-tokens.html\".","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SentinelOneCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneCredential"}},"type":{"const":"edr_sentinelone"},"url":{"description":"URL for the SentinelOne Management API. This should be the base URL for the API, without any path components. For example, \"https://your_management_url\".","type":"string"}},"required":["credential","type","url"],"title":"SentinelOne EDR","type":"object"}},{"id":"notifications_mock_notifications","name":"notifications_mock_notifications","fullname":"Notifications Test","description":"Configuration for the Mock in-memory notification handler. This provider is for testing purposes only.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Mock in-memory notification handler. This provider is for testing purposes only.","properties":{"channel":{"description":"The channel to send notifications to.","nullable":true,"type":"string"},"type":{"const":"notifications_mock_notifications"}},"required":["type"],"title":"Notifications Test","type":"object"}},{"id":"notifications_teams","name":"notifications_teams","fullname":"Microsoft Teams","description":"Configuration for sending messages to Microsoft Teams. This provider can be configured as a public webhook or with OAuth.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for sending messages to Microsoft Teams. This provider can be configured as a public webhook or with OAuth.","properties":{"channel_id":{"description":"The ID of the channel to send messages to.","type":"string"},"credential":{"oneOf":[{"description":"Azure OAuth 2.0 Client ID and Client Secret for an Azure App Registration. Follow [this guide to generate an API token](https://learn.microsoft.com/en-us/connectors/azureadapplications/). The application must be configured with permissions to access Microsoft Power Automate with user delegation.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TeamsCredential"}},{"description":"Public Webhook URL used to authenticate with Teams.","properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"webhook_url"}},"required":["secret","type"],"title":"SecretCredential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"TeamsCredential"}}],"title":"TeamsCredential","x-synqly-credential":{"extends":["OAuthClientCredential","SecretCredential"],"type":"TeamsCredential"}},"endpoint":{"description":"The URL of the endpoint to send messages to. Only specified here if OAuth. For public, please refer to TeamsCredential.","nullable":true,"type":"string"},"team_id":{"description":"The ID of the team to send messages to.","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID. Only if OAuth is used.","nullable":true,"type":"string"},"type":{"const":"notifications_teams"}},"required":["channel_id","credential","team_id","type"],"title":"Microsoft Teams","type":"object"}},{"id":"siem_google_chronicle","name":"siem_google_chronicle","fullname":"Google Chronicle","description":"Configuration for Google Chronicle as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Chronicle as a SIEM Provider.","properties":{"ingestion_credential":{"description":"Optional ingestion credential. Without this credential the provider will not be able to ingest events.","nullable":true,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"GoogleChronicleCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"ingestion_url":{"description":"(Optional) Ingestion URL for the Google Chronicle instance. This should be the base event ingestion URL, without any path components. Default \"https://malachiteingestion-pa.googleapis.com\"","nullable":true,"pattern":"^https://.*$","title":"Ingestion API URL","type":"string"},"search_credential":{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Siem Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"GoogleChronicleCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"search_url":{"description":"Search URL for the Google Chronicle instance. This should be the base event search URL, without any path components. Default \"https://backstory.googleapis.com\".","nullable":true,"pattern":"^https://.*$","title":"Search API URL","type":"string"},"type":{"const":"siem_google_chronicle"}},"required":["search_credential","type"],"title":"Google Chronicle","type":"object"}},{"id":"assets_servicenow_mock","name":"assets_servicenow_mock","fullname":"[MOCK] ServiceNow Configuration Management Database (CMDB)","description":"[Mock] Configuration for ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","supported":false}],"provider_config":{"description":"[Mock] Configuration for ServiceNow as an Assets Provider","properties":{"mock":{"description":"Enabled mock provider configuration.","type":"boolean"},"type":{"const":"assets_servicenow_mock"}},"required":["mock","type"],"title":"Assets_ServiceNow_Mock","type":"object"}},{"id":"edr_defender","name":"edr_defender","fullname":"Microsoft Defender for Endpoint","description":"Configuration for the Microsoft Defender EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq","in","ne"]},{"name":"analytic.category","type":"string","operators":["eq","in","ne"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq","in","ne"]},{"name":"metadata.uid","type":"string","operators":["eq","in","ne"]},{"name":"severity","type":"string","operators":["eq","in","ne"]},{"name":"status","type":"string","operators":["eq","in","ne"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_time_seen","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.risk_level","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"enrichments.reputation.score","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.product.version","type":"string","operators":["eq","ne","like","not_like"]},{"name":"risk_level_id","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_code","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_detail","type":"string","operators":["eq","ne","like","not_like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"string","operators":["eq","in"]},{"name":"created_by_ref.Id","type":"string","operators":["eq","in"]},{"name":"created_by_ref.name","type":"string","operators":["eq","in"]},{"name":"extensions.action","type":"string","operators":["eq","in"]},{"name":"extensions.alert","type":"string","operators":["eq","in"]},{"name":"extensions.application","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupIds","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupNames","type":"string","operators":["eq","in"]},{"name":"extensions.severity","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"pattern","type":"string","operators":["eq","in"]},{"name":"pattern_type","type":"string","operators":["eq","in"]},{"name":"valid_until","type":"string","operators":["eq","in"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.modified_time","type":"datetime","operators":["lt","gt"]},{"name":"status","type":"string","operators":["lt","gt","eq","in"]}]}],"provider_config":{"description":"Configuration for the Microsoft Defender EDR Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"DefenderCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"tenant_id":{"description":"TenantId for the Microsoft Defender Management Console.","type":"string"},"type":{"const":"edr_defender"},"url":{"default":"https://api-us.securitycenter.windows.com","description":"URL for the Microsoft Defender Management Console.","type":"string"}},"required":["credential","tenant_id","type","url"],"title":"Defender EDR","type":"object"}},{"id":"identity_google","name":"identity_google","fullname":"Google Workspace","description":"Configuration for the Google Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","supported":false},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true}],"provider_config":{"description":"Configuration for the Google Identity Provider","properties":{"client_email":{"description":"The client email associated with the service account key. Typically this will be of the form `\u003cservice-account-name\u003e@\u003cproject-id\u003e.iam.gserviceaccount.com`.","type":"string"},"credential":{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"GoogleCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleCredential"}},"delegate":{"description":"The email address of the user that the service account is impersonating for domain-wide delegation. For more information, see [this Google support article](https://support.google.com/a/answer/162106).","type":"string"},"type":{"const":"identity_google"}},"required":["client_email","credential","delegate","type"],"title":"Google Workspace","type":"object"}},{"id":"sink_aws_security_lake","name":"sink_aws_security_lake","fullname":"AWS Security Lake","description":"Configuration for AWS Security Lake provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for AWS Security Lake provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.","properties":{"credential":{"description":"AWS access key to authenticate with AWS. Access keys are long-term credentials for an IAM user and consist of an ID and secret. This token pair must have write access to the configured S3 bucket. You may optionally provide a session token if you are using temporary credentials.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsSecurityLakeCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSecurityLakeCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"type":"string"},"type":{"const":"sink_aws_security_lake"},"url":{"description":"URL of the S3 bucket where the AWS Security Lake events are stored.","type":"string"}},"required":["credential","type","url"],"title":"AWS Security Lake","type":"object"}},{"id":"sink_splunk","name":"sink_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a Sink provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC).\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Splunk as a Sink provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC).","properties":{"hec_credential":{"description":"Credential ID that stores a Splunk HTTP endpoint collector token. Follow [this guide to generate an API token](https://docs.splunk.com/Documentation/Splunk/8.1.3/Data/UsetheHTTPEventCollector#Authentication). The token must have access to the configured data collection endpoint.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkHECToken","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. This must include the full path to the HEC endpoint. For example, \"https://tenant.cloud.splunk.com:8088/services_collector_event\".","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Splunk server's TLS certificate.","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided, will use the default source for the Splunk collector.","nullable":true,"type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided, will use the default source type for the Splunk collector.","nullable":true,"type":"string"},"type":{"const":"sink_splunk"}},"required":["hec_credential","hec_url","skip_tls_verify","type"],"title":"Splunk","type":"object"}},{"id":"storage_aws_s3","name":"storage_aws_s3","fullname":"AWS S3","description":"Configuration for AWS S3 as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for AWS S3 as a Storage Provider","properties":{"bucket":{"description":"Name of the AWS S3 bucket where files are stored.","type":"string"},"credential":{"description":"AWS access key to authenticate with AWS. Access keys are long-term credentials for an IAM user and consist of an ID and secret. This token pair must have read and write access to the configured AWS S3 bucket. You may optionally provide a session token if you are using temporary credentials.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsS3Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"endpoint":{"description":"Endpoint used for connecting to the external service. If not provided, will connect to the default endpoint for the Provider.","nullable":true,"type":"string"},"region":{"description":"AWS region where the S3 bucket is located.","type":"string"},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_aws_s3"}},"required":["bucket","credential","region","type"],"title":"AWS S3","type":"object"}},{"id":"storage_azure_blob","name":"storage_azure_blob","fullname":"Microsoft Azure Blob Storage","description":"Configuration for Azure Blob Storage as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Azure Blob Storage as a Storage Provider","properties":{"bucket":{"description":"Name of the blob container where files are stored.","type":"string"},"credential":{"description":"Azure token for authentication. Follow [this guide to generate an API token](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal). The token must have access to the configured blob container.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"AzureBlobCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureBlobCredential"}},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_azure_blob"}},"required":["bucket","credential","type"],"title":"Azure Blob Storage","type":"object"}},{"id":"vulnerabilities_tenable_cloud","name":"vulnerabilities_tenable_cloud","fullname":"Tenable Vulnerability Management","description":"Configuration for Tenable Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tenable Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Tenable Cloud authentication token. Follow [this guide to generate an API token](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm). Secret must be of the form accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TenableCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TenableCloudCredential"}},"type":{"const":"vulnerabilities_tenable_cloud"},"url":{"default":"https://cloud.tenable.com","description":"URL for the Tenable Cloud API. This should be the base URL for the API, without any path components and must be HTTPS. If not provided, defaults to \"https://cloud.tenable.com\".","nullable":true,"pattern":"^https://.*$","title":"Tenable Cloud API URL","type":"string"}},"required":["credential","type"],"title":"Tenable Vulnerability Management","type":"object"}},{"id":"assets_nozomi_vantage","name":"assets_nozomi_vantage","fullname":"Nozomi Vantage","description":"Configuration for the Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"stringProcessMap(\"name\")","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"integer","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the Nozomi Vantage provider","properties":{"credential":{"description":"This is your API key name and secret value of your Nozomi Vantage API token. The token name\nis supplied as the 'username' while the token secret value is supplied as the 'secret'.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"NozomiVantageCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"NozomiVantageCredential"}},"type":{"const":"assets_nozomi_vantage"},"url":{"description":"URL for the Nozomi Vantage API. This should be the base URL for the API, without any path components. For example, \"https://tenant.us1.vantage.nozominetworks.io\".","type":"string"}},"required":["credential","type","url"],"title":"Nozomi Vantage","type":"object"}},{"id":"identity_entra_id","name":"identity_entra_id","fullname":"Microsoft Entra ID","description":"Configuration for the Microsoft Entra ID Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","supported":false},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true}],"provider_config":{"description":"Configuration for the Microsoft Entra ID Identity Provider","properties":{"credential":{"description":"Azure OAuth 2.0 Client ID and Client Secret for a Synqly Identity Connector API service principal. Follow [this guide to generate an API token](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal). The application must be configured with permissions to access the user, group, and audit log graph APIs.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"EntraIdCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"EntraIdCredential"}},"tenant_id":{"description":"Azure Directory (tenant) ID.","type":"string"},"type":{"const":"identity_entra_id"},"url":{"description":"Optional URL override for the Microsoft Graph API. This should be the base URL for the API without any path components.","nullable":true,"type":"string"}},"required":["credential","tenant_id","type"],"title":"Microsoft Entra ID","type":"object"}},{"id":"sink_aws_sqs","name":"sink_aws_sqs","fullname":"AWS Simple Queue Service","description":"Configuration for AWS Simple Queue Service (SQS) as a Sink Provider.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for AWS Simple Queue Service (SQS) as a Sink Provider.","properties":{"credential":{"description":"Credential ID that stores AWS authentication key and secret. This token pair must have write access to the configured SQS queue","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsSQSCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSQSCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"type":"string"},"type":{"const":"sink_aws_sqs"},"url":{"description":"URL of the SQS queue where events are sent. Must be in the format `https://sqs.{region}.amazonaws.com_{account_id}/{queue_name}`.","type":"string"}},"required":["credential","type","url"],"title":"AWS SQS","type":"object"}},{"id":"sink_mock_sink","name":"sink_mock_sink","fullname":"Sink Test","description":"Configuration for the Synqly mock in-memory sink handler. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory sink handler. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"destination":{"description":"Name of the destination where events are stored. This property is unused.","nullable":true,"type":"string"},"type":{"const":"sink_mock_sink"}},"required":["type"],"title":"Sink Test","type":"object"}},{"id":"sink_azure_monitor_logs","name":"sink_azure_monitor_logs","fullname":"Microsoft Azure Monitor Logs","description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.","properties":{"client_id":{"description":"Azure Client (Application) ID.","type":"string"},"credential":{"description":"Azure token for authentication. Follow [this guide to generate an API token](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal). The token must have access to the configured data collection endpoint.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"AzureMonitorLogsCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureMonitorLogsCredential"}},"rule_id":{"description":"Data collection rule immutable ID.","type":"string"},"stream_name":{"description":"Name of the Data collection rule stream.","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID.","type":"string"},"type":{"const":"sink_azure_monitor_logs"},"url":{"description":"URL of the Azure data collection endpoint.","type":"string"}},"required":["client_id","credential","rule_id","stream_name","tenant_id","type","url"],"title":"Azure Monitor Logs","type":"object"}},{"id":"storage_gcs","name":"storage_gcs","fullname":"Google Cloud Storage","description":"Configuration for Google Cloud Storage for storing unstructured data","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Google Cloud Storage for storing unstructured data","properties":{"bucket":{"description":"Name of the bucket where files are stored.","type":"string"},"credential":{"description":"AWS-type credential that stores [Hash-based message authentication code (HMAC) keys](https://cloud.google.com/storage/docs/authentication/hmackeys) with write access to the GCS bucket.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"GCSCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"GCSCredential"}},"region":{"description":"Google Cloud region where the bucket is located.","type":"string"},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_gcs"}},"required":["bucket","credential","region","type"],"title":"Google Cloud Storage","type":"object"}},{"id":"ticketing_jira","name":"ticketing_jira","fullname":"Atlassian Jira","description":"Configuration for Jira as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Jira as a Ticketing Provider","properties":{"credential":{"description":"Username and password used to authenticate with Jira. The password can be a token that is generated following [this guide to generate an API token](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"JiraCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"default_project":{"description":"Default Project for the integration.","nullable":true,"type":"string"},"type":{"const":"ticketing_jira"},"url":{"description":"URL for the Jira API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.atlassian.net\".","type":"string"}},"required":["credential","type","url"],"title":"Jira","type":"object"}},{"id":"siem_sentinel","name":"siem_sentinel","fullname":"Microsoft Sentinel","description":"Configuration for Microsoft Sentinel SIEM Product.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Microsoft Sentinel SIEM Product.","properties":{"credential":{"description":"OAuth 2.0 client credentials for authenticating with Microsoft Sentinel. The application registration must have \nappropriate permissions to read and write to Microsoft Sentinel. Required permissions include:\n- Microsoft.OperationalInsights/workspaces/read\n- Microsoft.OperationalInsights/workspaces/write\n- Microsoft.SecurityInsights/dataConnectors/*\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"SentinelCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SentinelCredential"}},"default_tables":{"default":["_Im_AuditEvent","_Im_Authentication","_Im_DhcpEvent","_Im_Dns","_Im_DnsBuiltIn","_Im_FileEvent","_Im_NetworkSession","_Im_Process_EmptyV01","_Im_ProcessCreate","_Im_ProcessEvent","_Im_ProcessTerminate","_Im_RegistryEvent","_Im_UserManagement","_Im_WebSession"],"description":"The default tables to use for queries. Supply this value if you would like to a subset of the default tables or non-ASIM data tables with Sentinel/Log Analytics queries. If more than one table is specified, a union operator will join them to query all of the tables at once. Supply a single value with \"_\" if you would like to query all tables without the normalizing ASIM transformations. **Note** that a single \"_\" entry will map to a 'union \\*' query. Relying heavily on these queries is generally discouraged by Sentinel because they are slower and more resource intensive.","items":{"type":"string"},"nullable":true,"type":"array"},"logs_url":{"default":"https://api.loganalytics.azure.com","description":"The root URL for the Microsoft Azure Monitor Logs API. This is optional and should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"type":"string"},"management_url":{"default":"https://management.azure.com","description":"The root URL for the Microsoft Azure Management API. This is optional and should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"type":"string"},"resource_group":{"description":"The Azure resource group name that contains the Microsoft Sentinel workspace.","type":"string"},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Sentinel workspace.","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Sentinel workspace.","type":"string"},"type":{"const":"siem_sentinel"},"workspace_id":{"description":"The ID of the Microsoft Sentinel Log Analytics workspace.","type":"string"},"workspace_name":{"description":"The name of the Microsoft Sentinel Log Analytics workspace.","type":"string"}},"required":["credential","resource_group","subscription_id","tenant_id","type","workspace_id","workspace_name"],"title":"Microsoft Sentinel","type":"object"}},{"id":"sink_elasticsearch","name":"sink_elasticsearch","fullname":"Elastic","description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments","properties":{"auth_options":{"description":"Options used to control how requests are made to elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"When you have the correct permissions, this allows API requests to get made as a specific user, with all of their roles and permissions. When populated, this option will send the 'es-security-runas-user' header with every request made to the Elasticsearch API.","nullable":true,"type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated, it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"ElasticsearchSharedSecret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Elasticsearch Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events.","type":"string"},"credential":{"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. When possible use an API key or oAuth credentials instead\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Configuration with credentials and connection data for an IdP that has been configured for use as a [JWT realm in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html). There are also [specific instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html). This configuration requires a token URL for the 3rd party identity provider. If you need to send specific scopes during the client credentials OAuth flow, specify them in the 'extra' configuration as a list of strings under the 'scopes' key.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"ElasticsearchCredential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Elasticsearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"sink_elasticsearch"},"url":{"description":"URL for the Elasticsearch API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.elastic.com\".","type":"string"}},"required":["create_index","credential","type","url"],"title":"Elasticsearch","type":"object"}},{"id":"vulnerabilities_rapid7_insight_cloud","name":"vulnerabilities_rapid7_insight_cloud","fullname":"Rapid7 Insight Vulnerability Management Cloud","description":"Configuration for Rapid7 Insight Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Rapid7 Insight Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Rapid7 Insight Cloud authentication token. Follow [this guide to generate an API token](https://docs.rapid7.com/insight/managing-platform-api-keys/).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Rapid7InsightCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"vulnerabilities_rapid7_insight_cloud"},"url":{"description":"URL for the Rapid7 API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://us2.api.insight.rapid7.com\".","type":"string"}},"required":["credential","type","url"],"title":"Rapid7 InsightVM Cloud","type":"object"}},{"id":"assets_armis_centrix","name":"assets_armis_centrix","fullname":"Armis Centrix™ for Asset Management and Security","description":"Configuration for the Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"name","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for the Armis Centrix Assets Provider","properties":{"credential":{"description":"This credential must be an API Secret Key. Generate this key in the UI console by navigating to \"Settings\", then \"API Management\".","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"ArmisCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ArmisCredential"}},"type":{"const":"assets_armis_centrix"},"url":{"description":"URL for the Armis Centrix API. This should be the base URL for the API, without any path components. For example, \"https://tenant.armis.com\".","type":"string"}},"required":["credential","type","url"],"title":"Armis Centrix","type":"object"}},{"id":"edr_sophos","name":"edr_sophos","fullname":"Sophos EDR","description":"Configuration for the Sophos EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.title","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.uid","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"product.path","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.type","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"device.uid","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"first_seen_time","type":"datetime","operators":["eq"]},{"name":"last_seen_time","type":"datetime","operators":["eq"]},{"name":"status","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"status_detail","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"time","type":"datetime","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq"]},{"name":"attacks.tactics.name","type":"string","operators":["eq"]},{"name":"device.first_seen_time","type":"datetime","operators":["eq"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.location","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"hostname","type":"string","operators":["eq"]},{"name":"metadata.product.name","type":"string","operators":["eq"]},{"name":"risk_score","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"type_name","type":"string","operators":["eq"]},{"name":"vendor_name","type":"string","operators":["eq"]},{"name":"vulnerabilities.title","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Sophos EDR Provider","properties":{"credential":{"description":"Docs for setting up oAuth - https://developer.sophos.com/intro#getting-started","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"SophosCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SophosCredential"}},"type":{"const":"edr_sophos"},"url":{"default":"https://api.central.sophos.com","description":"Optional root domain where your Sophos tenant is located.","nullable":true,"type":"string"}},"required":["credential","type"],"title":"Sophos EDR","type":"object"}},{"id":"notifications_jira","name":"notifications_jira","fullname":"Atlassian Jira","description":"Configuration for Jira as a Notification Provider","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for Jira as a Notification Provider","properties":{"credential":{"description":"Username and password used to authenticate with Jira. The password can be a token that is generated following [this guide to generate an API token](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"JiraCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"type":{"const":"notifications_jira"},"url":{"description":"URL for the Jira API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.atlassian.net\".","type":"string"}},"required":["credential","type","url"],"title":"Jira","type":"object"}},{"id":"notifications_slack","name":"notifications_slack","fullname":"Slack","description":"Configuration for the Slack Notification Provider","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Slack Notification Provider","properties":{"channel":{"description":"The channel to send notifications to. Should be the ID of the desired channel.","type":"string"},"credential":{"description":"Slack authentication token. Follow [this guide to generate an API token](https://api.slack.com/concepts/token-types#bot). The token must have access to the configured channel.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SlackCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SlackCredential"}},"type":{"const":"notifications_slack"},"url":{"default":"https://slack.com/api/chat.postMessage","description":"Optional URL override for the Slack API. This should include the full path to the API endpoint.","nullable":true,"type":"string"}},"required":["channel","credential","type"],"title":"Slack","type":"object"}},{"id":"ticketing_torq","name":"ticketing_torq","fullname":"Torq","description":"Configuration for Torq as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","status","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","in"]},{"name":"created_at","type":"datetime","operators":["gte","lte","gt","lt"]},{"name":"issue_type","type":"string","operators":["eq","in"]},{"name":"priority","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","in"]},{"name":"tags","type":"string","operators":["eq","in"]},{"name":"text","type":"string","operators":["like"]}]}],"provider_config":{"description":"Configuration for Torq as a Ticketing Provider","properties":{"credential":{"description":"Client ID for the Torq REST API. [Torq API key generation documentation](https://learn.torq.io/apidocs/authentication).","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"TorqCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TorqCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"type":{"const":"ticketing_torq"}},"required":["credential","type"],"title":"Torq","type":"object"}},{"id":"vulnerabilities_crowdstrike","name":"vulnerabilities_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as a Vulnerabilities Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"CrowdStrikeCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"vulnerabilities_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"type":"string"}},"required":["credential","type"],"title":"CrowdStrike Spotlight","type":"object"}},{"id":"vulnerabilities_qualys_cloud","name":"vulnerabilities_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"credential":{"description":"Qualys Cloud username and password used to authenticate with Qualys Cloud.","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"QualysCloudCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"vulnerabilities_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://qualysguard.qg4.apps.qualys.com\".","type":"string"}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"}},{"id":"identity_pingone","name":"identity_pingone","fullname":"PingOne Cloud Platform","description":"Configuration for the PingOne Identity Platform","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true}],"provider_config":{"description":"Configuration for the PingOne Identity Platform","properties":{"auth_url":{"description":"The URL base for making authentication requests to PingOne.","type":"string"},"client_id":{"description":"The client ID for the application set up as a worker.","type":"string"},"credential":{"description":"Client application secret for a worker app. See [these instructions](https://apidocs.pingidentity.com/pingone/tutorial/v1/api/#create-an-admin-worker-app-connection) for help creating a worker application.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"PingOneCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PingOneCredential"}},"organization_id":{"description":"The organization ID that the client app is a part of.","type":"string"},"type":{"const":"identity_pingone"},"url":{"description":"URL for the PingOne API. This should be the base URL for the API, without any path components.","type":"string"}},"required":["auth_url","client_id","credential","organization_id","type","url"],"title":"PingOne Identity","type":"object"}},{"id":"siem_mock_siem","name":"siem_mock_siem","fullname":"SIEM Test","description":"Configuration for the Synqly mock in-memory SIEM handler. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","supported":false}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM handler. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"index":{"description":"Name of the index where events are stored.","nullable":true,"type":"string"},"type":{"const":"siem_mock_siem"}},"required":["type"],"title":"SIEM Test","type":"object"}},{"id":"siem_sumo_logic","name":"siem_sumo_logic","fullname":"Sumo Logic Cloud SIEM","description":"Configuration for Sumo Logic Cloud SIEM.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Sumo Logic Cloud SIEM.","properties":{"auto_parse_logs":{"default":true,"description":"Automatically parse logs as JSON when running log queries against Sumo Logic.","nullable":true,"title":"Auto Parse Logs","type":"boolean"},"collection_url":{"description":"Required if you need to send Sumo Logic events from the Synqly API.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"SumoLogicCollectionUrl","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SumoLogicCollectionUrl"}},"credential":{"description":"Your Access ID and Access Key. See https://help.sumologic.com/docs/api/getting-started/#authentication for information on generating these values.","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"SumoLogicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"SumoLogicCredential"}},"siem_logs_only":{"default":false,"description":"Only query for logs that have been processed into the Sumo Logic Cloud SIEM app.","nullable":true,"title":"SIEM Logs Only","type":"boolean"},"type":{"const":"siem_sumo_logic"},"url":{"description":"Your Sumo Logic API endpoint. See https://help.sumologic.com/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security for help determining which base URL to use.","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Sumo Logic Cloud SIEM","type":"object"}},{"id":"sink_crowdstrike_hec","name":"sink_crowdstrike_hec","fullname":"Crowdstrike HEC","description":"Configuration for Crowdstrike HEC as a Sink Provider","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Crowdstrike HEC as a Sink Provider","properties":{"credential":{"description":"Crowdstrike HEC api-key","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"CrowdstrikeHECCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"type":{"const":"sink_crowdstrike_hec"},"url":{"description":"API URL for the CrowdStrike HEC API. This must be an HTTPS URL, for example \"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector\".","pattern":"^https://.*$","title":"Crowdstrike HEC API URL","type":"string"}},"required":["credential","type","url"],"title":"Crowdstrike HEC","type":"object"}},{"id":"ticketing_mock_ticketing","name":"ticketing_mock_ticketing","fullname":"Ticketing Test","description":"Configuration for the Synqly mock in-memory ticketing handler. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary","assignee"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"id","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]}]}],"provider_config":{"description":"Configuration for the Synqly mock in-memory ticketing handler. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","properties":{"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"name":{"description":"Optional name of the mock provider. This value is unused.","nullable":true,"type":"string"},"type":{"const":"ticketing_mock_ticketing"}},"required":["type"],"title":"Ticketing Test","type":"object"}},{"id":"edr_crowdstrike","name":"edr_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"attacks.tactic.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.tactic.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"comment","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid_alt","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.feature.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.loggers.logged_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"risk_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"vulnerabilities.desc","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"vulnerabilities.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"metadata.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"product.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.path","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"product.vendor_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_ver","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.chassis","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.instance_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref.id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.expired","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.host_groups","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.mobile_action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.modified_by","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.platforms","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"labels","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"pattern","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"pattern_type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"valid_until","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.md5","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.sha256","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.product_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike EDR Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"CrowdStrikeCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"edr_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"type":"string"}},"required":["credential","type"],"title":"CrowdStrike EDR","type":"object"}},{"id":"siem_elasticsearch","name":"siem_elasticsearch","fullname":"Elastic SIEM","description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments","properties":{"auth_options":{"description":"Options used to control how requests are made to elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"When you have the correct permissions, this allows API requests to get made as a specific user, with all of their roles and permissions. When populated, this option will send the 'es-security-runas-user' header with every request made to the Elasticsearch API.","nullable":true,"type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated, it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"ElasticsearchSharedSecret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Elasticsearch Authentication Options","type":"object"},"create_index":{"description":"Optional. The index or data stream to use when writing events. Defaults to the 'index' setting if not set.","nullable":true,"type":"string"},"credential":{"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. When possible use an API key or oAuth credentials instead\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Configuration with credentials and connection data for an IdP that has been configured for use as a [JWT realm in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html). There are also [specific instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html). This configuration requires a token URL for the 3rd party identity provider. If you need to send specific scopes during the client credentials OAuth flow, specify them in the 'extra' configuration as a list of strings under the 'scopes' key.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"ElasticsearchCredential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"index":{"default":"_all","description":"Optional. The index, data stream, or index alias to read events from.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Elasticsearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"siem_elasticsearch"},"url":{"description":"URL for the Elasticsearch API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.elastic.com\".","type":"string"}},"required":["credential","type","url"],"title":"Elasticsearch","type":"object"}},{"id":"siem_splunk","name":"siem_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a SIEM Provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC). Additionally, it can be used to query Splunk using the Splunk Search Service.\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"auth_protocol","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"http_request.user_agent","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.event_code","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.processed_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"session.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Splunk as a SIEM Provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC). Additionally, it can be used to query Splunk using the Splunk Search Service.","properties":{"hec_credential":{"description":"Credential ID that stores a Splunk HTTP endpoint collector token. Follow [this guide to generate an API token](https://docs.splunk.com/Documentation/Splunk/8.1.3/Data/UsetheHTTPEventCollector#Authentication). The token must have access to the configured data collection endpoint.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkHECToken","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. This must include the full path to the HEC endpoint. For example, \"https://tenant.cloud.splunk.com:8088/services_collector_event\".","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"type":"string"},"search_service_credential":{"description":"Optional id of a credential used for connecting to the Splunk search service. If not provided, querying is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkSearchCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkSearchCredential"}},"search_service_url":{"description":"Optional URL used for connecting to the Splunk search service. If not provided, querying is disabled.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Splunk server's TLS certificate.","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided, will use the default source for the Splunk collector.","nullable":true,"type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided, will use the default source type for the Splunk collector.","nullable":true,"type":"string"},"type":{"const":"siem_splunk"}},"required":["hec_credential","hec_url","skip_tls_verify","type"],"title":"Splunk","type":"object"}},{"id":"storage_mock_storage","name":"storage_mock_storage","fullname":"Storage Test","description":"Configuration for the Synqly mock in-memory storage handler. This provider is for testing purposes only and does not retain files pushed to it.","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory storage handler. This provider is for testing purposes only and does not retain files pushed to it.","properties":{"bucket":{"description":"Name of the bucket where files are stored.","type":"string"},"type":{"const":"storage_mock_storage"}},"required":["bucket","type"],"title":"Storage Test","type":"object"}}]}