regscale-cli 6.20.3.0__py3-none-any.whl → 6.20.4.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (22) hide show
  1. regscale/__init__.py +1 -1
  2. regscale/integrations/commercial/__init__.py +1 -0
  3. regscale/integrations/commercial/jira.py +35 -16
  4. regscale/integrations/commercial/qualys/__init__.py +298 -28
  5. regscale/integrations/commercial/qualys/qualys_error_handler.py +519 -0
  6. regscale/integrations/commercial/qualys/scanner.py +222 -97
  7. regscale/integrations/commercial/synqly/assets.py +11 -1
  8. regscale/integrations/commercial/synqly/edr.py +4 -4
  9. regscale/integrations/commercial/synqly/ticketing.py +1 -1
  10. regscale/integrations/commercial/synqly/vulnerabilities.py +2 -2
  11. regscale/integrations/public/fedramp/fedramp_cis_crm.py +72 -42
  12. regscale/models/app_models/import_validater.py +20 -2
  13. regscale/models/integration_models/cisa_kev_data.json +97 -9
  14. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  15. regscale/models/integration_models/synqly_models/param.py +1 -1
  16. regscale/models/regscale_models/task.py +0 -1
  17. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/METADATA +13 -9
  18. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/RECORD +22 -21
  19. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/LICENSE +0 -0
  20. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/WHEEL +0 -0
  21. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/entry_points.txt +0 -0
  22. {regscale_cli-6.20.3.0.dist-info → regscale_cli-6.20.4.0.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/synqly_models/capabilities.json CHANGED
@@ -1 +1 @@
1
- {"result":[{"id":"siem_splunk","name":"siem_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a SIEM Provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC). Additionally, it can be used to query Splunk using the Splunk Search Service.\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"auth_protocol","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"http_request.user_agent","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.event_code","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"metadata.processed_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"session.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Splunk as a SIEM Provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC). Additionally, it can be used to query Splunk using the Splunk Search Service.","properties":{"hec_credential":{"description":"Optional token credential to use for connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkHECToken","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. This must include the full path to the HEC endpoint. For example, \"https://tenant.cloud.splunk.com:8088/services_collector_event\".","nullable":true,"type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"type":"string"},"search_service_credential":{"description":"Token credential used for connecting to the Splunk search service.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkSearchCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkSearchCredential"}},"search_service_url":{"description":"URL used for connecting to the Splunk search service.","type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Splunk server's TLS certificate.","nullable":true,"type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided, will use the default source for the Splunk collector.","nullable":true,"type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided, will use the default source type for the Splunk collector.","nullable":true,"type":"string"},"type":{"const":"siem_splunk"}},"required":["search_service_credential","search_service_url","type"],"title":"Splunk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_azure_blob","name":"storage_azure_blob","fullname":"Microsoft Azure Blob Storage","description":"Configuration for Azure Blob Storage as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Azure Blob Storage as a Storage Provider","properties":{"bucket":{"description":"Name of the blob container where files are stored.","type":"string"},"credential":{"description":"Azure token for authentication. Follow [this guide to generate an API token](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal). The token must have access to the configured blob container.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"AzureBlobCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureBlobCredential"}},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_azure_blob"}},"required":["bucket","credential","type"],"title":"Azure Blob Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_pagerduty","name":"ticketing_pagerduty","fullname":"PagerDuty Operations Cloud","description":"Configuration for PagerDuty as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","project","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true}],"provider_config":{"description":"Configuration for PagerDuty as a Ticketing Provider","properties":{"credential":{"description":"PagerDuty authentication token. Follow [this guide to generate an REST API token](https://support.pagerduty.com/docs/api-access-keys#rest-api-keys).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"PagerDutyCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PagerDutyCredential"}},"type":{"const":"ticketing_pagerduty"},"url":{"description":"URL for the PagerDuty API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://api.pagerduty.com\".","type":"string"}},"required":["credential","type","url"],"title":"PagerDuty","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"cloudsecurity_defender","name":"cloudsecurity_defender","fullname":"Microsoft Defender for Cloud","description":"Configuration for the Microsoft Defender for Cloud Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"compliance.control","type":"string","operators":["eq"]},{"name":"compliance.requirements","type":"string","operators":["eq"]},{"name":"compliance.standards","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Microsoft Defender for Cloud Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Defender for Cloud workspace.","title":"Subscription ID","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Defender for Cloud workspace.","title":"Tenant ID","type":"string"},"type":{"const":"cloudsecurity_defender"},"url":{"default":"https://management.azure.com/.default","description":"The root domain where your Microsoft Defender for Cloud workspace is located.","nullable":true,"pattern":"https?:.+","title":"Base URL","type":"string"}},"required":["credential","subscription_id","tenant_id","type"],"title":"Microsoft Defender for Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_crowdstrike_hec","name":"sink_crowdstrike_hec","fullname":"Crowdstrike HEC","description":"Configuration for Crowdstrike HEC as a Sink Provider","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Crowdstrike HEC as a Sink Provider","properties":{"credential":{"description":"Crowdstrike HEC api-key","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"CrowdstrikeHECCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"type":{"const":"sink_crowdstrike_hec"},"url":{"description":"API URL for the CrowdStrike HEC API. This must be an HTTPS URL, for example \"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector\".","pattern":"^https://.*$","title":"Crowdstrike HEC API URL","type":"string"}},"required":["credential","type","url"],"title":"Crowdstrike HEC","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow_sir","name":"ticketing_servicenow_sir","fullname":"ServiceNow Security Incident Response (SIR)","description":"Configuration for ServiceNow Security Incident Response as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow Security Incident Response as a Ticketing Provider","properties":{"credential":{"oneOf":[{"description":"Username and password used to authenticate with ServiceNow. The password can be a token that is generated following [this guide to generate an API token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be Washington D.C. or later.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"ServiceNowCredential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"ticketing_servicenow_sir"},"url":{"description":"URL for the ServiceNow API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.service-now.com\".","type":"string"}},"required":["credential","type","url"],"title":"ServiceNow SIR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_torq","name":"ticketing_torq","fullname":"Torq","description":"Configuration for Torq as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","status","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","in"]},{"name":"created_at","type":"datetime","operators":["gte","lte","gt","lt"]},{"name":"issue_type","type":"string","operators":["eq","in"]},{"name":"priority","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","in"]},{"name":"tags","type":"string","operators":["eq","in"]},{"name":"text","type":"string","operators":["like"]}]}],"provider_config":{"description":"Configuration for Torq as a Ticketing Provider","properties":{"credential":{"description":"Client ID for the Torq REST API. [Torq API key generation documentation](https://learn.torq.io/apidocs/authentication).","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"TorqCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TorqCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"type":{"const":"ticketing_torq"}},"required":["credential","type"],"title":"Torq","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage","name":"assets_nozomi_vantage","fullname":"Nozomi Vantage","description":"Configuration for the Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"stringProcessMap(\"name\")","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"integer","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the Nozomi Vantage provider","properties":{"credential":{"description":"This is your API key name and secret value of your Nozomi Vantage API token. The token name\nis supplied as the 'username' while the token secret value is supplied as the 'secret'.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"NozomiVantageCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"NozomiVantageCredential"}},"type":{"const":"assets_nozomi_vantage"},"url":{"description":"URL for the Nozomi Vantage API. This should be the base URL for the API, without any path components. For example, \"https://tenant.us1.vantage.nozominetworks.io\".","type":"string"}},"required":["credential","type","url"],"title":"Nozomi Vantage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud","name":"assets_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as an Assets Provider","properties":{"credential":{"description":"Tanium™ API authentication tokens allow users to maintain extended sessions with Tanium Cloud, eliminating the need for repeated authentication in long-running workflows that aren't continuously active. Each token is tied to a specific user or persona, authenticating based on their credentials and permissions. Multiple tokens can be created per user or persona, with a configurable expiration period. To avoid workflow disruptions, users should regularly rotate tokens by requesting new ones and revoking the old ones before they expire. For more details on generating, managing, rotating, or revoking an API token, please refer to [this API Token guide](https://help.tanium.com/bundle/ug_console_cloud/page/platform_user/console_api_tokens.html#add_API_tokens). A persona in Tanium is a set of roles and computer groups selected for a session, allowing different restrictions for a user without needing multiple accounts. For example, a user managing endpoints across various countries can have one persona for client maintenance in a specific country and another for security patch installations in only certain computer groups. For more details please refer our [Tanium Authentication Guide](ref:tanium-setup).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TaniumCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"assets_tanium_cloud"},"url":{"description":"URL for the Tanium Cloud API. This should be the base URL for the API, without any path components and must be HTTPS, e.g. \"https://\u003ccustomername\u003e-api.cloud.tanium.com\" or \"https://\u003ccustomername\u003e-api.titankube.com\".","pattern":"^https://.*$","title":"Tanium Cloud API URL","type":"string"}},"required":["credential","type","url"],"title":"Tanium Assets","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_entra_id","name":"identity_entra_id","fullname":"Microsoft Entra ID","description":"Configuration for the Microsoft Entra ID Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","supported":false},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in","like"]},{"name":"class_uid","type":"integer","operators":["eq","in"]},{"name":"message","type":"string","operators":["eq","in","like"]},{"name":"status_id","type":"integer","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"integer","operators":["eq","in"]},{"name":"user.name","type":"string","operators":["eq","in","like"]},{"name":"user.uid","type":"string","operators":["eq","in","like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"email_addrs","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.deleted_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.last_login_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.user_status_id","type":"integer","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]}],"provider_config":{"description":"Configuration for the Microsoft Entra ID Identity Provider","properties":{"credential":{"description":"Azure OAuth 2.0 Client ID and Client Secret for a Synqly Identity Connector API service principal. Follow [this guide to generate an API token](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal). The application must be configured with permissions to access the user, group, and audit log graph APIs.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"EntraIdCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"EntraIdCredential"}},"tenant_id":{"description":"Azure Directory (tenant) ID.","type":"string"},"type":{"const":"identity_entra_id"},"url":{"description":"Optional URL override for the Microsoft Graph API. This should be the base URL for the API without any path components.","nullable":true,"type":"string"}},"required":["credential","tenant_id","type"],"title":"Microsoft Entra ID","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_teams","name":"notifications_teams","fullname":"Microsoft Teams","description":"Configuration for sending messages to Microsoft Teams. This provider can be configured as a public webhook or with OAuth.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for sending messages to Microsoft Teams. This provider can be configured as a public webhook or with OAuth.","properties":{"channel_id":{"description":"The ID of the channel to send messages to.","type":"string"},"credential":{"oneOf":[{"description":"Azure OAuth 2.0 Client ID and Client Secret for an Azure App Registration. Follow [this guide to generate an API token](https://learn.microsoft.com/en-us/connectors/azureadapplications/). The application must be configured with permissions to access Microsoft Power Automate with user delegation.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TeamsCredential"}},{"description":"Public Webhook URL used to authenticate with Teams.","properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"webhook_url"}},"required":["secret","type"],"title":"SecretCredential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"TeamsCredential"}}],"title":"TeamsCredential","x-synqly-credential":{"extends":["OAuthClientCredential","SecretCredential"],"type":"TeamsCredential"}},"endpoint":{"description":"The URL of the endpoint to send messages to. Only specified here if OAuth. For public, please refer to TeamsCredential.","nullable":true,"type":"string"},"team_id":{"description":"The ID of the team to send messages to.","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID. Only if OAuth is used.","nullable":true,"type":"string"},"type":{"const":"notifications_teams"}},"required":["channel_id","credential","team_id","type"],"title":"Microsoft Teams","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_mock_siem","name":"siem_mock_siem","fullname":"SIEM Test","description":"Configuration for the Synqly mock in-memory SIEM handler. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","supported":false}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM handler. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"index":{"description":"Name of the index where events are stored.","nullable":true,"type":"string"},"type":{"const":"siem_mock_siem"}},"required":["type"],"title":"SIEM Test","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_pingone","name":"identity_pingone","fullname":"PingOne Cloud Platform","description":"Configuration for the PingOne Identity Platform","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in"]},{"name":"class_uid","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["lte","gte"]},{"name":"type_uid","type":"string","operators":["eq","in"]},{"name":"user.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.name","type":"string","operators":["eq","in"]},{"name":"entity.group.uid","type":"string","operators":["eq","in"]},{"name":"entity.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in","like"]},{"name":"time","type":"datetime","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the PingOne Identity Platform","properties":{"auth_url":{"description":"The URL base for making authentication requests to PingOne.","type":"string"},"client_id":{"description":"The client ID for the application set up as a worker.","type":"string"},"credential":{"description":"Client application secret for a worker app. See [these instructions](https://apidocs.pingidentity.com/pingone/tutorial/v1/api/#create-an-admin-worker-app-connection) for help creating a worker application.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"PingOneCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PingOneCredential"}},"organization_id":{"description":"The organization ID that the client app is a part of.","type":"string"},"type":{"const":"identity_pingone"},"url":{"description":"URL for the PingOne API. This should be the base URL for the API, without any path components.","type":"string"}},"required":["auth_url","client_id","credential","organization_id","type","url"],"title":"PingOne Identity","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_qualys_cloud","name":"assets_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as an Assets Provider","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"QualysCloudCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"assets_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components. For example, \"https://qualys.com\".","type":"string"}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_sqs","name":"sink_aws_sqs","fullname":"AWS Simple Queue Service","description":"Configuration for AWS Simple Queue Service (SQS) as a Sink Provider.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for AWS Simple Queue Service (SQS) as a Sink Provider.","properties":{"credential":{"description":"Credential ID that stores AWS authentication key and secret. This token pair must have write access to the configured SQS queue","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsSQSCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSQSCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"type":"string"},"type":{"const":"sink_aws_sqs"},"url":{"description":"URL of the SQS queue where events are sent. Must be in the format `https://sqs.{region}.amazonaws.com_{account_id}/{queue_name}`.","type":"string"}},"required":["credential","type","url"],"title":"AWS SQS","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_autotask","name":"ticketing_autotask","fullname":"Autotask Operations Cloud","description":"Configuration for Autotask as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"companyid","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"createdate","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"description","type":"string","operators":["eq","like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq","neq","in"]},{"name":"name","type":"string","operators":["eq","like"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["URGENT","CRITICAL","HIGH","MEDIUM","LOW","PLANNING"]},{"name":"queueid","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","neq","in","not in"]}]}],"provider_config":{"description":"Configuration for Autotask as a Ticketing Provider","properties":{"api_integration_code_credential":{"description":"API Integration Code for the Autotask API.","properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"AutotaskApiIntegrationCodeCredential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskApiIntegrationCodeCredential"}},"secret_credential":{"description":"Secret for the Autotask API.","properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"AutotaskSecretCredential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskSecretCredential"}},"type":{"const":"ticketing_autotask"},"user_name":{"description":"User name for the Autotask API.","type":"string"},"zone_path":{"description":"Zone path for the Autotask API.","type":"string"}},"required":["api_integration_code_credential","secret_credential","type","user_name","zone_path"],"title":"Autotask","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_mock_ticketing","name":"ticketing_mock_ticketing","fullname":"Ticketing Test","description":"Configuration for the Synqly mock in-memory ticketing handler. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary","assignee"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"id","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]}]}],"provider_config":{"description":"Configuration for the Synqly mock in-memory ticketing handler. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","properties":{"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"name":{"description":"Optional name of the mock provider. This value is unused.","nullable":true,"type":"string"},"type":{"const":"ticketing_mock_ticketing"}},"required":["type"],"title":"Ticketing Test","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_jira","name":"notifications_jira","fullname":"Atlassian Jira","description":"Configuration for Jira as a Notification Provider","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for Jira as a Notification Provider","properties":{"credential":{"description":"Username and password used to authenticate with Jira. The password can be a token that is generated following [this guide to generate an API token](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"JiraCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"type":{"const":"notifications_jira"},"url":{"description":"URL for the Jira API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.atlassian.net\".","type":"string"}},"required":["credential","type","url"],"title":"Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_crowdstrike","name":"siem_crowdstrike","fullname":"CrowdStrike Falcon Next-Gen SIEM","description":"Configuration for CrowdStrike Falcon NextGen SIEM","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for CrowdStrike Falcon NextGen SIEM","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon NextGen SIEM tenant.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"hec_credential":{"description":"Token credential to use for connecting to the CrowdStrike HEC service. If not provided, sending events to CrowdStrike is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"CrowdstrikeHECCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"hec_url":{"description":"The generated CrowdStrike HEC URL provided with your token. This must be an HTTPS URL.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","nullable":true,"pattern":"^https://.*$","title":"Crowdstrike HEC API URL","type":"string"},"type":{"const":"siem_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon NextGen SIEM tenant is located.","nullable":true,"pattern":"^https://.*$","title":"Base URL","type":"string"}},"required":["credential","type"],"title":"CrowdStrike SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage_mock","name":"assets_nozomi_vantage_mock","fullname":"[MOCK] Nozomi Vantage","description":"Configuration for a mocked Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Nozomi Vantage provider","properties":{"dataset":{"enum":["basic_v0"],"title":"AssetsNozomiVantageDataset","type":"string"},"type":{"const":"assets_nozomi_vantage_mock"}},"required":["dataset","type"],"title":"[MOCK] Nozomi Vantage","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_qualys_cloud_mock","name":"assets_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"AssetsQualysCloudDataset","type":"string"},"type":{"const":"assets_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"storage_gcs","name":"storage_gcs","fullname":"Google Cloud Storage","description":"Configuration for Google Cloud Storage for storing unstructured data","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Google Cloud Storage for storing unstructured data","properties":{"bucket":{"description":"Name of the bucket where files are stored.","type":"string"},"credential":{"description":"AWS-type credential that stores [Hash-based message authentication code (HMAC) keys](https://cloud.google.com/storage/docs/authentication/hmackeys) with write access to the GCS bucket.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"GCSCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"GCSCredential"}},"region":{"description":"Google Cloud region where the bucket is located.","type":"string"},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_gcs"}},"required":["bucket","credential","region","type"],"title":"Google Cloud Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_mock_storage","name":"storage_mock_storage","fullname":"Storage Test","description":"Configuration for the Synqly mock in-memory storage handler. This provider is for testing purposes only and does not retain files pushed to it.","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory storage handler. This provider is for testing purposes only and does not retain files pushed to it.","properties":{"bucket":{"description":"Name of the bucket where files are stored.","type":"string"},"type":{"const":"storage_mock_storage"}},"required":["bucket","type"],"title":"Storage Test","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_aws_s3","name":"storage_aws_s3","fullname":"AWS S3","description":"Configuration for AWS S3 as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for AWS S3 as a Storage Provider","properties":{"bucket":{"description":"Name of the AWS S3 bucket where files are stored.","type":"string"},"credential":{"description":"AWS access key to authenticate with AWS. Access keys are long-term credentials for an IAM user and consist of an ID and secret. This token pair must have read and write access to the configured AWS S3 bucket. You may optionally provide a session token if you are using temporary credentials.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsS3Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"endpoint":{"description":"Endpoint used for connecting to the external service. If not provided, will connect to the default endpoint for the Provider.","nullable":true,"type":"string"},"region":{"description":"AWS region where the S3 bucket is located.","type":"string"},"transforms":{"description":"Optional list of transformations used to modify requests before they are sent to the external service.","items":{"title":"Id","type":"string"},"nullable":true,"type":"array"},"type":{"const":"storage_aws_s3"}},"required":["bucket","credential","region","type"],"title":"AWS S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_freshdesk","name":"ticketing_freshdesk","fullname":"Freshdesk","description":"Configuration for Freshdesk as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"agent_id","type":"integer","operators":["eq","gte","lte"]},{"name":"created_at","type":"datetime","operators":["eq","gte","lte"]},{"name":"due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"fr_due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"group_id","type":"integer","operators":["eq","gte","lte"]},{"name":"priority","type":"integer","operators":["eq","gte","lte"]},{"name":"status","type":"integer","operators":["eq","gte","lte"]},{"name":"tag","type":"string","operators":["eq"]},{"name":"type","type":"string","operators":["eq"]},{"name":"updated_at","type":"datetime","operators":["eq","gte","lte"]}]}],"provider_config":{"description":"Configuration for Freshdesk as a Ticketing Provider","properties":{"credential":{"description":"You can use your personal API key to authenticate the request. If you use the API key, \nthere is no need for a password. The token is supplied as \"Your API Key\".\n[Freshdesk API token generation documentation](https://developer.freshdesk.com/api/#authentication)\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"FreshdeskCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"FreshdeskCredential"}},"type":{"const":"ticketing_freshdesk"},"url":{"description":"Base URL to your Freshdesk tenant.","example":"https://tenant.freshdesk.com","format":"uri","pattern":"^https?:.+$","type":"string"}},"required":["credential","type","url"],"title":"Freshdesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_mock_notifications","name":"notifications_mock_notifications","fullname":"Notifications Test","description":"Configuration for the Mock in-memory notification handler. This provider is for testing purposes only.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Mock in-memory notification handler. This provider is for testing purposes only.","properties":{"channel":{"description":"The channel to send notifications to.","nullable":true,"type":"string"},"type":{"const":"notifications_mock_notifications"}},"required":["type"],"title":"Notifications Test","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix","name":"assets_armis_centrix","fullname":"Armis Centrix™ for Asset Management and Security","description":"Configuration for the Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"name","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for the Armis Centrix Assets Provider","properties":{"credential":{"description":"This credential must be an API Secret Key. Generate this key in the UI console by navigating to \"Settings\", then \"API Management\".","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"ArmisCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ArmisCredential"}},"type":{"const":"assets_armis_centrix"},"url":{"description":"URL for the Armis Centrix API. This should be the base URL for the API, without any path components. For example, \"https://tenant.armis.com\".","type":"string"}},"required":["credential","type","url"],"title":"Armis Centrix","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_rapid7_insightidr","name":"siem_rapid7_insightidr","fullname":"Rapid7 InsightIDR","description":"Configuration for Rapid7 InsightIDR as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"investigations","type":"","operators":null}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Rapid7 InsightIDR as a SIEM Provider.","properties":{"credential":{"description":"Rapid7 Insight Cloud authentication token. Follow [this guide to generate an API token](https://docs.rapid7.com/insight/managing-platform-api-keys/).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Rapid7InsightCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"siem_rapid7_insightidr"},"url":{"description":"URL for the Rapid7 API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://us2.api.insight.rapid7.com\".","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Rapid7 InsightIDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_security_lake","name":"sink_aws_security_lake","fullname":"AWS Security Lake","description":"Configuration for AWS Security Lake provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for AWS Security Lake provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.","properties":{"credential":{"description":"AWS access key to authenticate with AWS. Access keys are long-term credentials for an IAM user and consist of an ID and secret. This token pair must have write access to the configured S3 bucket. You may optionally provide a session token if you are using temporary credentials.","properties":{"access_key_id":{"description":"ID portion of the AWS access key pair.","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","nullable":true,"type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AwsSecurityLakeCredential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSecurityLakeCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"type":"string"},"type":{"const":"sink_aws_security_lake"},"url":{"description":"URL of the S3 bucket where the AWS Security Lake events are stored.","type":"string"}},"required":["credential","type","url"],"title":"AWS Security Lake","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_sec_ops","name":"sink_google_sec_ops","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.","properties":{"credential":{"description":"The credential set used to write events to Google SecOps.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"customer_id":{"description":"The customer ID reported when writing events.","title":"Customer Id","type":"string"},"type":{"const":"sink_google_sec_ops"},"url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"(Optional) Ingestion URL for the Google SecOps instance. This should be the base event ingestion URL, without any path components.","nullable":true,"pattern":"^https://.*$","title":"Ingestion API URL","type":"string"}},"required":["credential","customer_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_security_operations","name":"siem_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.","properties":{"credential":{"description":"Google OAuth 2.0 credentials with an email address.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance.","title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually 'us' or 'eu'.","nullable":true,"title":"Region","type":"string"},"type":{"const":"siem_google_security_operations"},"url":{"default":"https://{region}-chronicle.googleapis.com","description":"The base API URL for posting event, without any path components.","nullable":true,"pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"siem_q_radar","name":"siem_q_radar","fullname":"QRadar","description":"Configuration for IBM QRadar as a SIEM Provider.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.app_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"count","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"end_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.host","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.port","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.url_string","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_provider","type":"string","operators":["eq"]},{"name":"process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"src_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.owner.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","gt","lt","in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for IBM QRadar as a SIEM Provider.","properties":{"collection_port":{"description":"The QRadar HTTP Receiver URL, stored as a secret. This URL has a special port in QRadar and is stored in a credential to protect that information. See https://www.youtube.com/watch?v=UEBLVVNpyfg for a demonstration of setting up and mapping and HTTP Receiver in QRadar.","title":"Collection Port","type":"integer"},"credential":{"description":"QRadar authorized service token. Follow [this guide to generate a token](https://www.ibm.com/docs/en/qradar-common?topic=app-creating-authorized-service-token-qradar-operations).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"QRadarCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"QRadarCredential"}},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the QRadar server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"siem_q_radar"},"url":{"description":"URL for the QRadar instance. This should be the base URL instance, without any path components and must be HTTPS. For example, \"https://qradar.westus2.cloudapp.azure.com\".","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["collection_port","credential","type","url"],"title":"IBM QRadar","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_azure_monitor_logs","name":"sink_azure_monitor_logs","fullname":"Microsoft Azure Monitor Logs","description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.","properties":{"client_id":{"description":"Azure Client (Application) ID.","type":"string"},"credential":{"description":"Azure token for authentication. Follow [this guide to generate an API token](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal). The token must have access to the configured data collection endpoint.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"AzureMonitorLogsCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureMonitorLogsCredential"}},"rule_id":{"description":"Data collection rule immutable ID.","type":"string"},"stream_name":{"description":"Name of the Data collection rule stream.","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID.","type":"string"},"type":{"const":"sink_azure_monitor_logs"},"url":{"description":"URL of the Azure data collection endpoint.","type":"string"}},"required":["client_id","credential","rule_id","stream_name","tenant_id","type","url"],"title":"Azure Monitor Logs","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_security_operations","name":"sink_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.","properties":{"credential":{"description":"Google OAuth 2.0 credentials with an email address.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance","title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually 'us' or 'eu'.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_google_security_operations"},"url":{"default":"https://{region}-chronicle.googleapis.com","description":"The base API URL for posting event, without any path components.","nullable":true,"pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"sink_mock_sink","name":"sink_mock_sink","fullname":"Sink Test","description":"Configuration for the Synqly mock in-memory sink handler. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory sink handler. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"destination":{"description":"Name of the destination where events are stored. This property is unused.","nullable":true,"type":"string"},"type":{"const":"sink_mock_sink"}},"required":["type"],"title":"Sink Test","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_splunk","name":"sink_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a Sink provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC).\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Splunk as a Sink provider. This integration allows sending data to Splunk using an HTTP Event Collector (HEC).","properties":{"hec_credential":{"description":"Token credential to use for connecting to the Splunk HEC service.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SplunkHECToken","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. This must include the full path to the HEC endpoint. For example, \"https://tenant.cloud.splunk.com:8088/services_collector_event\".","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Splunk server's TLS certificate.","nullable":true,"type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided, will use the default source for the Splunk collector.","nullable":true,"type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided, will use the default source type for the Splunk collector.","nullable":true,"type":"string"},"type":{"const":"sink_splunk"}},"required":["hec_credential","hec_url","type"],"title":"Splunk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow","name":"ticketing_servicenow","fullname":"ServiceNow IT Service Management (ITSM)","description":"Configuration for ServiceNow as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow as a Ticketing Provider","properties":{"credential":{"oneOf":[{"description":"Username and password used to authenticate with ServiceNow. The password can be a token that is generated following [this guide to generate an API token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be Washington D.C. or later.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"ServiceNowCredential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. If not provided, defaults to the incident table.","nullable":true,"type":"string"},"type":{"const":"ticketing_servicenow"},"url":{"description":"URL for the ServiceNow API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.service-now.com\".","type":"string"}},"required":["credential","type","url"],"title":"ServiceNow ITSM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud","name":"vulnerabilities_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tanium Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Tanium™ API authentication tokens allow users to maintain extended sessions with Tanium Cloud, eliminating the need for repeated authentication in long-running workflows that aren't continuously active. Each token is tied to a specific user or persona, authenticating based on their credentials and permissions. Multiple tokens can be created per user or persona, with a configurable expiration period. To avoid workflow disruptions, users should regularly rotate tokens by requesting new ones and revoking the old ones before they expire. For more details on generating, managing, rotating, or revoking an API token, please refer to [this API Token guide](https://help.tanium.com/bundle/ug_console_cloud/page/platform_user/console_api_tokens.html#add_API_tokens). A persona in Tanium is a set of roles and computer groups selected for a session, allowing different restrictions for a user without needing multiple accounts. For example, a user managing endpoints across various countries can have one persona for client maintenance in a specific country and another for security patch installations in only certain computer groups. For more details please refer our [Tanium Authentication Guide](ref:tanium-setup).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TaniumCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"vulnerabilities_tanium_cloud"},"url":{"description":"URL for the Tanium Cloud API. This should be the base URL for the API, without any path components and must be HTTPS, e.g. \"https://\u003ccustomername\u003e-api.cloud.tanium.com\" or \"https://\u003ccustomername\u003e-api.titankube.com\".","pattern":"^https://.*$","title":"Tanium Cloud API URL","type":"string"}},"required":["credential","type","url"],"title":"Tanium Vulnerability Management","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_axonius","name":"assets_axonius","fullname":"Axonius Asset Cloud","description":"Configuration for the Axonius Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for the Axonius Assets Provider","properties":{"credential":{"description":"This credential must be an API Key and API Secret. For more details, see the [Getting an API Key and API Secret](https://docs.axonius.com/docs/axonius-rest-api#getting-an-api-key-and-api-secret).","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"AxoniusCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"AxoniusCredential"}},"type":{"const":"assets_axonius"},"url":{"description":"URL for the Axonius API. This should be the base URL for the API, without any path components.","example":"https://tenant.on.axonius.com","pattern":"^https?:.+$","type":"string"}},"required":["credential","type","url"],"title":"Axonius","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike","name":"vulnerabilities_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as a Vulnerabilities Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"vulnerabilities_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","type"],"title":"CrowdStrike Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack_webhook","name":"notifications_slack_webhook","fullname":"Slack Incoming Webhook","description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","properties":{"type":{"const":"notifications_slack_webhook"},"webhook_url":{"description":"Slack Incoming Webhook URL. Use a Slack app with Incoming Webhooks enabled to generate the URL. See [configuration guide on Incoming Webhooks](https://api.slack.com/messaging/webhooks) for more detail.","properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Incoming Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SlackWebhookCredential"}}},"required":["type","webhook_url"],"title":"Slack Incoming Webhook","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow","name":"assets_servicenow","fullname":"ServiceNow Configuration Management Database (CMDB)","description":"Configuration for ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"integer","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for ServiceNow as an Assets Provider","properties":{"credential":{"oneOf":[{"description":"Username and password used to authenticate with ServiceNow. The password can be a token that is generated following [this guide to generate an API token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be Washington D.C. or later.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"ServiceNowCredential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"assets_servicenow"},"url":{"description":"URL for the ServiceNow API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.service-now.com\".","type":"string"}},"required":["credential","type","url"],"title":"ServiceNow CMDB","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow_mock","name":"assets_servicenow_mock","fullname":"[MOCK] ServiceNow Configuration Management Database (CMDB)","description":"Configuration for a mocked ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked ServiceNow as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"AssetsServiceNowDataset","type":"string"},"type":{"const":"assets_servicenow_mock"}},"required":["dataset","type"],"title":"[MOCK] ServiceNow CMDB","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"cloudsecurity_crowdstrike","name":"cloudsecurity_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"actor.authorizations.policy.is_applied","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike Cloud Security Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"CrowdStrikeCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"cloudsecurity_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"type":"string"}},"required":["credential","type"],"title":"CrowdStrike Cloud Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_crowdstrike","name":"edr_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"attacks.tactic.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.tactic.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"comment","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid_alt","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.feature.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.loggers.logged_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"risk_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"vulnerabilities.desc","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"vulnerabilities.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"metadata.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"product.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.path","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"product.vendor_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_ver","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.chassis","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.instance_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref.id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.expired","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.host_groups","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.mobile_action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.modified_by","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.platforms","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"labels","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"pattern","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"pattern_type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"valid_until","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.md5","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.sha256","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.product_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike EDR Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike EDR Provider","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"edr_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","type"],"title":"CrowdStrike EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_elasticsearch","name":"siem_elasticsearch","fullname":"Elastic SIEM","description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments","properties":{"auth_options":{"description":"Options used to control how requests are made to elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"When you have the correct permissions, this allows API requests to get made as a specific user, with all of their roles and permissions. When populated, this option will send the 'es-security-runas-user' header with every request made to the Elasticsearch API.","nullable":true,"type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated, it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"ElasticsearchSharedSecret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Elasticsearch Authentication Options","type":"object"},"create_index":{"description":"Optional. The index or data stream to use when writing events. Defaults to the 'index' setting if not set.","nullable":true,"type":"string"},"credential":{"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. When possible use an API key or oAuth credentials instead\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Configuration with credentials and connection data for an IdP that has been configured for use as a [JWT realm in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html). There are also [specific instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html). This configuration requires a token URL for the 3rd party identity provider. If you need to send specific scopes during the client credentials OAuth flow, specify them in the 'extra' configuration as a list of strings under the 'scopes' key.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"ElasticsearchCredential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"index":{"default":"_all","description":"Optional. The index, data stream, or index alias to read events from.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Elasticsearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"siem_elasticsearch"},"url":{"description":"URL for the Elasticsearch API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.elastic.com\".","type":"string"}},"required":["credential","type","url"],"title":"Elasticsearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sentinel","name":"siem_sentinel","fullname":"Microsoft Sentinel","description":"Configuration for Microsoft Sentinel SIEM Product.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Microsoft Sentinel SIEM Product.","properties":{"credential":{"description":"OAuth 2.0 client credentials for authenticating with Microsoft Sentinel. The application registration must have \nappropriate permissions to read and write to Microsoft Sentinel. Required permissions include:\n- Microsoft.OperationalInsights/workspaces/read\n- Microsoft.OperationalInsights/workspaces/write\n- Microsoft.SecurityInsights/dataConnectors/*\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"SentinelCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SentinelCredential"}},"default_tables":{"default":["_Im_AuditEvent","_Im_Authentication","_Im_DhcpEvent","_Im_Dns","_Im_DnsBuiltIn","_Im_FileEvent","_Im_NetworkSession","_Im_Process_EmptyV01","_Im_ProcessCreate","_Im_ProcessEvent","_Im_ProcessTerminate","_Im_RegistryEvent","_Im_UserManagement","_Im_WebSession"],"description":"The default tables to use for queries. Supply this value if you would like to a subset of the default tables or non-ASIM data tables with Sentinel/Log Analytics queries. If more than one table is specified, a union operator will join them to query all of the tables at once. Supply a single value with \"_\" if you would like to query all tables without the normalizing ASIM transformations. **Note** that a single \"_\" entry will map to a 'union \\*' query. Relying heavily on these queries is generally discouraged by Sentinel because they are slower and more resource intensive.","items":{"type":"string"},"nullable":true,"type":"array"},"ingest_url":{"default":"https://monitor.azure.com","description":"Either the logs ingestion API url for you Data Collection Rule or your Data Collection Endpoint URL. This value must be supplied to ingest data into Microsoft Sentinel. This should look something like https://mydcr-xxx-westus2.logs.z1.ingest.monitor.azure.com","nullable":true,"type":"string"},"logs_url":{"description":"The root URL for the Microsoft Azure Monitor Logs API. This is optional and should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"type":"string"},"management_url":{"default":"https://management.azure.com","description":"The root URL for the Microsoft Azure Management API. This is optional and should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"type":"string"},"resource_group":{"description":"The Azure resource group name that contains the Microsoft Sentinel workspace.","type":"string"},"rule_id":{"description":"Your Data Collection Rule immutable ID. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"type":"string"},"stream_name":{"description":"The name of the Data Collection Rule stream. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"type":"string"},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Sentinel workspace.","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Sentinel workspace.","type":"string"},"type":{"const":"siem_sentinel"},"workspace_id":{"description":"The ID of the Microsoft Sentinel Log Analytics workspace.","type":"string"},"workspace_name":{"description":"The name of the Microsoft Sentinel Log Analytics workspace.","type":"string"}},"required":["credential","resource_group","subscription_id","tenant_id","type","workspace_id","workspace_name"],"title":"Microsoft Sentinel","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_nucleus","name":"vulnerabilities_nucleus","fullname":"Nucleus Vulnerability Management","description":"Configuration for Nucleus as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/assets/{assetId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/findings/{findingId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UpdateFindingRequest"}}}],"provider_config":{"description":"Configuration for Nucleus as a Vulnerabilities Provider","properties":{"credential":{"description":"The Nucleus API key can be generated and copied from the **User Profile** settings, accessible via the avatar in the top-right corner.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"NucleusCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"NucleusCredential"}},"project_id":{"description":"The **project_id** is a string representing a numeric ID (e.g., \"12345\") and can be found in the Nucleus UI by selecting **Global Dashboard** from the left-hand menu, then choosing **All Projects** at the top, where the **Projects** widget lists all projects with their IDs.","pattern":"^\\d+$","title":"Project ID","type":"string"},"type":{"const":"vulnerabilities_nucleus"},"url":{"description":"URL for the Nucleus API. This should be the base URL for the API, without any path components and must be HTTPS, e.g. \"https://{sandbox}.nucleussec.com\" .","pattern":"^https://.*$","title":"Nucleus API URL","type":"string"}},"required":["credential","project_id","type","url"],"title":"Nucleus Vulnerability Management","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud_mock","name":"assets_tanium_cloud_mock","fullname":"[MOCK] Tanium Vulnerability Management","description":"Configuration for a mocked Tanium Cloud as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Tanium Cloud as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"AssetsTaniumCloudDataset","type":"string"},"type":{"const":"assets_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Assets","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"edr_defender","name":"edr_defender","fullname":"Microsoft Defender for Endpoint","description":"Configuration for the Microsoft Defender EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq","in","ne"]},{"name":"analytic.category","type":"string","operators":["eq","in","ne"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq","in","ne"]},{"name":"metadata.uid","type":"string","operators":["eq","in","ne"]},{"name":"severity","type":"string","operators":["eq","in","ne"]},{"name":"status","type":"string","operators":["eq","in","ne"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_time_seen","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.risk_level","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"enrichments.reputation.score","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.product.version","type":"string","operators":["eq","ne","like","not_like"]},{"name":"risk_level_id","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_code","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_detail","type":"string","operators":["eq","ne","like","not_like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"string","operators":["eq","in"]},{"name":"created_by_ref.Id","type":"string","operators":["eq","in"]},{"name":"created_by_ref.name","type":"string","operators":["eq","in"]},{"name":"extensions.action","type":"string","operators":["eq","in"]},{"name":"extensions.alert","type":"string","operators":["eq","in"]},{"name":"extensions.application","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupIds","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupNames","type":"string","operators":["eq","in"]},{"name":"extensions.severity","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"pattern","type":"string","operators":["eq","in"]},{"name":"pattern_type","type":"string","operators":["eq","in"]},{"name":"valid_until","type":"string","operators":["eq","in"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.modified_time","type":"datetime","operators":["lt","gt"]},{"name":"status","type":"string","operators":["lt","gt","eq","in"]}]}],"provider_config":{"description":"Configuration for the Microsoft Defender EDR Provider","properties":{"credential":{"description":"Docs for setting up oAuth","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"DefenderCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"tenant_id":{"description":"TenantId for the Microsoft Defender Management Console.","type":"string"},"type":{"const":"edr_defender"},"url":{"default":"https://api-us.securitycenter.windows.com","description":"URL for the Microsoft Defender Management Console.","type":"string"}},"required":["credential","tenant_id","type","url"],"title":"Defender EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sophos","name":"edr_sophos","fullname":"Sophos EDR","description":"Configuration for the Sophos EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.title","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.uid","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"product.path","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.type","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"device.uid","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"first_seen_time","type":"datetime","operators":["eq"]},{"name":"last_seen_time","type":"datetime","operators":["eq"]},{"name":"status","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"status_detail","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"time","type":"datetime","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq"]},{"name":"attacks.tactics.name","type":"string","operators":["eq"]},{"name":"device.first_seen_time","type":"datetime","operators":["eq"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.location","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"hostname","type":"string","operators":["eq"]},{"name":"metadata.product.name","type":"string","operators":["eq"]},{"name":"risk_score","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"type_name","type":"string","operators":["eq"]},{"name":"vendor_name","type":"string","operators":["eq"]},{"name":"vulnerabilities.title","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Sophos EDR Provider","properties":{"credential":{"description":"Docs for setting up oAuth - https://developer.sophos.com/intro#getting-started","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"SophosCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SophosCredential"}},"type":{"const":"edr_sophos"},"url":{"default":"https://api.central.sophos.com","description":"Optional root domain where your Sophos tenant is located.","nullable":true,"type":"string"}},"required":["credential","type"],"title":"Sophos EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack","name":"notifications_slack","fullname":"Slack","description":"Configuration for the Slack Notification Provider","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for the Slack Notification Provider","properties":{"channel":{"description":"The channel to send notifications to. Should be the ID of the desired channel.","type":"string"},"credential":{"description":"Slack authentication token. Follow [this guide to generate an API token](https://api.slack.com/concepts/token-types#bot). The token must have access to the configured channel.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SlackCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SlackCredential"}},"type":{"const":"notifications_slack"},"url":{"default":"https://slack.com/","description":"Base URL for the Slack API.","nullable":true,"type":"string"}},"required":["channel","credential","type"],"title":"Slack","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_elasticsearch","name":"sink_elasticsearch","fullname":"Elastic","description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Elasticsearch search and analytics engine. Supports both managed and self-hosted Elasticsearch deployments","properties":{"auth_options":{"description":"Options used to control how requests are made to elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"When you have the correct permissions, this allows API requests to get made as a specific user, with all of their roles and permissions. When populated, this option will send the 'es-security-runas-user' header with every request made to the Elasticsearch API.","nullable":true,"type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated, it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"ElasticsearchSharedSecret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Elasticsearch Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events.","type":"string"},"credential":{"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. When possible use an API key or oAuth credentials instead\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"BasicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Configuration with credentials and connection data for an IdP that has been configured for use as a [JWT realm in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html). There are also [specific instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html). This configuration requires a token URL for the 3rd party identity provider. If you need to send specific scopes during the client credentials OAuth flow, specify them in the 'extra' configuration as a list of strings under the 'scopes' key.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"ElasticsearchCredential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the Elasticsearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"sink_elasticsearch"},"url":{"description":"URL for the Elasticsearch API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.elastic.com\".","type":"string"}},"required":["create_index","credential","type","url"],"title":"Elasticsearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud","name":"vulnerabilities_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"QualysCloudCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"vulnerabilities_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://qualysguard.qg4.apps.qualys.com\".","type":"string"}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_rapid7_insight_cloud","name":"vulnerabilities_rapid7_insight_cloud","fullname":"Rapid7 Insight Vulnerability Management Cloud","description":"Configuration for Rapid7 Insight Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Rapid7 Insight Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Rapid7 Insight Cloud authentication token. Follow [this guide to generate an API token](https://docs.rapid7.com/insight/managing-platform-api-keys/).","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Rapid7InsightCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"vulnerabilities_rapid7_insight_cloud"},"url":{"description":"URL for the Rapid7 API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://us2.api.insight.rapid7.com\".","type":"string"}},"required":["credential","type","url"],"title":"Rapid7 InsightVM Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_okta","name":"identity_okta","fullname":"Okta Identity","description":"Configuration for the Okta Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"class_uid","type":"string","operators":["eq"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"status_id","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.type","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"time","type":"date","operators":["eq","gt","gte","lt","lte"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.manager.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.user_status_id","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the Okta Identity Provider","properties":{"credential":{"oneOf":[{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.\n","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"OAuthClientCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OktaCredential"}},{"description":"Token to authenticate with Okta. Follow [this guide to generate an API token](https://developer.okta.com/docs/guides/create-an-api-token). The token must have access to list records in the system audit log. (Not for production use. Use `o_auth_client` instead)\n","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TokenCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"OktaCredential"}}],"title":"OktaCredential","x-synqly-credential":{"extends":["OAuthClientCredential","TokenCredential"],"type":"OktaCredential"}},"type":{"const":"identity_okta"},"url":{"description":"URL for the Okta API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.okta.com\".","type":"string"}},"required":["credential","type","url"],"title":"Okta","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sumo_logic","name":"siem_sumo_logic","fullname":"Sumo Logic Cloud SIEM","description":"Configuration for Sumo Logic Cloud SIEM.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Sumo Logic Cloud SIEM.","properties":{"auto_parse_logs":{"default":true,"description":"Automatically parse logs as JSON when running log queries against Sumo Logic.","nullable":true,"title":"Auto Parse Logs","type":"boolean"},"collection_url":{"description":"Required if you need to send Sumo Logic events from the Synqly API.","nullable":true,"properties":{"secret":{"description":"Secret value","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"SumoLogicCollectionUrl","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SumoLogicCollectionUrl"}},"credential":{"description":"Your Access ID and Access Key. See https://help.sumologic.com/docs/api/getting-started/#authentication for information on generating these values.","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"SumoLogicCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"SumoLogicCredential"}},"siem_logs_only":{"default":false,"description":"Only query for logs that have been processed into the Sumo Logic Cloud SIEM app.","nullable":true,"title":"SIEM Logs Only","type":"boolean"},"type":{"const":"siem_sumo_logic"},"url":{"description":"Your Sumo Logic API endpoint. See https://help.sumologic.com/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security for help determining which base URL to use.","pattern":"^https://.*$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Sumo Logic Cloud SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira","name":"ticketing_jira","fullname":"Atlassian Jira","description":"Configuration for Jira as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Jira as a Ticketing Provider","properties":{"credential":{"description":"Username and password used to authenticate with Jira. The password can be a token that is generated following [this guide to generate an API token](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/). The token receives the same permissions as the user that generates it, so must have access to the projects you want to use.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"JiraCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in ticket objects within Synqly.","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"\\*\" is used to apply to all projects.","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"type":"array"},"default_project":{"description":"Default Project for the integration.","nullable":true,"type":"string"},"type":{"const":"ticketing_jira"},"url":{"description":"URL for the Jira API. This should be the base URL for the API, without any path components and must be HTTPS. For example, \"https://tenant.atlassian.net\".","type":"string"}},"required":["credential","type","url"],"title":"Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud_mock","name":"vulnerabilities_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"VulnerabilitiesQualysCloudDataset","type":"string"},"type":{"const":"vulnerabilities_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_crowdstrike","name":"assets_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as an Assets Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"assets_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","type"],"title":"CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_zendesk","name":"ticketing_zendesk","fullname":"Zendesk","description":"Configuration for Zendesk as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"description","type":"string","operators":["eq","ne","like"]},{"name":"id","type":"string","operators":["eq","ne","like"]},{"name":"name","type":"string","operators":["eq","ne","like"]},{"name":"priority","type":"string","operators":["eq","ne"]},{"name":"status","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for Zendesk as a Ticketing Provider","properties":{"credential":{"description":"E-mail address and API Token for use with the Zendesk API. Use the e-mail address for the `username` field and API Token for the `secret` field.\nSee [Zendesk API token generation documentation](https://developer.zendesk.com/api-reference/introduction/security-and-auth/#api-token) for more detail.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"ZendeskCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ZendeskCredential"}},"type":{"const":"ticketing_zendesk"},"url":{"description":"Base URL for your Zendesk tenant.","example":"https://tenant.zendesk.com","format":"uri","pattern":"^https?:.+$","type":"string"}},"required":["credential","type","url"],"title":"Zendesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tenable_cloud","name":"vulnerabilities_tenable_cloud","fullname":"Tenable Vulnerability Management","description":"Configuration for Tenable Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tenable Cloud as a Vulnerabilities Provider","properties":{"credential":{"description":"Tenable Cloud authentication token. Follow [this guide to generate an API token](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm). Secret must be of the form accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e.","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"TenableCloudCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TenableCloudCredential"}},"type":{"const":"vulnerabilities_tenable_cloud"},"url":{"default":"https://cloud.tenable.com","description":"URL for the Tenable Cloud API. This should be the base URL for the API, without any path components and must be HTTPS. If not provided, defaults to \"https://cloud.tenable.com\".","nullable":true,"pattern":"^https://.*$","title":"Tenable Cloud API URL","type":"string"}},"required":["credential","type"],"title":"Tenable Vulnerability Management","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix_mock","name":"assets_armis_centrix_mock","fullname":"[MOCK] Armis Centrix™ for Asset Management and Security","description":"Configuration for a mocked Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Armis Centrix Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"AssetsArmisDataset","type":"string"},"type":{"const":"assets_armis_centrix_mock"}},"required":["dataset","type"],"title":"[MOCK] Armis Centrix","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"identity_google","name":"identity_google","fullname":"Google Workspace","description":"Configuration for the Google Identity Provider","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"class_uid","type":"string","operators":["eq"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in"]},{"name":"entity.user.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","in"]},{"name":"entity.user.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in"]}]}],"provider_config":{"description":"Configuration for the Google Identity Provider","properties":{"client_email":{"description":"The client email associated with the service account key. Typically this will be of the form `\u003cservice-account-name\u003e@\u003cproject-id\u003e.iam.gserviceaccount.com`.","type":"string"},"credential":{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"GoogleCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleCredential"}},"delegate":{"description":"The email address of the user that the service account is impersonating for domain-wide delegation. For more information, see [this Google support article](https://support.google.com/a/answer/162106).","type":"string"},"type":{"const":"identity_google"}},"required":["client_email","credential","delegate","type"],"title":"Google Workspace","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_opensearch","name":"sink_opensearch","fullname":"OpenSearch","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events.","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"OpenSearchCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the OpenSearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"sink_opensearch"},"url":{"description":"URL for the OpenSearch API. This should be the base URL for the API, without any path components and must be HTTPS.","example":"https://tenant.elastic.com","type":"string"}},"required":["create_index","credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud_mock","name":"vulnerabilities_tanium_cloud_mock","fullname":"[MOCK] Tsanium Vulnerability Management","description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"title":"VulnerabilitiesTaniumCloudDataset","type":"string"},"type":{"const":"vulnerabilities_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Vulnerability Management","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"edr_malwarebytes","name":"edr_malwarebytes","fullname":"Malwarebytes EDR","description":"Configuration for the Malwarebytes EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","supported":false},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.uid","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq"]},{"name":"product.uid","type":"string","operators":["eq"]},{"name":"product.vendor_name","type":"string","operators":["eq"]},{"name":"product.version","type":"string","operators":["eq","gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"created_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"deleted_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq"]},{"name":"device.group_id","type":"string","operators":["eq"]},{"name":"device.group_name","type":"string","operators":["eq"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]},{"name":"device.os.cpu_bits","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.os.version","type":"string","operators":["eq"]},{"name":"device.protection_status","type":"string","operators":["eq"]},{"name":"device.uid","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Malwarebytes EDR Provider","properties":{"account_identifier":{"description":"Account identifier for the Malwarebytes EDR Provider. Can be either the account ID directly (e.g. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) or the full tenant URL (e.g. https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard)","type":"string"},"credential":{"description":"Malwarebytes oAuth client credentials. For more information see [Malwarebytes' documentation on setting up oAuth.](https://api.malwarebytes.com/nebula/v1/docs#section/Authentication)","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"MalwarebytesCredential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"MalwarebytesCredential"}},"type":{"const":"edr_malwarebytes"},"url":{"default":"https://api.malwarebytes.com","description":"URL for the Malwarebytes EDR Provider","nullable":true,"type":"string"}},"required":["account_identifier","credential","type"],"title":"Malwarebytes EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sentinelone","name":"edr_sentinelone","fullname":"SentinelOne Singularity™ Endpoint","description":"Configuration for the SentinelOne EDR Provider","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"actor.process.name","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.network_status","type":"string","operators":["eq"]},{"name":"query.hostname","type":"string","operators":["like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.domain","type":"string","operators":["eq","like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["like"]},{"name":"device.instance_uid","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.mac","type":"string","operators":["like"]},{"name":"device.name","type":"string","operators":["eq","like"]},{"name":"device.os.name","type":"string","operators":["like"]},{"name":"device.os.type","type":"string","operators":["eq","like"]},{"name":"device.os.version","type":"string","operators":["like"]},{"name":"device.type","type":"string","operators":["eq","like"]},{"name":"device.uid","type":"string","operators":["eq","like"]},{"name":"status","type":"string","operators":["eq","like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref","type":"string","operators":["like"]},{"name":"description","type":"string","operators":["like"]},{"name":"extensions.accountIds","type":"string","operators":["eq"]},{"name":"extensions.batchId","type":"string","operators":["eq"]},{"name":"extensions.category","type":"string","operators":["eq"]},{"name":"extensions.externalId","type":"string","operators":["eq"]},{"name":"extensions.groupIds","type":"string","operators":["eq"]},{"name":"extensions.sideIds","type":"string","operators":["eq"]},{"name":"extensions.source","type":"string","operators":["eq"]},{"name":"extensions.uploadTime","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"name","type":"string","operators":["like"]},{"name":"pattern","type":"string","operators":["eq"]},{"name":"value","type":"string","operators":["eq"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.groups.uid","type":"string","operators":["eq"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.id","type":"string","operators":["eq"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"malware.classifications","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the SentinelOne EDR Provider","properties":{"credential":{"description":"SentinelOne API token for authentication. Follow the API DOC overview once logged into your SentinelOne Management URL, \"https://your_management_url/docs/en/generating-api-tokens.html\".","properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SentinelOneCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneCredential"}},"edr_events_credential":{"description":"SentinelOne Singularity Data Lake API used for Edr Events. For example, \"https://xdr.{region}.sentinelone.net\"","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"SentinelOneEdrEventsCredential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneEdrEventsCredential"}},"edr_events_url":{"description":"Base URL for the SentinelOne Singularity Data Lake API. This URL is required if you plan to use the EDR Events API.","example":"htts://xdr.{region}.sentinelone.net","nullable":true,"type":"string"},"type":{"const":"edr_sentinelone"},"url":{"description":"URL for the SentinelOne Management API. This should be the base URL for the API, without any path components. For example, \"https://your_management_url\".","type":"string"}},"required":["credential","type","url"],"title":"SentinelOne EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_chronicle","name":"siem_google_chronicle","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.","properties":{"customer_id":{"description":"Optional. The customer ID reported when writing events. This is required for ingestion.","nullable":true,"title":"Customer Id","type":"string"},"ingestion_credential":{"description":"Optional. Google OAuth 2.0 credentials with an email address. Without this credential the provider will not be able to ingest events.","nullable":true,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Ingestion Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"ingestion_url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Optional. Ingestion URL for the Google SecOps instance. This should be the base event ingestion URL, without any path components.","nullable":true,"pattern":"^https://.*$","title":"Ingestion API URL","type":"string"},"search_credential":{"description":"Google OAuth 2.0 credentials with an email address.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","type":"string"},"client_secret":{"description":"Secret value for authentication","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Search Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"search_url":{"default":"https://backstory.googleapis.com","description":"Search URL for the Google SecOps instance. This should be the base event search URL, without any path components.","nullable":true,"pattern":"^https://.*$","title":"Search API URL","type":"string"},"type":{"const":"siem_google_chronicle"}},"required":["search_credential","type"],"title":"Google Security Operations (Chronicle Compatibility)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_opensearch","name":"siem_opensearch","fullname":"OpenSearch SIEM","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events. Defaults to the 'index' setting if not set.","nullable":true,"type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","properties":{"secret":{"description":"Secret value for authentication","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","type":"string"}},"required":["secret","type","username"],"title":"OpenSearchCredential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.","nullable":true,"type":"string"},"skip_tls_verify":{"default":false,"description":"If true, skips verification of the OpenSearch server's TLS certificate.","nullable":true,"type":"boolean"},"type":{"const":"siem_opensearch"},"url":{"description":"URL for the OpenSearch API. This should be the base URL for the API, without any path components and must be HTTPS.","example":"https://tenant.elastic.com","type":"string"}},"required":["credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}}]}
1
+ {"result":[{"id":"identity_google","name":"identity_google","fullname":"Google Workspace","description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"class_uid","type":"string","operators":["eq"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in"]},{"name":"entity.user.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","in"]},{"name":"entity.user.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in"]}]}],"provider_config":{"description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","properties":{"client_email":{"description":"Client email associated with the service account key.","example":"{service-account-name}@{project-id}.iam.gserviceaccount.com","nullable":false,"title":"Client Email","type":"string"},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleCredential"}},"delegate":{"description":"Email address of the user that the service account is impersonating for domain-wide delegation. For more information, see [this Google support article](https://support.google.com/a/answer/162106).","nullable":false,"title":"Delegate","type":"string"},"type":{"const":"identity_google"}},"required":["client_email","credential","delegate","type"],"title":"Google Workspace","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack","name":"notifications_slack","fullname":"Slack","description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","properties":{"channel":{"description":"Channel to send notifications to. Must be a valid existing channel.","nullable":false,"title":"Channel","type":"string"},"credential":{"description":"Follow [this guide to generate a bot token](https://api.slack.com/concepts/token-types#bot). The token must have access to the configured channel.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"pattern":"^xoxb-.+$","title":"Token","type":"string","x-validation-message":{"patternMismatch":"Bot token must start with `xoxb-`."}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SlackCredential"}},"type":{"const":"notifications_slack"},"url":{"default":"https://slack.com/","description":"Base URL for the Slack API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["channel","credential","type"],"title":"Slack","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_elasticsearch","name":"siem_elasticsearch","fullname":"Elastic SIEM","description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events. Defaults to the `index` setting if not set.","nullable":true,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.","nullable":true,"title":"Read Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Elastic SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_chronicle","name":"siem_google_chronicle","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"customer_id":{"description":"The customer ID reported when writing events. This field is required if writing events.","nullable":true,"title":"Customer Id","type":"string"},"ingestion_credential":{"description":"Credentials used for writing events. If not specified then writing events is disabled.","nullable":true,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Ingestion Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"ingestion_url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"search_credential":{"description":"Credentials used for querying and reading events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Search Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"search_url":{"default":"https://backstory.googleapis.com","description":"Base URL for the Google SecOps Search API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Search API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_google_chronicle"}},"required":["search_credential","type"],"title":"Google Security Operations (Chronicle Compatibility)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_security_lake","name":"sink_aws_security_lake","fullname":"Amazon Security Lake","description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured S3 bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSecurityLakeCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_security_lake"},"url":{"description":"URL of the S3 bucket where the Amazon Security Lake events are stored.","format":"uri","nullable":false,"title":"URL","type":"string"}},"required":["credential","type","url"],"title":"Amazon Security Lake","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_sqs","name":"sink_aws_sqs","fullname":"Amazon Simple Queue Service (SQS)","description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured SQS queue.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSQSCredential"}},"region":{"description":"Overrides the default AWS region. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_sqs"},"url":{"description":"URL of the SQS queue where events are sent.","nullable":false,"pattern":"https://sqs..+?.amazonaws.com_.+?/.+?","title":"Queue URL","type":"string","x-validation-message":{"patternMismatch":"Must match the format `https://sqs.{region}.amazonaws.com_{account_id}/{queue_name}`."}}},"required":["credential","type","url"],"title":"Amazon SQS","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_mock_sink","name":"sink_mock_sink","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"destination":{"description":"Name of the destination where events are stored. This field is unused and only used to demonstrate Provider configuration.","nullable":true,"title":"Destination","type":"string"},"type":{"const":"sink_mock_sink"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"storage_azure_blob","name":"storage_azure_blob","fullname":"Microsoft Azure Blob Storage","description":"Configuration for Azure Blob Storage as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Azure Blob Storage as a Storage Provider","properties":{"bucket":{"description":"Name of the blob container where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new Client Secret.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureBlobCredential"}},"type":{"const":"storage_azure_blob"}},"required":["bucket","credential","type"],"title":"Azure Blob Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_malwarebytes","name":"edr_malwarebytes","fullname":"ThreatDown Endpoint Detection \u0026 Response","description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","supported":false},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.uid","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq"]},{"name":"product.uid","type":"string","operators":["eq"]},{"name":"product.vendor_name","type":"string","operators":["eq"]},{"name":"product.version","type":"string","operators":["eq","gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"created_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"deleted_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq"]},{"name":"device.group_id","type":"string","operators":["eq"]},{"name":"device.group_name","type":"string","operators":["eq"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]},{"name":"device.os.cpu_bits","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.os.version","type":"string","operators":["eq"]},{"name":"device.protection_status","type":"string","operators":["eq"]},{"name":"device.uid","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","properties":{"account_identifier":{"description":"Account identifier for the ThreatDown EDR tenant.","example":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OR - https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard","nullable":false,"pattern":"^(https:\\/\\/cloud\\.malwarebytes\\.com\\/)?((?:[\\dA-Za-z]+-){4}[\\dA-Za-z]+)(\\/.*)?$","title":"Account ID","type":"string","x-validation-message":{"patternMismatch":"Must be a valid Account ID (`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`) or tenant URL (`https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard`)."}},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"MalwarebytesCredential"}},"type":{"const":"edr_malwarebytes"},"url":{"default":"https://api.malwarebytes.com","description":"Base URL for the ThreatDown EDR API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["account_identifier","credential","type"],"title":"ThreatDown EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_gcs","name":"storage_gcs","fullname":"Google Cloud Storage","description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"AWS like credential that stores [hash-based message authentication code (HMAC) keys](https://cloud.google.com/storage/docs/authentication/hmackeys) with write access to the GCS bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"GCSCredential"}},"region":{"description":"Google Cloud region where the bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_gcs"}},"required":["bucket","credential","region","type"],"title":"Google Cloud Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_mock_storage","name":"storage_mock_storage","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"type":{"const":"storage_mock_storage"}},"required":["bucket","type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_torq","name":"ticketing_torq","fullname":"Torq","description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","status","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","in"]},{"name":"created_at","type":"datetime","operators":["gte","lte","gt","lt"]},{"name":"issue_type","type":"string","operators":["eq","in"]},{"name":"priority","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","in"]},{"name":"tags","type":"string","operators":["eq","in"]},{"name":"text","type":"string","operators":["like"]}]}],"provider_config":{"description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TorqCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"type":{"const":"ticketing_torq"}},"required":["credential","type"],"title":"Torq","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud","name":"vulnerabilities_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"vulnerabilities_qualys_cloud"},"url":{"description":"Base URL for the Qualys Cloud API.","example":"https://qualysguard.qg4.apps.qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_rapid7_insight_cloud","name":"vulnerabilities_rapid7_insight_cloud","fullname":"Rapid7 InsightVM","description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"vulnerabilities_rapid7_insight_cloud"},"url":{"description":"Base URL for the Rapid7 InsightVM API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightVM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud","name":"vulnerabilities_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"vulnerabilities_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"cloudsecurity_crowdstrike","name":"cloudsecurity_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.service","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.framework","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.version","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.created_time_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"actor.authorizations.policy.is_applied","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike Cloud Security Provider","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"cloudsecurity_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Cloud Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sentinelone","name":"edr_sentinelone","fullname":"SentinelOne Singularity™ Endpoint","description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"actor.process.name","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.network_status","type":"string","operators":["eq"]},{"name":"query.hostname","type":"string","operators":["like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.domain","type":"string","operators":["eq","like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["like"]},{"name":"device.instance_uid","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.mac","type":"string","operators":["like"]},{"name":"device.name","type":"string","operators":["eq","like"]},{"name":"device.os.name","type":"string","operators":["like"]},{"name":"device.os.type","type":"string","operators":["eq","like"]},{"name":"device.os.version","type":"string","operators":["like"]},{"name":"device.type","type":"string","operators":["eq","like"]},{"name":"device.uid","type":"string","operators":["eq","like"]},{"name":"status","type":"string","operators":["eq","like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref","type":"string","operators":["like"]},{"name":"description","type":"string","operators":["like"]},{"name":"extensions.accountIds","type":"string","operators":["eq"]},{"name":"extensions.batchId","type":"string","operators":["eq"]},{"name":"extensions.category","type":"string","operators":["eq"]},{"name":"extensions.externalId","type":"string","operators":["eq"]},{"name":"extensions.groupIds","type":"string","operators":["eq"]},{"name":"extensions.sideIds","type":"string","operators":["eq"]},{"name":"extensions.source","type":"string","operators":["eq"]},{"name":"extensions.uploadTime","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"name","type":"string","operators":["like"]},{"name":"pattern","type":"string","operators":["eq"]},{"name":"value","type":"string","operators":["eq"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.groups.uid","type":"string","operators":["eq"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.id","type":"string","operators":["eq"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"malware.classifications","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneCredential"}},"edr_events_credential":{"description":"Credential used for the SentinelOne Singularity Data Lake API. This credential is required when querying EDR events.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Events Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneEdrEventsCredential"}},"edr_events_url":{"description":"Base URL for the SentinelOne Singularity Data Lake API. This URL is required is required when querying EDR events.","example":"htts://xdr.{region}.sentinelone.net","nullable":true,"title":"Events Base URL","type":"string"},"type":{"const":"edr_sentinelone"},"url":{"description":"Base URL for the SentinelOne Management API.","example":"https://{tenant}.sentinelone.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"SentinelOne Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_nucleus","name":"vulnerabilities_nucleus","fullname":"Nucleus Vulnerability Management","description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/assets/{assetId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/findings/{findingId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UpdateFindingRequest"}}}],"provider_config":{"description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"NucleusCredential"}},"project_id":{"description":"Numeric identifier for a Nucleus project.","nullable":false,"pattern":"^\\d+$","title":"Project ID","type":"string","x-validation-message":{"patternMismatch":"Must be a numeric project identifier."}},"type":{"const":"vulnerabilities_nucleus"},"url":{"description":"Base URL for the Nucleus API.","example":"https://{sandbox}.nucleussec.com","nullable":false,"title":"foo","type":"string"}},"required":["credential","project_id","type","url"],"title":"Nucleus VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud_mock","name":"vulnerabilities_tanium_cloud_mock","fullname":"[MOCK] Tsanium Vulnerability Management","description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Vulnerability Management","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_tanium_cloud","name":"assets_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"assets_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium Assets","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud_mock","name":"assets_tanium_cloud_mock","fullname":"[MOCK] Tanium Vulnerability Management","description":"Configuration for a mocked Tanium Cloud as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Tanium Cloud as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Assets","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"identity_entra_id","name":"identity_entra_id","fullname":"Microsoft Entra ID","description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","supported":false},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in","like"]},{"name":"class_uid","type":"integer","operators":["eq","in"]},{"name":"message","type":"string","operators":["eq","in","like"]},{"name":"status_id","type":"integer","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"integer","operators":["eq","in"]},{"name":"user.name","type":"string","operators":["eq","in","like"]},{"name":"user.uid","type":"string","operators":["eq","in","like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"email_addrs","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.deleted_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.last_login_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.user_status_id","type":"integer","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]}],"provider_config":{"description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","properties":{"credential":{"description":"Azure Client ID and Client Secret for a service principal. The application must be configured with permissions to access the user, group, and audit log graph APIs.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"EntraIdCredential"}},"tenant_id":{"description":"Azure Directory (tenant) identifier.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"identity_entra_id"},"url":{"description":"Base URL for the the Microsoft Graph API.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","tenant_id","type"],"title":"Microsoft Entra ID","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_rapid7_insightidr","name":"siem_rapid7_insightidr","fullname":"Rapid7 InsightIDR","description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"investigations.end_time","type":"datetime","operators":["lte"]},{"name":"investigations.id","type":"string","operators":["eq"]},{"name":"investigations.priority","type":"string","operators":["eq"],"values":["Unknown","Low","Medium","High","Critical"]},{"name":"investigations.start_time","type":"datetime","operators":["gte"]},{"name":"investigations.status","type":"string","operators":["eq"],"values":["Open","Closed","Investigating","Waiting"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"siem_rapid7_insightidr"},"url":{"description":"Base URL for the Rapid7 API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightIDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_aws_s3","name":"storage_aws_s3","fullname":"Amazon S3","description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true,"schema":null}}],"provider_config":{"description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","properties":{"bucket":{"description":"Name of the Amazon S3 bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new AWS Access Keys.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"endpoint":{"description":"Endpoint used for connecting to Amazon S3 the external service. If not provided, the default Amazon S3 endpoint will be used.","nullable":true,"title":"Endpoint","type":"string"},"region":{"description":"AWS region where the Amazon S3 bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_aws_s3"}},"required":["bucket","credential","region","type"],"title":"Amazon S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_autotask","name":"ticketing_autotask","fullname":"Autotask Operations Cloud","description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"companyid","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"createdate","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"description","type":"string","operators":["eq","like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq","neq","in"]},{"name":"name","type":"string","operators":["eq","like"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["URGENT","CRITICAL","HIGH","MEDIUM","LOW","PLANNING"]},{"name":"queueid","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","neq","in","not in"]}]}],"provider_config":{"description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","properties":{"api_integration_code_credential":{"description":"Identifier used for individual tracking and management of API calls.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"API Tracking ID","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskApiIntegrationCodeCredential"}},"secret_credential":{"description":"Configuration when creating new Secret.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskSecretCredential"}},"type":{"const":"ticketing_autotask"},"user_name":{"description":"User name of the API User created to authenticate with the Autotask API.","nullable":false,"title":"User Name","type":"string"},"zone_path":{"description":"Zone for the Autotask API.","nullable":false,"title":"API Zone","type":"string"}},"required":["api_integration_code_credential","secret_credential","type","user_name","zone_path"],"title":"Autotask Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira","name":"ticketing_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_jira"},"url":{"default":"https://tenant.atlassian.net","description":"Base URL for the Jira API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow_sir","name":"ticketing_servicenow_sir","fullname":"ServiceNow Security Incident Response (SIR)","description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"ticketing_servicenow_sir"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow SIR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage","name":"assets_nozomi_vantage","fullname":"Nozomi Vantage","description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"stringProcessMap(\"name\")","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"integer","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","properties":{"credential":{"description":"Credentials used to authenticate with Nozomi Vantage.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Token Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Token Name","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"NozomiVantageCredential"}},"type":{"const":"assets_nozomi_vantage"},"url":{"description":"Base URL for the Nozomi Vantage API.","example":"https://tenant.us1.vantage.nozominetworks.io","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Nozomi Vantage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_mock_notifications","name":"notifications_mock_notifications","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","properties":{"channel":{"description":"The channel to send notifications to.","nullable":true,"title":"Channel","type":"string"},"type":{"const":"notifications_mock_notifications"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_freshdesk","name":"ticketing_freshdesk","fullname":"Freshdesk","description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"agent_id","type":"integer","operators":["eq","gte","lte"]},{"name":"created_at","type":"datetime","operators":["eq","gte","lte"]},{"name":"due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"fr_due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"group_id","type":"integer","operators":["eq","gte","lte"]},{"name":"priority","type":"integer","operators":["eq","gte","lte"]},{"name":"status","type":"integer","operators":["eq","gte","lte"]},{"name":"tag","type":"string","operators":["eq"]},{"name":"type","type":"string","operators":["eq"]},{"name":"updated_at","type":"datetime","operators":["eq","gte","lte"]}]}],"provider_config":{"description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","properties":{"credential":{"description":"You can use your personal API key to authenticate the request. If you use the API key, there is no need for a password. The token is supplied as \"Your API Key\". [Freshdesk API token generation documentation](https://developer.freshdesk.com/api/#authentication)","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"FreshdeskCredential"}},"type":{"const":"ticketing_freshdesk"},"url":{"description":"Base URL to your Freshdesk tenant.","example":"https://tenant.freshdesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Freshdesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow","name":"assets_servicenow","fullname":"ServiceNow Configuration Management Database (CMDB)","description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"integer","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"assets_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow CMDB","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_security_operations","name":"sink_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_google_security_operations"},"url":{"default":"https://{region}-chronicle.googleapis.com","description":"The base URL for the Google SecOps API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"ticketing_servicenow","name":"ticketing_servicenow","fullname":"ServiceNow IT Service Management (ITSM)","description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. Defaults to the incident table if not specified.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow ITSM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tenable_cloud","name":"vulnerabilities_tenable_cloud","fullname":"Tenable Vulnerability Management","description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Keys.","nullable":false,"properties":{"secret":{"description":"API Keys in the format `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`.","format":"password","nullable":false,"pattern":"^accessKey=.+?;secretKey=.+?$","title":"API Keys","type":"string","x-validation-message":{"patternMismatch":"Input must match the pattern: `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`"}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TenableCloudCredential"}},"type":{"const":"vulnerabilities_tenable_cloud"},"url":{"default":"https://cloud.tenable.com","description":"Base URL for the Tenable Cloud API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"Tenable VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix","name":"assets_armis_centrix","fullname":"Armis Centrix™ for Asset Management and Security","description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"name","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"integer","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the API Key.","format":"password","nullable":false,"title":"API Key","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ArmisCredential"}},"type":{"const":"assets_armis_centrix"},"url":{"description":"Base URL for the Armis Centrix™ API.","example":"https://tenant.armis.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Armis Centrix™","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_qualys_cloud","name":"assets_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as an Assets Provider","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"assets_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components.","example":"https://qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"cloudsecurity_defender","name":"cloudsecurity_defender","fullname":"Microsoft Defender for Cloud","description":"Configuration for the Microsoft Defender for Cloud Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"compliance.control","type":"string","operators":["eq"]},{"name":"compliance.requirements","type":"string","operators":["eq"]},{"name":"compliance.standards","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Microsoft Defender for Cloud Provider","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"cloudsecurity_defender"},"url":{"default":"https://management.azure.com/.default","description":"Base URL to your Microsoft Defender for Cloud workspace.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","subscription_id","tenant_id","type"],"title":"Microsoft Defender for Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_splunk","name":"siem_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"auth_protocol","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"http_request.user_agent","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.event_code","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"metadata.processed_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"session.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.port","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","nullable":true,"title":"HEC URL","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"search_service_credential":{"description":"Credential used when authenticating with the Splunk Search Service.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Search Service Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkSearchCredential"}},"search_service_url":{"description":"URL used when connecting to the Splunk Search Service.","example":"https://splunk-service.com/services/collector/event","nullable":false,"title":"Search Service URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"siem_splunk"}},"required":["search_service_credential","search_service_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_zendesk","name":"ticketing_zendesk","fullname":"Zendesk","description":"Configuration for Zendesk as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"description","type":"string","operators":["eq","ne","like"]},{"name":"id","type":"string","operators":["eq","ne","like"]},{"name":"name","type":"string","operators":["eq","ne","like"]},{"name":"priority","type":"string","operators":["eq","ne"]},{"name":"status","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for Zendesk as a Ticketing Provider","properties":{"credential":{"description":"E-mail address and API Token for use with the Zendesk API. Use the e-mail address for the `username` field and API Token for the `secret` field. See [Zendesk API token generation documentation](https://developer.zendesk.com/api-reference/introduction/security-and-auth/#api-token) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ZendeskCredential"}},"type":{"const":"ticketing_zendesk"},"url":{"description":"Base URL for your Zendesk tenant.","example":"https://tenant.zendesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Zendesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_q_radar","name":"siem_q_radar","fullname":"IBM QRadar SIEM","description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.app_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"count","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"duration","type":"integer","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"end_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.host","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.port","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.url_string","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_provider","type":"string","operators":["eq"]},{"name":"process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"src_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.owner.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","gt","lt","in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","properties":{"collection_port":{"description":"Port used by QRadar to accept incoming HTTP Receiver events.","nullable":false,"title":"Collection Port","type":"integer"},"credential":{"description":"Authorized service token for QRadar Operations. [Guide to generate a token](https://www.ibm.com/docs/en/qradar-common?topic=app-creating-authorized-service-token-qradar-operations).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"QRadarCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the QRadar TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_q_radar"},"url":{"description":"Base URL for the QRadar API.","example":"https://qradar.westus2.cloudapp.azure.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["collection_port","credential","type","url"],"title":"IBM QRadar SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_azure_monitor_logs","name":"sink_azure_monitor_logs","fullname":"Microsoft Azure Monitor Logs","description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","properties":{"client_id":{"description":"Azure Client (Application) ID.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Credential with access to the configured data collection endpoint.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureMonitorLogsCredential"}},"rule_id":{"description":"Data collection rule immutable ID.","nullable":false,"title":"Rule ID","type":"string"},"stream_name":{"description":"Name of the data collection rule stream.","nullable":false,"title":"Stream Name","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"sink_azure_monitor_logs"},"url":{"description":"URL of the Azure data collection endpoint.","nullable":false,"title":"Collection URL","type":"string"}},"required":["client_id","credential","rule_id","stream_name","tenant_id","type","url"],"title":"Microsoft Azure Monitor Logs","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_qualys_cloud_mock","name":"assets_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"edr_defender","name":"edr_defender","fullname":"Microsoft Defender for Endpoint","description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq","in","ne"]},{"name":"analytic.category","type":"string","operators":["eq","in","ne"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq","in","ne"]},{"name":"metadata.uid","type":"string","operators":["eq","in","ne"]},{"name":"severity","type":"string","operators":["eq","in","ne"]},{"name":"status","type":"string","operators":["eq","in","ne"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_time_seen","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.risk_level","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"enrichments.reputation.score","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.product.version","type":"string","operators":["eq","ne","like","not_like"]},{"name":"risk_level_id","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_code","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_detail","type":"string","operators":["eq","ne","like","not_like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"string","operators":["eq","in"]},{"name":"created_by_ref.Id","type":"string","operators":["eq","in"]},{"name":"created_by_ref.name","type":"string","operators":["eq","in"]},{"name":"extensions.action","type":"string","operators":["eq","in"]},{"name":"extensions.alert","type":"string","operators":["eq","in"]},{"name":"extensions.application","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupIds","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupNames","type":"string","operators":["eq","in"]},{"name":"extensions.severity","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"pattern","type":"string","operators":["eq","in"]},{"name":"pattern_type","type":"string","operators":["eq","in"]},{"name":"valid_until","type":"string","operators":["eq","in"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.modified_time","type":"datetime","operators":["lt","gt"]},{"name":"status","type":"string","operators":["lt","gt","eq","in"]}]}],"provider_config":{"description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"tenant_id":{"description":"Tenant ID for the Microsoft Defender Management Console.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"edr_defender"},"url":{"default":"https://api-us.securitycenter.windows.com","description":"Base URL for the Microsoft Defender API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","tenant_id","type","url"],"title":"Microsoft Defender","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sophos","name":"edr_sophos","fullname":"Sophos Endpoint","description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.title","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.uid","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"product.path","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.type","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"device.uid","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"first_seen_time","type":"datetime","operators":["eq"]},{"name":"last_seen_time","type":"datetime","operators":["eq"]},{"name":"status","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"status_detail","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"time","type":"datetime","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq"]},{"name":"attacks.tactics.name","type":"string","operators":["eq"]},{"name":"device.first_seen_time","type":"datetime","operators":["eq"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.location","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"hostname","type":"string","operators":["eq"]},{"name":"metadata.product.name","type":"string","operators":["eq"]},{"name":"risk_score","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"type_name","type":"string","operators":["eq"]},{"name":"vendor_name","type":"string","operators":["eq"]},{"name":"vulnerabilities.title","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SophosCredential"}},"type":{"const":"edr_sophos"},"url":{"default":"https://api.central.sophos.com","description":"Base URL for the Sophos Endpoint API.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","type"],"title":"Sophos Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack_webhook","name":"notifications_slack_webhook","fullname":"Slack Incoming Webhook","description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","properties":{"type":{"const":"notifications_slack_webhook"},"webhook_url":{"description":"Slack Incoming Webhook URL. Use a Slack app with Incoming Webhooks enabled to generate the URL. See [configuration guide on Incoming Webhooks](https://api.slack.com/messaging/webhooks) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Secret","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Incoming Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SlackWebhookCredential"}}},"required":["type","webhook_url"],"title":"Slack Incoming Webhook","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_mock_siem","name":"siem_mock_siem","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","supported":false}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"index":{"description":"Name of the index where events are stored.","nullable":true,"title":"Index","type":"string"},"type":{"const":"siem_mock_siem"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"siem_sumo_logic","name":"siem_sumo_logic","fullname":"Sumo Logic Cloud SIEM","description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","properties":{"auto_parse_logs":{"default":true,"description":"Automatically parse logs as JSON when running log queries.","nullable":true,"title":"Auto Parse Logs","type":"boolean"},"collection_url":{"description":"Secure Sumo Logic Collection URL for writing events. If not provided, sending events to Sumo Logic is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Collection URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Collection URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SumoLogicCollectionUrl"}},"credential":{"description":"Access ID and Access Key used to authenticate with Sumo Logic.","nullable":false,"properties":{"secret":{"description":"Access key secret.","format":"password","nullable":false,"title":"Access Key","type":"string"},"type":{"const":"basic"},"username":{"description":"Access key identifier.","nullable":false,"title":"Access ID","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"SumoLogicCredential"}},"siem_logs_only":{"default":false,"description":"Only query for logs that have been processed into the Sumo Logic Cloud SIEM app.","nullable":true,"title":"SIEM Logs Only","type":"boolean"},"type":{"const":"siem_sumo_logic"},"url":{"description":"Base URL for the Sumo Logic API.\n[Sumo Logic endpoints by deployment and firewall security](https://help.sumologic.com/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security).","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Sumo Logic Cloud SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_crowdstrike_hec","name":"sink_crowdstrike_hec","fullname":"CrowdStrike Falcon® Next-Gen SIEM (HEC)","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"type":{"const":"sink_crowdstrike_hec"},"url":{"description":"HTTPS URL for the CrowdStrike HTTP Event Collector (HEC) API.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"CrowdStrike Next-Gen SIEM (HEC)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_elasticsearch","name":"sink_elasticsearch","fullname":"Elasticsearch","description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events.","nullable":false,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"Elasticsearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_opensearch","name":"sink_opensearch","fullname":"OpenSearch","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events.\n","nullable":false,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_rapid7_insight_cloud_mock","name":"vulnerabilities_rapid7_insight_cloud_mock","fullname":"[MOCK] Rapid7 Insight Vulnerability Management Cloud","description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_rapid7_insight_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Rapid7 InsightVM Cloud","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_crowdstrike","name":"assets_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as an Assets Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"assets_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage_mock","name":"assets_nozomi_vantage_mock","fullname":"[MOCK] Nozomi Vantage","description":"Configuration for a mocked Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Nozomi Vantage provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_nozomi_vantage_mock"}},"required":["dataset","type"],"title":"[MOCK] Nozomi Vantage","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"identity_okta","name":"identity_okta","fullname":"Okta Identity","description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"class_uid","type":"string","operators":["eq"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"status_id","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.type","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"time","type":"date","operators":["eq","gt","gte","lt","lte"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.manager.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.user_status_id","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OktaCredential"}},{"description":"Token to authenticate with Okta. Follow [this guide to generate an API token](https://developer.okta.com/docs/guides/create-an-api-token). The token must have access to list records in the system audit log. (Not for production use. Use `o_auth_client` instead)","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"OktaCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","TokenCredential"],"type":"OktaCredential"}},"type":{"const":"identity_okta"},"url":{"description":"Base URL for the Okta API.","example":"https://{tenant}.okta.com","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Okta Identity","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_jira","name":"notifications_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"type":{"const":"notifications_jira"},"url":{"description":"Base URL for the Jira API.","example":"https://tenant.atlassian.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_crowdstrike","name":"siem_crowdstrike","fullname":"CrowdStrike Falcon® Next-Gen SIEM","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon NextGen SIEM tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"hec_credential":{"description":"Token credential to use for connecting to the CrowdStrike HEC service. If not provided, sending events to CrowdStrike is disabled.\n","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"hec_url":{"description":"The generated CrowdStrike HEC URL provided with your token.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Next-Gen SIEM API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Next-Gen SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_splunk","name":"sink_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"sink_splunk"}},"required":["hec_credential","hec_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_sevco","name":"assets_sevco","fullname":"Sevco for Asset Management and Security","description":"Configuration for the Sevco Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne"]},{"name":"device.uid","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Sevco Assets Provider","properties":{"credential":{"description":"This credential must be an API Secret Key. Generate this key in the UI console. For more details, see the [Creating an API Key](https://docs.sev.co/docs/using-the-api#creating-an-api-key).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SevcoCredential"}},"type":{"const":"assets_sevco"},"url":{"description":"URL for the Sevco API. This should be the base URL for the API, without any path components.","example":"https://api.sev.co","nullable":false,"pattern":"^https?:.+$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Sevco","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sentinel","name":"siem_sentinel","fullname":"Microsoft Sentinel","description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","properties":{"credential":{"description":"Client credentials for authenticating with Microsoft Sentinel.\nThe application registration must have appropriate permissions to read\nand write to Microsoft Sentinel. Required permissions:\n\n- `Microsoft.OperationalInsights/workspaces/read`\n- `Microsoft.OperationalInsights/workspaces/write`\n- `Microsoft.SecurityInsights/dataConnectors/*`\n","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SentinelCredential"}},"default_tables":{"default":["_Im_AuditEvent","_Im_Authentication","_Im_DhcpEvent","_Im_Dns","_Im_DnsBuiltIn","_Im_FileEvent","_Im_NetworkSession","_Im_Process_EmptyV01","_Im_ProcessCreate","_Im_ProcessEvent","_Im_ProcessTerminate","_Im_RegistryEvent","_Im_UserManagement","_Im_WebSession"],"description":"The default tables to use for queries. Supply this value if you would like to a subset of the default tables or non-ASIM data tables with Sentinel/Log Analytics queries.\nIf more than one table is specified, a union operator will join them to query all of the tables at once. Supply a single value with `*` if you would like to query all tables without the normalizing ASIM transformations.\n**Note** that a single `*` entry will map to a `union *` query. Relying heavily on these queries is generally discouraged by Sentinel because they are slower and more resource intensive.","items":{"type":"string"},"nullable":true,"title":"Default Tables","type":"array"},"ingest_url":{"default":"https://monitor.azure.com","description":"Either the logs ingestion API url for you Data Collection Rule or your Data Collection Endpoint URL. This value must be supplied to ingest data into Microsoft Sentinel. This should look something like https://mydcr-xxx-westus2.logs.z1.ingest.monitor.azure.com","nullable":true,"title":"Ingest URL","type":"string"},"logs_url":{"description":"Base URL for the Microsoft Azure Monitor Logs API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Logs URL","type":"string"},"management_url":{"default":"https://management.azure.com","description":"Base URL for the Microsoft Azure Management API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Management URL","type":"string"},"resource_group":{"description":"Azure resource group name that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Resource Group","type":"string"},"rule_id":{"description":"Immutable ID of the Data Collection Rule. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule ID","type":"string"},"stream_name":{"description":"Name of the Data Collection Rule stream. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule stream","type":"string"},"subscription_id":{"description":"Azure subscription ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"Azure Active Directory tenant ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"siem_sentinel"},"workspace_id":{"description":"ID of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace ID","type":"string"},"workspace_name":{"description":"Name of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace Name","type":"string"}},"required":["credential","resource_group","subscription_id","tenant_id","type","workspace_id","workspace_name"],"title":"Microsoft Sentinel","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike","name":"vulnerabilities_crowdstrike","fullname":"CrowdStrike Falcon® Spotlight","description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"vulnerabilities_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon® Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix_mock","name":"assets_armis_centrix_mock","fullname":"[MOCK] Armis Centrix™ for Asset Management and Security","description":"Configuration for a mocked Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked Armis Centrix Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_armis_centrix_mock"}},"required":["dataset","type"],"title":"[MOCK] Armis Centrix","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"edr_crowdstrike","name":"edr_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"attacks.tactic.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.tactic.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"comment","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid_alt","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.feature.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.loggers.logged_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"risk_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"vulnerabilities.desc","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"vulnerabilities.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"metadata.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"product.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.path","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"product.vendor_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_ver","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.chassis","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.instance_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref.id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.expired","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.host_groups","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.mobile_action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.modified_by","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.platforms","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"labels","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"pattern","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"pattern_type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"valid_until","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.md5","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.sha256","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.product_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"edr_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Insight EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_pingone","name":"identity_pingone","fullname":"PingOne Cloud Platform","description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in"]},{"name":"class_uid","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["lte","gte"]},{"name":"type_uid","type":"string","operators":["eq","in"]},{"name":"user.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.name","type":"string","operators":["eq","in"]},{"name":"entity.group.uid","type":"string","operators":["eq","in"]},{"name":"entity.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in","like"]},{"name":"time","type":"datetime","operators":["eq"]}]}],"provider_config":{"description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","properties":{"auth_url":{"description":"Base URL for making authentication requests to PingOne.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Auth URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"client_id":{"description":"Client ID for the application set up as a worker.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Configuration when creating new Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PingOneCredential"}},"organization_id":{"description":"The organization ID that the client app is a part of.","nullable":false,"title":"Organization ID","type":"string"},"type":{"const":"identity_pingone"},"url":{"description":"Base URL for the PingOne API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["auth_url","client_id","credential","organization_id","type","url"],"title":"PingOne Cloud Platform","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_opensearch","name":"siem_opensearch","fullname":"OpenSearch SIEM","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events. Defaults to the 'index' setting if not set.\n","nullable":true,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.\n","nullable":true,"title":"Read Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud_mock","name":"vulnerabilities_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_axonius","name":"assets_axonius","fullname":"Axonius Asset Cloud","description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","properties":{"credential":{"description":"This credential must be an API Key and API Secret. For more details, see the [Getting an API Key and API Secret](https://docs.axonius.com/docs/axonius-rest-api#getting-an-api-key-and-api-secret).","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"AxoniusCredential"}},"type":{"const":"assets_axonius"},"url":{"description":"Base URL for the Axonius API.","example":"https://tenant.on.axonius.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Axonius","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow_mock","name":"assets_servicenow_mock","fullname":"[MOCK] ServiceNow Configuration Management Database (CMDB)","description":"Configuration for a mocked ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true}],"provider_config":{"description":"Configuration for a mocked ServiceNow as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_servicenow_mock"}},"required":["dataset","type"],"title":"[MOCK] ServiceNow CMDB","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"notifications_teams","name":"notifications_teams","fullname":"Microsoft Teams","description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","properties":{"channel_id":{"description":"Identifier of the channel to send messages to.","nullable":false,"title":"Channel ID","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Client Credentials for an Azure App Registration. The application must be configured with permissions to access Microsoft Power Automate with user delegation.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TeamsCredential"}},{"description":"Public Webhook URL used to authenticate with Teams.","properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"webhook_url"}},"required":["secret","type"],"title":"New Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"TeamsCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","SecretCredential"],"type":"TeamsCredential"}},"endpoint":{"description":"URL of the endpoint to send messages to. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Message Endpoint","type":"string"},"team_id":{"description":"Identifier of the team to send messages to.","nullable":false,"title":"Team ID","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Tenant ID","type":"string"},"type":{"const":"notifications_teams"}},"required":["channel_id","credential","team_id","type"],"title":"Microsoft Teams","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_security_operations","name":"siem_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"integer","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance.","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"siem_google_security_operations"},"url":{"description":"The base URL for the Google SecOps API.","example":"https://{region}-chronicle.googleapis.com","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"sink_google_sec_ops","name":"sink_google_sec_ops","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"credential":{"description":"Credentials used when writing events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"customer_id":{"description":"The customer ID reported when writing events.","nullable":false,"title":"Customer Id","type":"string"},"type":{"const":"sink_google_sec_ops"},"url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_mock_ticketing","name":"ticketing_mock_ticketing","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary","assignee"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"id","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]}]}],"provider_config":{"description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","properties":{"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"name":{"description":"Optional name of the mock provider. This value is unused.","nullable":true,"title":"Name","type":"string"},"type":{"const":"ticketing_mock_ticketing"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_pagerduty","name":"ticketing_pagerduty","fullname":"PagerDuty Operations Cloud","description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","project","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true}],"provider_config":{"description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PagerDutyCredential"}},"type":{"const":"ticketing_pagerduty"},"url":{"default":"https://api.pagerduty.com","description":"Base URL for the PagerDuty API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"PagerDuty Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}}]}