regscale-cli 6.24.0.1__py3-none-any.whl → 6.25.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (31) hide show
  1. regscale/_version.py +1 -1
  2. regscale/core/app/api.py +1 -1
  3. regscale/core/app/application.py +5 -3
  4. regscale/core/app/internal/evidence.py +308 -202
  5. regscale/dev/code_gen.py +84 -3
  6. regscale/integrations/commercial/__init__.py +2 -0
  7. regscale/integrations/commercial/jira.py +4 -4
  8. regscale/integrations/commercial/microsoft_defender/defender.py +326 -5
  9. regscale/integrations/commercial/microsoft_defender/defender_api.py +348 -14
  10. regscale/integrations/commercial/microsoft_defender/defender_constants.py +157 -0
  11. regscale/integrations/commercial/synqly/assets.py +99 -16
  12. regscale/integrations/commercial/synqly/query_builder.py +533 -0
  13. regscale/integrations/commercial/synqly/vulnerabilities.py +134 -14
  14. regscale/integrations/commercial/wizv2/compliance_report.py +22 -0
  15. regscale/integrations/compliance_integration.py +17 -0
  16. regscale/integrations/scanner_integration.py +16 -0
  17. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  18. regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +12 -2
  19. regscale/models/integration_models/synqly_models/filter_parser.py +332 -0
  20. regscale/models/integration_models/synqly_models/synqly_model.py +47 -3
  21. regscale/models/regscale_models/compliance_settings.py +28 -0
  22. regscale/models/regscale_models/component.py +1 -0
  23. regscale/models/regscale_models/control_implementation.py +130 -1
  24. regscale/regscale.py +1 -1
  25. regscale/validation/record.py +23 -1
  26. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/METADATA +1 -1
  27. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/RECORD +31 -29
  28. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/LICENSE +0 -0
  29. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/WHEEL +0 -0
  30. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/entry_points.txt +0 -0
  31. {regscale_cli-6.24.0.1.dist-info → regscale_cli-6.25.0.1.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/synqly_models/capabilities.json CHANGED
@@ -1 +1 @@
1
- {"result":[{"id":"appsec_gitlab","name":"appsec_gitlab","fullname":"GitLab","description":"Configuration for GitLab as an application security provider.","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","informational"]}]},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","informational"]}]}],"provider_config":{"description":"Configuration for GitLab as an application security provider.","properties":{"credential":{"description":"Credentials used for accessing the GitLab API.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"GitLabCredential"}},"type":{"const":"appsec_gitlab"},"url":{"default":"https://gitlab.com","description":"Base URL for the GitLab API. This URL should be the same as the URL used to access your GitLab instance.","example":"https://your-gitlab-instance.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"GitLab","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"appsec_hcl_appscan_on_cloud","name":"appsec_hcl_appscan_on_cloud","fullname":"HCL AppScan on Cloud","description":"Configuration for HCL AppScan on Cloud as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/hcl-appscan-appsec-setup)","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true}],"provider_config":{"description":"Configuration for HCL AppScan on Cloud as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/hcl-appscan-appsec-setup)","properties":{"credential":{"description":"Credentials used for accessing the HCL AppScan on Cloud API.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"HCLAppScanOnCloudCredential"}},"type":{"const":"appsec_hcl_appscan_on_cloud"},"url":{"description":"Base URL for the HCL AppScan on Cloud API. This URL should be the same as the URL used to access the HCL AppScan on Cloud web interface.","enum":["https://cloud.appscan.com","https://eu.cloud.appscan.com"],"nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"HCL AppScan on Cloud","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"appsec_opentext_core_application_security","name":"appsec_opentext_core_application_security","fullname":"OpenText Core Application Security","description":"Configuration for OpenText Core Application Security (formerly Fortify On Demand) as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true}],"provider_config":{"description":"Configuration for OpenText Core Application Security (formerly Fortify On Demand) as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","properties":{"credential":{"description":"Credentials used for accessing the OpenText Core Application Security API.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OpenTextCoreApplicationSecurityCredential"}},"type":{"const":"appsec_opentext_core_application_security"},"url":{"description":"Base URL for the OpenText Core Application Security API. This URL should be the same as the URL used to access the OpenText Core Application Security web interface.","enum":["https://api.ams.fortify.com","https://api.emea.fortify.com","https://api.apac.fortify.com","https://api.sgp.fortify.com","https://api.fed.fortifygov.com","https://api.trial.fortify.com"],"nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"OpenText Core Application Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"assets_armis_centrix","name":"assets_armis_centrix","fullname":"Armis Centrix™ for Asset Management and Security","description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the API Key.","format":"password","nullable":false,"title":"API Key","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ArmisCredential"}},"type":{"const":"assets_armis_centrix"},"url":{"description":"Base URL for the Armis Centrix™ API.","example":"https://tenant.armis.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Armis Centrix™","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix_mock","name":"assets_armis_centrix_mock","fullname":"[MOCK] Armis Centrix™ for Asset Management and Security","description":"Configuration for a mocked Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for a mocked Armis Centrix Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_armis_centrix_mock"}},"required":["dataset","type"],"title":"[MOCK] Armis Centrix","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_axonius","name":"assets_axonius","fullname":"Axonius Asset Cloud","description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","request_method":"get","request_path":"/v1/assets/labels","supported":true,"filters":[{"name":"metadata.labels","type":"string","operators":["eq","like"]}]},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]},{"name":"metadata.labels","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","properties":{"credential":{"description":"This credential must be an API Key and API Secret. For more details, see the [Getting an API Key and API Secret](https://docs.axonius.com/docs/axonius-rest-api#getting-an-api-key-and-api-secret).","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"AxoniusCredential"}},"type":{"const":"assets_axonius"},"url":{"description":"Base URL for the Axonius API.","example":"https://tenant.on.axonius.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Axonius","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_axonius_mock","name":"assets_axonius_mock","fullname":"[MOCK] Axonius Asset Cloud","description":"Configuration for a mocked Axonius as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","request_method":"get","request_path":"/v1/assets/labels","supported":true,"filters":[{"name":"metadata.labels","type":"string","operators":["eq","like"]}]},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]},{"name":"metadata.labels","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Axonius as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_axonius_mock"}},"required":["dataset","type"],"title":"[MOCK] Axonius","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_crowdstrike","name":"assets_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as an Assets Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"assets_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_crowdstrike_mock","name":"assets_crowdstrike_mock","fullname":"[MOCK] CrowdStrike Falcon Spotlight","description":"Configuration for a mocked CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked CrowdStrike Falcon as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_crowdstrike_mock"}},"required":["dataset","type"],"title":"[MOCK] CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_nozomi_vantage","name":"assets_nozomi_vantage","fullname":"Nozomi Vantage","description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","properties":{"credential":{"description":"Credentials used to authenticate with Nozomi Vantage.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Token Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Token Name","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"NozomiVantageCredential"}},"type":{"const":"assets_nozomi_vantage"},"url":{"description":"Base URL for the Nozomi Vantage API.","example":"https://tenant.us1.vantage.nozominetworks.io","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Nozomi Vantage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage_mock","name":"assets_nozomi_vantage_mock","fullname":"[MOCK] Nozomi Vantage","description":"Configuration for a mocked Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for a mocked Nozomi Vantage provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_nozomi_vantage_mock"}},"required":["dataset","type"],"title":"[MOCK] Nozomi Vantage","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_qualys_cloud","name":"assets_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as an Assets Provider","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"assets_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components.","example":"https://qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_qualys_cloud_mock","name":"assets_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_servicenow","name":"assets_servicenow","fullname":"ServiceNow Configuration Management Database (CMDB)","description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"assets_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow CMDB","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow_mock","name":"assets_servicenow_mock","fullname":"[MOCK] ServiceNow Configuration Management Database (CMDB)","description":"Configuration for a mocked ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for a mocked ServiceNow as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_servicenow_mock"}},"required":["dataset","type"],"title":"[MOCK] ServiceNow CMDB","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_sevco","name":"assets_sevco","fullname":"Sevco for Asset Management and Security","description":"Configuration for the Sevco Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne"]},{"name":"device.uid","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Sevco Assets Provider","properties":{"credential":{"description":"This credential must be an API Secret Key. Generate this key in the UI console. For more details, see the [Creating an API Key](https://docs.sev.co/docs/using-the-api#creating-an-api-key).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SevcoCredential"}},"type":{"const":"assets_sevco"},"url":{"description":"URL for the Sevco API. This should be the base URL for the API, without any path components.","example":"https://api.sev.co","nullable":false,"pattern":"^https?:.+$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Sevco","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_sevco_mock","name":"assets_sevco_mock","fullname":"[MOCK] Sevco for Asset Management and Security","description":"Configuration for a mocked Sevco Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne"]},{"name":"device.uid","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Sevco Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_sevco_mock"}},"required":["dataset","type"],"title":"[MOCK] Sevco","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud","name":"assets_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"assets_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium Assets","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud_mock","name":"assets_tanium_cloud_mock","fullname":"[MOCK] Tanium Vulnerability Management","description":"Configuration for a mocked Tanium Cloud as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Tanium Cloud as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Assets","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"cloudsecurity_aws","name":"cloudsecurity_aws","fullname":"AWS Cloud Security","description":"Configuration for the AWS Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.assessments.category","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.assessments.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.control","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.desc","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.product.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.product.vendor_name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"number","operators":["eq","ne","like","not_like","in","not_in","gt","gte","lt","lte"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"status_id","type":"number","operators":["eq","ne","like","not_like","in","not_in","gt","gte","lt","lte"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","supported":false}],"provider_config":{"description":"Configuration for the AWS Cloud Security Provider","properties":{"credential":{"description":"Configuration when creating new AWS Access Keys.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsProviderCredential"}},"region":{"description":"The [AWS region](https://docs.aws.amazon.com/global-infrastructure/latest/regions/aws-regions.html) to use for the AWS Cloud Security Provider.","enum":["us-east-1","us-east-2","us-west-1","us-west-2","af-south-1","ap-east-1","ap-south-2","ap-southeast-3","ap-southeast-5","ap-southeast-4","ap-south-1","ap-northeast-3","ap-northeast-2","ap-southeast-1","ap-southeast-2","ap-east-2","ap-southeast-7","ap-northeast-1","ca-central-1","ca-west-1","eu-central-1","eu-west-1","eu-west-2","eu-south-1","eu-west-3","eu-south-2","eu-north-1","eu-central-2","il-central-1","mx-central-1","me-south-1","me-central-1","sa-east-1"],"nullable":false,"title":"Region","type":"string"},"type":{"const":"cloudsecurity_aws"}},"required":["credential","region","type"],"title":"AWS Cloud Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"cloudsecurity_crowdstrike","name":"cloudsecurity_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.service","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.framework","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.version","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.created_time_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"actor.authorizations.policy.is_applied","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/ioms","supported":true,"filters":[{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.agent_list.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.managed_by","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.owner.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike Cloud Security Provider","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"cloudsecurity_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Cloud Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"cloudsecurity_defender","name":"cloudsecurity_defender","fullname":"Microsoft Defender for Cloud","description":"Configuration for the Microsoft Defender for Cloud Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"compliance.control","type":"string","operators":["eq"]},{"name":"compliance.requirements","type":"string","operators":["eq"]},{"name":"compliance.standards","type":"string","operators":["eq"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/events","supported":true,"filters":[{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"unmapped.appId","type":"number","operators":["eq","ne"]},{"name":"unmapped.device.clientIP","type":"string","operators":["eq","ne"]}]},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","supported":false}],"provider_config":{"description":"Configuration for the Microsoft Defender for Cloud Provider","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"cloudsecurity_defender"},"url":{"default":"https://management.azure.com/.default","description":"Base URL to your Microsoft Defender for Cloud workspace.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","subscription_id","tenant_id","type"],"title":"Microsoft Defender for Cloud","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"edr_crowdstrike","name":"edr_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"attacks.tactic.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.tactic.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"comment","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid_alt","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.feature.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.loggers.logged_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"risk_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"vulnerabilities.desc","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"vulnerabilities.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"metadata.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"product.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.path","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"product.vendor_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.network_status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_ver","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.chassis","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.instance_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref.id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.expired","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.host_groups","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.mobile_action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.modified_by","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.platforms","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"labels","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"pattern","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"pattern_type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"valid_until","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.md5","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.sha256","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.product_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"edr_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Insight EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_defender","name":"edr_defender","fullname":"Microsoft Defender for Endpoint","description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq","in","ne"]},{"name":"analytic.category","type":"string","operators":["eq","in","ne"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq","in","ne"]},{"name":"metadata.uid","type":"string","operators":["eq","in","ne"]},{"name":"severity","type":"string","operators":["eq","in","ne"]},{"name":"status","type":"string","operators":["eq","in","ne"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_seen_time_dt","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.risk_level","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"enrichments.reputation.score","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.product.version","type":"string","operators":["eq","ne","like","not_like"]},{"name":"risk_level_id","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_code","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_detail","type":"string","operators":["eq","ne","like","not_like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"string","operators":["eq","in"]},{"name":"created_by_ref.Id","type":"string","operators":["eq","in"]},{"name":"created_by_ref.name","type":"string","operators":["eq","in"]},{"name":"extensions.action","type":"string","operators":["eq","in"]},{"name":"extensions.alert","type":"string","operators":["eq","in"]},{"name":"extensions.application","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupIds","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupNames","type":"string","operators":["eq","in"]},{"name":"extensions.severity","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"pattern","type":"string","operators":["eq","in"]},{"name":"pattern_type","type":"string","operators":["eq","in"]},{"name":"valid_until","type":"string","operators":["eq","in"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.modified_time","type":"datetime","operators":["lt","gt"]},{"name":"status","type":"string","operators":["lt","gt","eq","in"]}]}],"provider_config":{"description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"tenant_id":{"description":"Tenant ID for the Microsoft Defender Management Console.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"edr_defender"},"url":{"default":"https://api-us.securitycenter.windows.com","description":"Base URL for the Microsoft Defender API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","tenant_id","type","url"],"title":"Microsoft Defender","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_malwarebytes","name":"edr_malwarebytes","fullname":"ThreatDown Endpoint Detection \u0026 Response","description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","supported":false},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.uid","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq"]},{"name":"product.uid","type":"string","operators":["eq"]},{"name":"product.vendor_name","type":"string","operators":["eq"]},{"name":"product.version","type":"string","operators":["eq","gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"created_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"deleted_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq"]},{"name":"device.group_id","type":"string","operators":["eq"]},{"name":"device.group_name","type":"string","operators":["eq"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]},{"name":"device.os.cpu_bits","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.os.version","type":"string","operators":["eq"]},{"name":"device.protection_status","type":"string","operators":["eq"]},{"name":"device.uid","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","properties":{"account_identifier":{"description":"Account identifier for the ThreatDown EDR tenant.","example":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OR - https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard","nullable":false,"pattern":"^(https:\\/\\/cloud\\.malwarebytes\\.com\\/)?((?:[\\dA-Za-z]+-){4}[\\dA-Za-z]+)(\\/.*)?$","title":"Account ID","type":"string","x-validation-message":{"patternMismatch":"Must be a valid Account ID (`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`) or tenant URL (`https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard`)."}},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"MalwarebytesCredential"}},"type":{"const":"edr_malwarebytes"},"url":{"default":"https://api.malwarebytes.com","description":"Base URL for the ThreatDown EDR API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["account_identifier","credential","type"],"title":"ThreatDown EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sentinelone","name":"edr_sentinelone","fullname":"SentinelOne Singularity™ Endpoint","description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq","ne","in"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","like","in"]},{"name":"actor.process.name","type":"string","operators":["eq","ne","like","in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","in"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","in"]},{"name":"device.network_status","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","in"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","in"]},{"name":"query.hostname","type":"string","operators":["eq","ne","like","in"]},{"name":"url.url_string","type":"string","operators":["eq","ne","like","in"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.domain","type":"string","operators":["eq","like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["like"]},{"name":"device.instance_uid","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.mac","type":"string","operators":["like"]},{"name":"device.name","type":"string","operators":["eq","like"]},{"name":"device.os.name","type":"string","operators":["like"]},{"name":"device.os.type","type":"string","operators":["eq","like"]},{"name":"device.os.version","type":"string","operators":["like"]},{"name":"device.type","type":"string","operators":["eq","like"]},{"name":"device.uid","type":"string","operators":["eq","like"]},{"name":"status","type":"string","operators":["eq","like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref","type":"string","operators":["like"]},{"name":"description","type":"string","operators":["like"]},{"name":"extensions.accountIds","type":"string","operators":["eq"]},{"name":"extensions.batchId","type":"string","operators":["eq"]},{"name":"extensions.category","type":"string","operators":["eq"]},{"name":"extensions.externalId","type":"string","operators":["eq"]},{"name":"extensions.groupIds","type":"string","operators":["eq"]},{"name":"extensions.sideIds","type":"string","operators":["eq"]},{"name":"extensions.source","type":"string","operators":["eq"]},{"name":"extensions.uploadTime","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"name","type":"string","operators":["like"]},{"name":"pattern","type":"string","operators":["eq"]},{"name":"value","type":"string","operators":["eq"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.groups.uid","type":"string","operators":["eq"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.id","type":"string","operators":["eq"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"malware.classifications","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneCredential"}},"edr_events_credential":{"description":"Credential used for the SentinelOne Singularity Data Lake API. This credential is required when querying EDR events.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Events Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneEdrEventsCredential"}},"edr_events_url":{"description":"Base URL for the SentinelOne Singularity Data Lake API. This URL is required is required when querying EDR events.","example":"https://xdr.{region}.sentinelone.net","nullable":true,"title":"Events Base URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the SentinelOne TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"edr_sentinelone"},"url":{"description":"Base URL for the SentinelOne Management API.","example":"https://{tenant}.sentinelone.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"SentinelOne Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sophos","name":"edr_sophos","fullname":"Sophos Endpoint","description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.title","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.uid","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"product.path","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.type","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"device.uid","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"first_seen_time","type":"datetime","operators":["eq"]},{"name":"last_seen_time","type":"datetime","operators":["eq"]},{"name":"status","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"status_detail","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"time","type":"datetime","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq"]},{"name":"attacks.tactics.name","type":"string","operators":["eq"]},{"name":"device.first_seen_time","type":"datetime","operators":["eq"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.location","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"hostname","type":"string","operators":["eq"]},{"name":"metadata.product.name","type":"string","operators":["eq"]},{"name":"risk_score","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"type_name","type":"string","operators":["eq"]},{"name":"vendor_name","type":"string","operators":["eq"]},{"name":"vulnerabilities.title","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SophosCredential"}},"type":{"const":"edr_sophos"},"url":{"default":"https://api.central.sophos.com","description":"Base URL for the Sophos Endpoint API.","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Sophos Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_tanium","name":"edr_tanium","fullname":"Tanium EDR","description":"Configuration for Tanium Cloud as a EDR Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gte","lt"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq","gte","like"]},{"name":"product.version","type":"string","operators":["eq","gte","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gte","lt"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as a EDR Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"edr_tanium"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_entra_id","name":"identity_entra_id","fullname":"Microsoft Entra ID","description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","supported":false},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in","like"]},{"name":"class_uid","type":"number","operators":["eq","in"]},{"name":"message","type":"string","operators":["eq","in","like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","in","like"]},{"name":"status_id","type":"number","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"number","operators":["eq","in"]},{"name":"user.name","type":"string","operators":["eq","in","like"]},{"name":"user.uid","type":"string","operators":["eq","in","like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"email_addrs","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.deleted_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.last_login_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.user_status_id","type":"number","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]}],"provider_config":{"description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","properties":{"credential":{"description":"Azure Client ID and Client Secret for a service principal. The application must be configured with permissions to access the user, group, and audit log graph APIs.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"EntraIdCredential"}},"tenant_id":{"description":"Azure Directory (tenant) identifier.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"identity_entra_id"},"url":{"description":"Base URL for the the Microsoft Graph API.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","tenant_id","type"],"title":"Microsoft Entra ID","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_google","name":"identity_google","fullname":"Google Workspace","description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"class_uid","type":"string","operators":["eq"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in"]},{"name":"entity.user.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","in"]},{"name":"entity.user.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in"]}]}],"provider_config":{"description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","properties":{"client_email":{"description":"Client email associated with the service account key.","example":"{service-account-name}@{project-id}.iam.gserviceaccount.com","nullable":false,"title":"Client Email","type":"string"},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleCredential"}},"delegate":{"description":"Email address of the user that the service account is impersonating for domain-wide delegation. For more information, see [this Google support article](https://support.google.com/a/answer/162106).","nullable":false,"title":"Delegate","type":"string"},"type":{"const":"identity_google"}},"required":["client_email","credential","delegate","type"],"title":"Google Workspace","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_okta","name":"identity_okta","fullname":"Okta Identity","description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"class_uid","type":"string","operators":["eq"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"status_id","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.type","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.manager.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.user_status_id","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OktaCredential"}},{"description":"Token to authenticate with Okta. Follow [this guide to generate an API token](https://developer.okta.com/docs/guides/create-an-api-token). The token must have access to list records in the system audit log. (Not for production use. Use `o_auth_client` instead)","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"OktaCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","TokenCredential"],"type":"OktaCredential"}},"type":{"const":"identity_okta"},"url":{"description":"Base URL for the Okta API.","example":"https://{tenant}.okta.com","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Okta Identity","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_pingone","name":"identity_pingone","fullname":"PingOne Cloud Platform","description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in"]},{"name":"class_uid","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["lte","gte"]},{"name":"type_uid","type":"string","operators":["eq","in"]},{"name":"user.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.name","type":"string","operators":["eq","in"]},{"name":"entity.group.uid","type":"string","operators":["eq","in"]},{"name":"entity.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in","like"]},{"name":"time","type":"datetime","operators":["eq"]}]}],"provider_config":{"description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","properties":{"auth_url":{"default":"https://auth.pingone.com","description":"Base URL for making authentication requests to PingOne.","enum":["https://auth.pingone.com","https://auth.pingone.ca","https://auth.pingone.eu","https://auth.pingone.com.au","https://auth.pingone.sg","https://auth.pingone.asia"],"format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Auth URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"client_id":{"description":"Client ID for the application set up as a worker.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Configuration when creating new Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PingOneCredential"}},"organization_id":{"description":"The organization ID that the client app is a part of.","nullable":false,"title":"Organization ID","type":"string"},"type":{"const":"identity_pingone"},"url":{"default":"https://api.pingone.com","description":"Base URL for the PingOne API.","enum":["https://api.pingone.com","https://api.pingone.ca","https://api.pingone.eu","https://api.pingone.com.au","https://api.pingone.sg","https://api.pingone.asia"],"format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["auth_url","client_id","credential","organization_id","type","url"],"title":"PingOne Cloud Platform","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_jira","name":"notifications_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"type":{"const":"notifications_jira"},"url":{"description":"Base URL for the Jira API.","example":"https://tenant.atlassian.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_mock_notifications","name":"notifications_mock_notifications","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","properties":{"channel":{"description":"The channel to send notifications to.","nullable":true,"title":"Channel","type":"string"},"type":{"const":"notifications_mock_notifications"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"notifications_slack","name":"notifications_slack","fullname":"Slack","description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","properties":{"channel":{"description":"Channel to send notifications to. Must be a valid existing channel.","nullable":false,"title":"Channel","type":"string"},"credential":{"description":"Follow [this guide to generate a bot token](https://api.slack.com/concepts/token-types#bot). The token must have access to the configured channel.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"pattern":"^xoxb-.+$","title":"Token","type":"string","x-validation-message":{"patternMismatch":"Bot token must start with `xoxb-`."}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SlackCredential"}},"type":{"const":"notifications_slack"},"url":{"default":"https://slack.com/","description":"Base URL for the Slack API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["channel","credential","type"],"title":"Slack","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack_webhook","name":"notifications_slack_webhook","fullname":"Slack Incoming Webhook","description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","properties":{"type":{"const":"notifications_slack_webhook"},"webhook_url":{"description":"Slack Incoming Webhook URL. Use a Slack app with Incoming Webhooks enabled to generate the URL. See [configuration guide on Incoming Webhooks](https://api.slack.com/messaging/webhooks) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Secret","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Incoming Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SlackWebhookCredential"}}},"required":["type","webhook_url"],"title":"Slack Incoming Webhook","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_teams","name":"notifications_teams","fullname":"Microsoft Teams","description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","properties":{"channel_id":{"description":"Identifier of the channel to send messages to.","nullable":false,"title":"Channel ID","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Client Credentials for an Azure App Registration. The application must be configured with permissions to access Microsoft Power Automate with user delegation.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TeamsCredential"}},{"description":"Public Webhook URL used to authenticate with Teams.","properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"webhook_url"}},"required":["secret","type"],"title":"New Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"TeamsCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","SecretCredential"],"type":"TeamsCredential"}},"endpoint":{"description":"URL of the endpoint to send messages to. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Message Endpoint","type":"string"},"team_id":{"description":"Identifier of the team to send messages to.","nullable":false,"title":"Team ID","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Tenant ID","type":"string"},"type":{"const":"notifications_teams"}},"required":["channel_id","credential","team_id","type"],"title":"Microsoft Teams","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_crowdstrike","name":"siem_crowdstrike","fullname":"CrowdStrike Falcon® Next-Gen SIEM","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon NextGen SIEM tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"hec_credential":{"description":"Token credential to use for connecting to the CrowdStrike HEC service. If not provided, sending events to CrowdStrike is disabled.\n","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"hec_url":{"description":"The generated CrowdStrike HEC URL provided with your token.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Next-Gen SIEM API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Next-Gen SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_elasticsearch","name":"siem_elasticsearch","fullname":"Elastic SIEM","description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events. Defaults to the `index` setting if not set.","nullable":true,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.","nullable":true,"title":"Read Index","type":"string"},"kibana_url":{"description":"Base URL for the Kibana API.\n","example":"https://tenant.elastic.com","nullable":true,"title":"Kibana API base URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Elastic SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_chronicle","name":"siem_google_chronicle","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"customer_id":{"description":"The customer ID reported when writing events. This field is required if writing events.","nullable":true,"title":"Customer Id","type":"string"},"ingestion_credential":{"description":"Credentials used for writing events. If not specified then writing events is disabled.","nullable":true,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Ingestion Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"ingestion_url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"search_credential":{"description":"Credentials used for querying and reading events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Search Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"search_url":{"default":"https://backstory.googleapis.com","description":"Base URL for the Google SecOps Search API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Search API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_google_chronicle"}},"required":["search_credential","type"],"title":"Google Security Operations (Chronicle Compatibility)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_security_operations","name":"siem_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance.","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"siem_google_security_operations"},"url":{"description":"The base URL for the Google SecOps API.","example":"https://{region}-chronicle.googleapis.com","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"siem_mock_siem","name":"siem_mock_siem","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","supported":false}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"index":{"description":"Name of the index where events are stored.","nullable":true,"title":"Index","type":"string"},"type":{"const":"siem_mock_siem"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"siem_opensearch","name":"siem_opensearch","fullname":"OpenSearch SIEM","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events. Defaults to the 'index' setting if not set.\n","nullable":true,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.\n","nullable":true,"title":"Read Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_q_radar","name":"siem_q_radar","fullname":"IBM QRadar SIEM","description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.app_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"count","type":"number","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"duration","type":"number","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"end_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.host","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.port","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.url_string","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_provider","type":"string","operators":["eq"]},{"name":"process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"src_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.owner.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","gt","lt","in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","properties":{"collection_port":{"description":"Port used by QRadar to accept incoming HTTP Receiver events.","nullable":false,"title":"Collection Port","type":"integer"},"credential":{"description":"Authorized service token for QRadar Operations. [Guide to generate a token](https://www.ibm.com/docs/en/qradar-common?topic=app-creating-authorized-service-token-qradar-operations).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"QRadarCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the QRadar TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_q_radar"},"url":{"description":"Base URL for the QRadar API.","example":"https://qradar.westus2.cloudapp.azure.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["collection_port","credential","type","url"],"title":"IBM QRadar SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_rapid7_insightidr","name":"siem_rapid7_insightidr","fullname":"Rapid7 InsightIDR","description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"investigations.end_time","type":"datetime","operators":["lte"]},{"name":"investigations.id","type":"string","operators":["eq"]},{"name":"investigations.priority","type":"string","operators":["eq"],"values":["Unknown","Low","Medium","High","Critical"]},{"name":"investigations.start_time","type":"datetime","operators":["gte"]},{"name":"investigations.status","type":"string","operators":["eq"],"values":["Open","Closed","Investigating","Waiting"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"siem_rapid7_insightidr"},"url":{"description":"Base URL for the Rapid7 API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightIDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sentinel","name":"siem_sentinel","fullname":"Microsoft Sentinel","description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","properties":{"credential":{"description":"Client credentials for authenticating with Microsoft Sentinel.\nThe application registration must have appropriate permissions to read\nand write to Microsoft Sentinel. Required permissions:\n\n- `Microsoft.OperationalInsights/workspaces/read`\n- `Microsoft.OperationalInsights/workspaces/write`\n- `Microsoft.SecurityInsights/dataConnectors/*`\n","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SentinelCredential"}},"default_tables":{"default":["_Im_AuditEvent","_Im_Authentication","_Im_DhcpEvent","_Im_Dns","_Im_DnsBuiltIn","_Im_FileEvent","_Im_NetworkSession","_Im_Process_EmptyV01","_Im_ProcessCreate","_Im_ProcessEvent","_Im_ProcessTerminate","_Im_RegistryEvent","_Im_UserManagement","_Im_WebSession"],"description":"The default tables to use for queries. Supply this value if you would like to a subset of the default tables or non-ASIM data tables with Sentinel/Log Analytics queries.\nIf more than one table is specified, a union operator will join them to query all of the tables at once. Supply a single value with `*` if you would like to query all tables without the normalizing ASIM transformations.\n**Note** that a single `*` entry will map to a `union *` query. Relying heavily on these queries is generally discouraged by Sentinel because they are slower and more resource intensive.","items":{"type":"string"},"nullable":true,"title":"Default Tables","type":"array"},"ingest_url":{"default":"https://monitor.azure.com","description":"Either the logs ingestion API url for you Data Collection Rule or your Data Collection Endpoint URL. This value must be supplied to ingest data into Microsoft Sentinel. This should look something like https://mydcr-xxx-westus2.logs.z1.ingest.monitor.azure.com","nullable":true,"title":"Ingest URL","type":"string"},"logs_url":{"description":"Base URL for the Microsoft Azure Monitor Logs API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Logs URL","type":"string"},"management_url":{"default":"https://management.azure.com","description":"Base URL for the Microsoft Azure Management API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Management URL","type":"string"},"resource_group":{"description":"Azure resource group name that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Resource Group","type":"string"},"rule_id":{"description":"Immutable ID of the Data Collection Rule. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule ID","type":"string"},"stream_name":{"description":"Name of the Data Collection Rule stream. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule stream","type":"string"},"subscription_id":{"description":"Azure subscription ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"Azure Active Directory tenant ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"siem_sentinel"},"workspace_id":{"description":"ID of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace ID","type":"string"},"workspace_name":{"description":"Name of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace Name","type":"string"}},"required":["credential","resource_group","subscription_id","tenant_id","type","workspace_id","workspace_name"],"title":"Microsoft Sentinel","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_splunk","name":"siem_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"auth_protocol","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"duration","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"http_request.user_agent","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.event_code","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"metadata.processed_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"session.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","nullable":true,"title":"HEC URL","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"search_service_credential":{"description":"Credential used when authenticating with the Splunk Search Service.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Search Service Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkSearchCredential"}},"search_service_url":{"description":"URL used when connecting to the Splunk Search Service.","example":"https://splunk-service.com/services/collector/event","nullable":false,"title":"Search Service URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"siem_splunk"}},"required":["search_service_credential","search_service_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sumo_logic","name":"siem_sumo_logic","fullname":"Sumo Logic Cloud SIEM","description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","properties":{"auto_parse_logs":{"default":true,"description":"Automatically parse logs as JSON when running log queries.","nullable":true,"title":"Auto Parse Logs","type":"boolean"},"collection_url":{"description":"Secure Sumo Logic Collection URL for writing events. If not provided, sending events to Sumo Logic is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Collection URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Collection URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SumoLogicCollectionUrl"}},"credential":{"description":"Access ID and Access Key used to authenticate with Sumo Logic.","nullable":false,"properties":{"secret":{"description":"Access key secret.","format":"password","nullable":false,"title":"Access Key","type":"string"},"type":{"const":"basic"},"username":{"description":"Access key identifier.","nullable":false,"title":"Access ID","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"SumoLogicCredential"}},"siem_logs_only":{"default":false,"description":"Only query for logs that have been processed into the Sumo Logic Cloud SIEM app.","nullable":true,"title":"SIEM Logs Only","type":"boolean"},"type":{"const":"siem_sumo_logic"},"url":{"description":"Base URL for the Sumo Logic API.\n[Sumo Logic endpoints by deployment and firewall security](https://help.sumologic.com/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security).","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Sumo Logic Cloud SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_s3","name":"sink_aws_s3","fullname":"Amazon S3","description":"Configuration for Amazon S3 as a Sink provider. Events are written directly to an AWS S3 bucket in compressed JSON format.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon S3 as a Sink provider. Events are written directly to an AWS S3 bucket in compressed JSON format.","properties":{"bucket":{"description":"Bucket","nullable":false,"title":"Name of the Amazon S3 bucket","type":"string"},"credential":{"description":"Credential","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AWS Access Keys with write access to the configured S3 bucket.","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"path":{"description":"Path","nullable":false,"title":"Files will be written under this path.","type":"string"},"region":{"description":"AWS Region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","af-south-1","ap-east-1","ap-south-2","ap-southeast-3","ap-southeast-5","ap-southeast-4","ap-south-1","ap-northeast-3","ap-northeast-2","ap-southeast-1","ap-southeast-2","ap-east-2","ap-southeast-7","ap-northeast-1","ca-central-1","ca-west-1","eu-central-1","eu-west-1","eu-west-2","eu-south-1","eu-west-3","eu-south-2","eu-north-1","eu-central-2","il-central-1","mx-central-1","me-south-1","me-central-1","sa-east-1"],"nullable":false,"title":"AWS Region where the S3 bucket is located.","type":"string"},"type":{"const":"sink_aws_s3"}},"required":["bucket","credential","path","region","type"],"title":"Amazon S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_security_lake","name":"sink_aws_security_lake","fullname":"Amazon Security Lake","description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured S3 bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSecurityLakeCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_security_lake"},"url":{"description":"URL of the S3 bucket where the Amazon Security Lake events are stored.","format":"uri","nullable":false,"title":"URL","type":"string"}},"required":["credential","type","url"],"title":"Amazon Security Lake","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_sqs","name":"sink_aws_sqs","fullname":"Amazon Simple Queue Service (SQS)","description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured SQS queue.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSQSCredential"}},"region":{"description":"Overrides the default AWS region. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_sqs"},"url":{"description":"URL of the SQS queue where events are sent.","nullable":false,"pattern":"https://sqs..+?.amazonaws.com_.+?/.+?","title":"Queue URL","type":"string","x-validation-message":{"patternMismatch":"Must match the format `https://sqs.{region}.amazonaws.com_{account_id}/{queue_name}`."}}},"required":["credential","type","url"],"title":"Amazon SQS","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_azure_monitor_logs","name":"sink_azure_monitor_logs","fullname":"Microsoft Azure Monitor Logs","description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","properties":{"client_id":{"description":"Azure Client (Application) ID.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Credential with access to the configured data collection endpoint.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureMonitorLogsCredential"}},"rule_id":{"description":"Data collection rule immutable ID.","nullable":false,"title":"Rule ID","type":"string"},"stream_name":{"description":"Name of the data collection rule stream.","nullable":false,"title":"Stream Name","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"sink_azure_monitor_logs"},"url":{"description":"URL of the Azure data collection endpoint.","nullable":false,"title":"Collection URL","type":"string"}},"required":["client_id","credential","rule_id","stream_name","tenant_id","type","url"],"title":"Microsoft Azure Monitor Logs","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_crowdstrike_hec","name":"sink_crowdstrike_hec","fullname":"CrowdStrike Falcon® Next-Gen SIEM (HEC)","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"type":{"const":"sink_crowdstrike_hec"},"url":{"description":"HTTPS URL for the CrowdStrike HTTP Event Collector (HEC) API.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"CrowdStrike Next-Gen SIEM (HEC)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_elasticsearch","name":"sink_elasticsearch","fullname":"Elasticsearch","description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events.","nullable":false,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"Elasticsearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_sec_ops","name":"sink_google_sec_ops","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"credential":{"description":"Credentials used when writing events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"customer_id":{"description":"The customer ID reported when writing events.","nullable":false,"title":"Customer Id","type":"string"},"type":{"const":"sink_google_sec_ops"},"url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_security_operations","name":"sink_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_google_security_operations"},"url":{"description":"The base URL for the Google SecOps API.","example":"https://{region}-chronicle.googleapis.com","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"sink_mock_sink","name":"sink_mock_sink","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"destination":{"description":"Name of the destination where events are stored. This field is unused and only used to demonstrate Provider configuration.","nullable":true,"title":"Destination","type":"string"},"type":{"const":"sink_mock_sink"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"sink_opensearch","name":"sink_opensearch","fullname":"OpenSearch","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events.\n","nullable":false,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_q_radar","name":"sink_q_radar","fullname":"IBM QRadar Sink","description":"Configuration for IBM QRadar Sink.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for IBM QRadar Sink.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-sink-setup)","properties":{"collection_port":{"description":"Port used by QRadar to accept incoming HTTP Receiver events.","nullable":false,"title":"Collection Port","type":"integer"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the QRadar TLS certificate. This should only be used for testing purposes and is not recommended in production environments.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_q_radar"},"url":{"description":"Base URL for the QRadar API.","example":"https://qradar.westus2.cloudapp.azure.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["collection_port","type","url"],"title":"IBM QRadar Sink","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_splunk","name":"sink_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"sink_splunk"}},"required":["hec_credential","hec_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_aws_s3","name":"storage_aws_s3","fullname":"Amazon S3","description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","properties":{"bucket":{"description":"Name of the Amazon S3 bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new AWS Access Keys.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"endpoint":{"description":"Endpoint used for connecting to Amazon S3 the external service. If not provided, the default Amazon S3 endpoint will be used.","nullable":true,"title":"Endpoint","type":"string"},"region":{"description":"AWS region where the Amazon S3 bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_aws_s3"}},"required":["bucket","credential","region","type"],"title":"Amazon S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_azure_blob","name":"storage_azure_blob","fullname":"Microsoft Azure Blob Storage","description":"Configuration for Azure Blob Storage as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Azure Blob Storage as a Storage Provider","properties":{"bucket":{"description":"Name of the blob container where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new Client Secret.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureBlobCredential"}},"type":{"const":"storage_azure_blob"}},"required":["bucket","credential","type"],"title":"Azure Blob Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_gcs","name":"storage_gcs","fullname":"Google Cloud Storage","description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"AWS like credential that stores [hash-based message authentication code (HMAC) keys](https://cloud.google.com/storage/docs/authentication/hmackeys) with write access to the GCS bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"GCSCredential"}},"region":{"description":"Google Cloud region where the bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_gcs"}},"required":["bucket","credential","region","type"],"title":"Google Cloud Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_mock_storage","name":"storage_mock_storage","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"type":{"const":"storage_mock_storage"}},"required":["bucket","type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_autotask","name":"ticketing_autotask","fullname":"Autotask Operations Cloud","description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"companyid","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"createdate","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"description","type":"string","operators":["eq","like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq","neq","in"]},{"name":"name","type":"string","operators":["eq","like"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["URGENT","CRITICAL","HIGH","MEDIUM","LOW","PLANNING"]},{"name":"queueid","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","neq","in","not in"]}]}],"provider_config":{"description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","properties":{"api_integration_code_credential":{"description":"Identifier used for individual tracking and management of API calls.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"API Tracking ID","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskApiIntegrationCodeCredential"}},"secret_credential":{"description":"Configuration when creating new Secret.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskSecretCredential"}},"type":{"const":"ticketing_autotask"},"user_name":{"description":"User name of the API User created to authenticate with the Autotask API.","nullable":false,"title":"User Name","type":"string"},"zone_path":{"description":"Zone for the Autotask API.","nullable":false,"title":"API Zone","type":"string"}},"required":["api_integration_code_credential","secret_credential","type","user_name","zone_path"],"title":"Autotask Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_freshdesk","name":"ticketing_freshdesk","fullname":"Freshdesk","description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"agent_id","type":"number","operators":["eq","gte","lte"]},{"name":"created_at","type":"datetime","operators":["eq","gte","lte"]},{"name":"due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"fr_due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"group_id","type":"number","operators":["eq","gte","lte"]},{"name":"priority","type":"number","operators":["eq","gte","lte"]},{"name":"status","type":"number","operators":["eq","gte","lte"]},{"name":"tag","type":"string","operators":["eq"]},{"name":"type","type":"string","operators":["eq"]},{"name":"updated_at","type":"datetime","operators":["eq","gte","lte"]}]}],"provider_config":{"description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","properties":{"credential":{"description":"You can use your personal API key to authenticate the request. If you use the API key, there is no need for a password. The token is supplied as \"Your API Key\". [Freshdesk API token generation documentation](https://developer.freshdesk.com/api/#authentication)","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"FreshdeskCredential"}},"type":{"const":"ticketing_freshdesk"},"url":{"description":"Base URL to your Freshdesk tenant.","example":"https://tenant.freshdesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Freshdesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira","name":"ticketing_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"creator","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_issue_type":{"description":"Default Issue Type for the integration. If provided, the issue_type field becomes optional in ticket creation requests.","nullable":true,"title":"Default Issue Type","type":"string"},"default_project":{"description":"Default Project for the integration.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_jira"},"url":{"default":"https://tenant.atlassian.net","description":"Base URL for the Jira API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira_service_management","name":"ticketing_jira_service_management","fullname":"Jira Service Management","description":"Configuration for Jira Service Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-service-management-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Jira Service Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-service-management-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_issue_type":{"description":"Default issue type when creating tickets.","nullable":true,"title":"Default Issue Type","type":"string"},"default_project":{"description":"Default project when listing, creating, or editing tickets.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_jira_service_management"},"url":{"description":"Base URL for the Jira Service Management API.","example":"https://tenant.atlassian.net","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Jira Service Management Configuration","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_mock_ticketing","name":"ticketing_mock_ticketing","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary","assignee"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"id","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]}]}],"provider_config":{"description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","properties":{"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"name":{"description":"Optional name of the mock provider. This value is unused.","nullable":true,"title":"Name","type":"string"},"type":{"const":"ticketing_mock_ticketing"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_pagerduty","name":"ticketing_pagerduty","fullname":"PagerDuty Operations Cloud","description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","project","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","request_method":"get","request_path":"/v1/ticketing/escalation-policies/{escalationPolicyId}/on-call","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","request_method":"get","request_path":"/v1/ticketing/escalation-policies","supported":true},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true}],"provider_config":{"description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PagerDutyCredential"}},"type":{"const":"ticketing_pagerduty"},"url":{"default":"https://api.pagerduty.com","description":"Base URL for the PagerDuty API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"PagerDuty Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow","name":"ticketing_servicenow","fullname":"ServiceNow IT Service Management (ITSM)","description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. Defaults to the incident table if not specified.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow ITSM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow_sir","name":"ticketing_servicenow_sir","fullname":"ServiceNow Security Incident Response (SIR)","description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Security Incident table. Defaults to the security incident table if not specified.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_servicenow_sir"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow SIR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_torq","name":"ticketing_torq","fullname":"Torq","description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","status","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","in"]},{"name":"created_at","type":"datetime","operators":["gte","lte","gt","lt"]},{"name":"issue_type","type":"string","operators":["eq","in"]},{"name":"priority","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","in"]},{"name":"tags","type":"string","operators":["eq","in"]},{"name":"text","type":"string","operators":["like"]}]}],"provider_config":{"description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TorqCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"type":{"const":"ticketing_torq"}},"required":["credential","type"],"title":"Torq","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_zendesk","name":"ticketing_zendesk","fullname":"Zendesk","description":"Configuration for Zendesk as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"description","type":"string","operators":["eq","ne","like"]},{"name":"id","type":"string","operators":["eq","ne","like"]},{"name":"name","type":"string","operators":["eq","ne","like"]},{"name":"priority","type":"string","operators":["eq","ne"]},{"name":"status","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for Zendesk as a Ticketing Provider","properties":{"credential":{"description":"E-mail address and API Token for use with the Zendesk API. Use the e-mail address for the `username` field and API Token for the `secret` field. See [Zendesk API token generation documentation](https://developer.zendesk.com/api-reference/introduction/security-and-auth/#api-token) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ZendeskCredential"}},"type":{"const":"ticketing_zendesk"},"url":{"description":"Base URL for your Zendesk tenant.","example":"https://tenant.zendesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Zendesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike","name":"vulnerabilities_crowdstrike","fullname":"CrowdStrike Falcon® Spotlight","description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"vulnerabilities_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon® Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike_mock","name":"vulnerabilities_crowdstrike_mock","fullname":"[MOCK] CrowdStrike Falcon® Spotlight","description":"Configuration for [MOCK] CrowdStrike Falcon® Spotlight.","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for [MOCK] CrowdStrike Falcon® Spotlight.","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_crowdstrike_mock"}},"required":["dataset","type"],"title":"[Mock] CrowdStrike Falcon® Spotlight","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_nucleus","name":"vulnerabilities_nucleus","fullname":"Nucleus Vulnerability Management","description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/assets/{assetId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/findings/{findingId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UpdateFindingRequest"}}},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/scans","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UploadScanRequest"}}}],"provider_config":{"description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"NucleusCredential"}},"project_id":{"description":"Numeric identifier for a Nucleus project.","nullable":false,"pattern":"^\\d+$","title":"Project ID","type":"string","x-validation-message":{"patternMismatch":"Must be a numeric project identifier."}},"type":{"const":"vulnerabilities_nucleus"},"url":{"description":"Base URL for the Nucleus API.","example":"https://{sandbox}.nucleussec.com","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","project_id","type","url"],"title":"Nucleus VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud","name":"vulnerabilities_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"vulnerabilities_qualys_cloud"},"url":{"description":"Base URL for the Qualys Cloud API.","example":"https://qualysguard.qg4.apps.qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud_mock","name":"vulnerabilities_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_rapid7_insight_cloud","name":"vulnerabilities_rapid7_insight_cloud","fullname":"Rapid7 InsightVM","description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"vulnerabilities_rapid7_insight_cloud"},"url":{"description":"Base URL for the Rapid7 InsightVM API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightVM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_rapid7_insight_cloud_mock","name":"vulnerabilities_rapid7_insight_cloud_mock","fullname":"[MOCK] Rapid7 Insight Vulnerability Management Cloud","description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_rapid7_insight_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Rapid7 InsightVM Cloud","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_servicenow_vr","name":"vulnerabilities_servicenow_vr","fullname":"ServiceNow Vulnerability Response","description":"Configuration for ServiceNow Vulnerability Response.","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for ServiceNow Vulnerability Response.","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"vulnerabilities_servicenow_vr"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow Vulnerability Response","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud","name":"vulnerabilities_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"vulnerabilities_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud_mock","name":"vulnerabilities_tanium_cloud_mock","fullname":"[MOCK] Tsanium Vulnerability Management","description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Vulnerability Management","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_tenable_cloud","name":"vulnerabilities_tenable_cloud","fullname":"Tenable Vulnerability Management","description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Keys.","nullable":false,"properties":{"secret":{"description":"API Keys in the format `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`.","format":"password","nullable":false,"pattern":"^accessKey=.+?;secretKey=.+?$","title":"API Keys","type":"string","x-validation-message":{"patternMismatch":"Input must match the pattern: `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`"}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TenableCloudCredential"}},"type":{"const":"vulnerabilities_tenable_cloud"},"url":{"default":"https://cloud.tenable.com","description":"Base URL for the Tenable Cloud API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"Tenable VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}}]}
1
+ {"result":[{"id":"appsec_gitlab","name":"appsec_gitlab","fullname":"GitLab","description":"Configuration for GitLab as an application security provider.","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","informational"]}]},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","informational"]}]}],"provider_config":{"description":"Configuration for GitLab as an application security provider.","properties":{"credential":{"description":"Credentials used for accessing the GitLab API.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"GitLabCredential"}},"type":{"const":"appsec_gitlab"},"url":{"default":"https://gitlab.com","description":"Base URL for the GitLab API. This URL should be the same as the URL used to access your GitLab instance.","example":"https://your-gitlab-instance.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"GitLab","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"appsec_hcl_appscan_on_cloud","name":"appsec_hcl_appscan_on_cloud","fullname":"HCL AppScan on Cloud","description":"Configuration for HCL AppScan on Cloud as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/hcl-appscan-appsec-setup)","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true}],"provider_config":{"description":"Configuration for HCL AppScan on Cloud as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/hcl-appscan-appsec-setup)","properties":{"credential":{"description":"Credentials used for accessing the HCL AppScan on Cloud API.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"HCLAppScanOnCloudCredential"}},"type":{"const":"appsec_hcl_appscan_on_cloud"},"url":{"description":"Base URL for the HCL AppScan on Cloud API. This URL should be the same as the URL used to access the HCL AppScan on Cloud web interface.","enum":["https://cloud.appscan.com","https://eu.cloud.appscan.com"],"nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"HCL AppScan on Cloud","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"appsec_opentext_core_application_security","name":"appsec_opentext_core_application_security","fullname":"OpenText Core Application Security","description":"Configuration for OpenText Core Application Security (formerly Fortify On Demand) as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true}],"provider_config":{"description":"Configuration for OpenText Core Application Security (formerly Fortify On Demand) as an application security provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","properties":{"credential":{"description":"Credentials used for accessing the OpenText Core Application Security API.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OpenTextCoreApplicationSecurityCredential"}},"type":{"const":"appsec_opentext_core_application_security"},"url":{"description":"Base URL for the OpenText Core Application Security API. This URL should be the same as the URL used to access the OpenText Core Application Security web interface.","enum":["https://api.ams.fortify.com","https://api.emea.fortify.com","https://api.apac.fortify.com","https://api.sgp.fortify.com","https://api.fed.fortifygov.com","https://api.trial.fortify.com"],"nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"OpenText Core Application Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"appsec_opentext_core_application_security_mock","name":"appsec_opentext_core_application_security_mock","fullname":"[MOCK] OpenText Core Application Security","description":"Configuration for [MOCK] OpenText Core Application Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","connector_id":"appsec","connector":"appsec","operations":[{"id":"appsec_get_application_finding_details","name":"get_application_finding_details","fullname":"Get Application Finding Details","description":"Returns the details of the finding matching `{findingId}` where the finding belongs to the application matching `{applicationId}` from the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings/{findingId}","supported":true},{"id":"appsec_query_application_findings","name":"query_application_findings","fullname":"Query Application Findings","description":"Returns a list of an application's findings matching `{applictionId}` and the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications/{applicationId}/findings","supported":true},{"id":"appsec_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from a the token-linked application security integration.","request_method":"get","request_path":"/v1/app-sec/applications","supported":true},{"id":"appsec_query_findings","name":"query_findings","fullname":"Query findings across all applications","description":"Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond.","request_method":"get","request_path":"/v1/app-sec/findings","supported":true}],"provider_config":{"description":"Configuration for [MOCK] OpenText Core Application Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/opentext-core-applicationsecurity-appsec-setup)","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"appsec_opentext_core_application_security_mock"}},"required":["dataset","type"],"title":"[MOCK] OpenText Core Application Security","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_armis_centrix","name":"assets_armis_centrix","fullname":"Armis Centrix™ for Asset Management and Security","description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for Armis Centrix™ for Asset Management and Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/armis-centrix-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the API Key.","format":"password","nullable":false,"title":"API Key","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ArmisCredential"}},"type":{"const":"assets_armis_centrix"},"url":{"description":"Base URL for the Armis Centrix™ API.","example":"https://tenant.armis.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Armis Centrix™","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_armis_centrix_mock","name":"assets_armis_centrix_mock","fullname":"[MOCK] Armis Centrix™ for Asset Management and Security","description":"Configuration for a mocked Armis Centrix Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.location.desc","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in"]}]}],"provider_config":{"description":"Configuration for a mocked Armis Centrix Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_armis_centrix_mock"}},"required":["dataset","type"],"title":"[MOCK] Armis Centrix","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_axonius","name":"assets_axonius","fullname":"Axonius Asset Cloud","description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","request_method":"get","request_path":"/v1/assets/labels","supported":true,"filters":[{"name":"metadata.labels","type":"string","operators":["eq","like"]}]},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]},{"name":"metadata.labels","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Axonius Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/axonius-asset-setup)","properties":{"credential":{"description":"This credential must be an API Key and API Secret. For more details, see the [Getting an API Key and API Secret](https://docs.axonius.com/docs/axonius-rest-api#getting-an-api-key-and-api-secret).","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"AxoniusCredential"}},"type":{"const":"assets_axonius"},"url":{"description":"Base URL for the Axonius API.","example":"https://tenant.on.axonius.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Axonius","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_axonius_mock","name":"assets_axonius_mock","fullname":"[MOCK] Axonius Asset Cloud","description":"Configuration for a mocked Axonius as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","request_method":"get","request_path":"/v1/assets/labels","supported":true,"filters":[{"name":"metadata.labels","type":"string","operators":["eq","like"]}]},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in"]},{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"device.mac","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in"]},{"name":"device.os.type","type":"string","operators":["eq","ne","in"]},{"name":"device.uid","type":"string","operators":["eq","ne"]},{"name":"metadata.labels","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Axonius as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_axonius_mock"}},"required":["dataset","type"],"title":"[MOCK] Axonius","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_crowdstrike","name":"assets_crowdstrike","fullname":"CrowdStrike Falcon Spotlight","description":"Configuration for CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon as an Assets Provider","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"assets_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_crowdstrike_mock","name":"assets_crowdstrike_mock","fullname":"[MOCK] CrowdStrike Falcon Spotlight","description":"Configuration for a mocked CrowdStrike Falcon as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked CrowdStrike Falcon as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_crowdstrike_mock"}},"required":["dataset","type"],"title":"[MOCK] CrowdStrike Falcon Spotlight","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_nozomi_vantage","name":"assets_nozomi_vantage","fullname":"Nozomi Vantage","description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Nozomi Vantage.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nozomi-vantage-setup)","properties":{"credential":{"description":"Credentials used to authenticate with Nozomi Vantage.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Token Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Token Name","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"NozomiVantageCredential"}},"type":{"const":"assets_nozomi_vantage"},"url":{"description":"Base URL for the Nozomi Vantage API.","example":"https://tenant.us1.vantage.nozominetworks.io","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Nozomi Vantage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_nozomi_vantage_mock","name":"assets_nozomi_vantage_mock","fullname":"[MOCK] Nozomi Vantage","description":"Configuration for a mocked Nozomi Vantage provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.ip_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.mac_addresses","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.network_interfaces.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"device.risk_level_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["0","1","2","3","4"]},{"name":"device.risk_score","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.type_id","type":"enum","operators":["eq","ne","in","not_in"],"values":["2","4","5","10","89","90","96"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.vendor.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for a mocked Nozomi Vantage provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_nozomi_vantage_mock"}},"required":["dataset","type"],"title":"[MOCK] Nozomi Vantage","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_qualys_cloud","name":"assets_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Qualys Cloud Platform as an Assets Provider","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"assets_qualys_cloud"},"url":{"description":"URL for the Qualys Cloud API. This should be the base URL for the API, without any path components.","example":"https://qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_qualys_cloud_mock","name":"assets_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mock Qualys Cloud Platform as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_servicenow","name":"assets_servicenow","fullname":"ServiceNow Configuration Management Database (CMDB)","description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for ServiceNow Configuration Management Database (CMDB).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-assets-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"assets_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow CMDB","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_servicenow_mock","name":"assets_servicenow_mock","fullname":"[MOCK] ServiceNow Configuration Management Database (CMDB)","description":"Configuration for a mocked ServiceNow as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","request_method":"post","request_path":"/v1/assets/devices","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateDeviceRequest"}}},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.first_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"number","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for a mocked ServiceNow as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_servicenow_mock"}},"required":["dataset","type"],"title":"[MOCK] ServiceNow CMDB","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"assets_sevco","name":"assets_sevco","fullname":"Sevco for Asset Management and Security","description":"Configuration for the Sevco Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne"]},{"name":"device.uid","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for the Sevco Assets Provider","properties":{"credential":{"description":"This credential must be an API Secret Key. Generate this key in the UI console. For more details, see the [Creating an API Key](https://docs.sev.co/docs/using-the-api#creating-an-api-key).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SevcoCredential"}},"type":{"const":"assets_sevco"},"url":{"description":"URL for the Sevco API. This should be the base URL for the API, without any path components.","example":"https://api.sev.co","nullable":false,"pattern":"^https?:.+$","title":"API URL","type":"string"}},"required":["credential","type","url"],"title":"Sevco","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_sevco_mock","name":"assets_sevco_mock","fullname":"[MOCK] Sevco for Asset Management and Security","description":"Configuration for a mocked Sevco Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne"]},{"name":"device.uid","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Sevco Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_sevco_mock"}},"required":["dataset","type"],"title":"[MOCK] Sevco","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud","name":"assets_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as an Assets Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"assets_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium Assets","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"assets_tanium_cloud_mock","name":"assets_tanium_cloud_mock","fullname":"[MOCK] Tanium Vulnerability Management","description":"Configuration for a mocked Tanium Cloud as an Assets Provider","connector_id":"assets","connector":"assets","operations":[{"id":"assets_create_asset","name":"create_asset","fullname":"Create Devices","description":"Creates a `Device` object in the token-linked Integration.","supported":false},{"id":"assets_get_labels","name":"get_labels","fullname":"Get Labels","description":"Get labels from an asset inventory system","supported":false},{"id":"assets_query_devices","name":"query_devices","fullname":"Query Devices","description":"Query devices from an asset inventory system","request_method":"get","request_path":"/v1/assets/devices","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for a mocked Tanium Cloud as an Assets Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"assets_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Assets","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"cloudsecurity_aws","name":"cloudsecurity_aws","fullname":"AWS Cloud Security","description":"Configuration for the AWS Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.assessments.category","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.assessments.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.control","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.desc","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.product.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.product.vendor_name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"number","operators":["eq","ne","like","not_like","in","not_in","gt","gte","lt","lte"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"status_id","type":"number","operators":["eq","ne","like","not_like","in","not_in","gt","gte","lt","lte"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","supported":false}],"provider_config":{"description":"Configuration for the AWS Cloud Security Provider","properties":{"credential":{"description":"Configuration when creating new AWS Access Keys.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsProviderCredential"}},"region":{"description":"The [AWS region](https://docs.aws.amazon.com/global-infrastructure/latest/regions/aws-regions.html) to use for the AWS Cloud Security Provider.","enum":["us-east-1","us-east-2","us-west-1","us-west-2","af-south-1","ap-east-1","ap-south-2","ap-southeast-3","ap-southeast-5","ap-southeast-4","ap-south-1","ap-northeast-3","ap-northeast-2","ap-southeast-1","ap-southeast-2","ap-east-2","ap-southeast-7","ap-northeast-1","ca-central-1","ca-west-1","eu-central-1","eu-west-1","eu-west-2","eu-south-1","eu-west-3","eu-south-2","eu-north-1","eu-central-2","il-central-1","mx-central-1","me-south-1","me-central-1","sa-east-1"],"nullable":false,"title":"Region","type":"string"},"type":{"const":"cloudsecurity_aws"}},"required":["credential","region","type"],"title":"AWS Cloud Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"cloudsecurity_crowdstrike","name":"cloudsecurity_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for the CrowdStrike Cloud Security Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.service","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.framework","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"controls.benchmarks.version","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.created_time_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"actor.authorizations.policy.is_applied","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.standards","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"compliance.status","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","supported":false},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/ioms","supported":true,"filters":[{"name":"actor.authorizations.policy.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"actor.authorizations.policy.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.agent_list.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.managed_by","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resources.owner.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"severity_id","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]}],"provider_config":{"description":"Configuration for the CrowdStrike Cloud Security Provider","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"cloudsecurity_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"The root domain where your CrowdStrike Falcon tenant is located.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Cloud Security","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"cloudsecurity_defender","name":"cloudsecurity_defender","fullname":"Microsoft Defender for Cloud","description":"Configuration for the Microsoft Defender for Cloud Provider","connector_id":"cloudsecurity","connector":"cloudsecurity","operations":[{"id":"cloudsecurity_query_cloud_resource_inventory","name":"query_cloud_resource_inventory","fullname":"Query Cloud Resource Inventory","description":"Returns a list of cloud resources that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/cloudresourcesinventory","supported":true,"filters":[{"name":"cloud.account.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.provider","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"cloud.region","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"device.created_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"resource.name","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.type","type":"string","operators":["eq","ne","like","not_like","in","not_in"]},{"name":"resource.uid","type":"string","operators":["eq","ne","like","not_like","in","not_in"]}]},{"id":"cloudsecurity_query_compliance_findings","name":"query_compliance_findings","fullname":"Query Compliance Findings","description":"Returns a list of compliance findings matching the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/compliancefindings","supported":true,"filters":[{"name":"compliance.control","type":"string","operators":["eq"]},{"name":"compliance.requirements","type":"string","operators":["eq"]},{"name":"compliance.standards","type":"string","operators":["eq"]}]},{"id":"cloudsecurity_query_events","name":"query_events","fullname":"Query Events","description":"Returns a list of events that match the query from the cloud security provider.","request_method":"get","request_path":"/v1/cloudsecurity/events","supported":true,"filters":[{"name":"device.ip","type":"string","operators":["eq","ne"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"unmapped.appId","type":"number","operators":["eq","ne"]},{"name":"unmapped.device.clientIP","type":"string","operators":["eq","ne"]}]},{"id":"cloudsecurity_query_ioms","name":"query_ioms","fullname":"Query IOMs","description":"Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider.","supported":false}],"provider_config":{"description":"Configuration for the Microsoft Defender for Cloud Provider","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"subscription_id":{"description":"The Azure subscription ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"The Azure Active Directory tenant ID that contains the Microsoft Defender for Cloud workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"cloudsecurity_defender"},"url":{"default":"https://management.azure.com/.default","description":"Base URL to your Microsoft Defender for Cloud workspace.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","subscription_id","tenant_id","type"],"title":"Microsoft Defender for Cloud","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"edr_crowdstrike","name":"edr_crowdstrike","fullname":"CrowdStrike Falcon® Insight EDR","description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"attacks.tactic.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.tactic.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"attacks.technique.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"comment","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid_alt","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.types","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"finding_info.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.feature.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"metadata.loggers.logged_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"resources.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"risk_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"vulnerabilities.desc","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"vulnerabilities.title","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"metadata.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"product.name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.path","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"product.vendor_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"product.version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"start_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"start_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"time_dt","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.network_status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_manufacturer","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.bios_ver","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.chassis","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.instance_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.org.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.os.version","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.type_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref.id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.expired","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.host_groups","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.mobile_action","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.modified_by","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.platforms","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"extensions.severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"labels","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"pattern","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"pattern_type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"valid_until","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.md5","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.sha256","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"actor.process.file.type","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"confidence_score","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.product_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"severity_id","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]},{"name":"tenant_uid","type":"string","operators":["eq","ne","gt","gte","lt","lte","in","not_in","like","not_like"]}]}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Insight EDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-edr-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"edr_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Insight EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_defender","name":"edr_defender","fullname":"Microsoft Defender for Endpoint","description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq","in","ne"]},{"name":"analytic.category","type":"string","operators":["eq","in","ne"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq","in","ne"]},{"name":"metadata.uid","type":"string","operators":["eq","in","ne"]},{"name":"severity","type":"string","operators":["eq","in","ne"]},{"name":"status","type":"string","operators":["eq","in","ne"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"cloud.account.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_seen_time","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.last_seen_time_dt","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.risk_level","type":"string","operators":["eq","ne","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","like","not_like"]},{"name":"enrichments.reputation.score","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","not_like"]},{"name":"metadata.product.version","type":"string","operators":["eq","ne","like","not_like"]},{"name":"risk_level_id","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_code","type":"string","operators":["eq","ne","like","not_like"]},{"name":"status_detail","type":"string","operators":["eq","ne","like","not_like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"string","operators":["eq","in"]},{"name":"created_by_ref.Id","type":"string","operators":["eq","in"]},{"name":"created_by_ref.name","type":"string","operators":["eq","in"]},{"name":"extensions.action","type":"string","operators":["eq","in"]},{"name":"extensions.alert","type":"string","operators":["eq","in"]},{"name":"extensions.application","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupIds","type":"string","operators":["eq","in"]},{"name":"extensions.rbacGroupNames","type":"string","operators":["eq","in"]},{"name":"extensions.severity","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"pattern","type":"string","operators":["eq","in"]},{"name":"pattern_type","type":"string","operators":["eq","in"]},{"name":"valid_until","type":"string","operators":["eq","in"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.modified_time","type":"datetime","operators":["lt","gt"]},{"name":"status","type":"string","operators":["lt","gt","eq","in"]}]}],"provider_config":{"description":"Configuration for Microsoft Defender for Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/defender-setup)","properties":{"credential":{"description":"Microsoft Defender OAuth client credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"DefenderCredential"}},"tenant_id":{"description":"Tenant ID for the Microsoft Defender Management Console.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"edr_defender"},"url":{"default":"https://api-us.securitycenter.windows.com","description":"Base URL for the Microsoft Defender API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","tenant_id","type","url"],"title":"Microsoft Defender","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_malwarebytes","name":"edr_malwarebytes","fullname":"ThreatDown Endpoint Detection \u0026 Response","description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","supported":false},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.uid","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq"]},{"name":"product.uid","type":"string","operators":["eq"]},{"name":"product.vendor_name","type":"string","operators":["eq"]},{"name":"product.version","type":"string","operators":["eq","gt","gte","lt","lte"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"created_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"deleted_at","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq"]},{"name":"device.group_id","type":"string","operators":["eq"]},{"name":"device.group_name","type":"string","operators":["eq"]},{"name":"device.hw_info.serial_number","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]},{"name":"device.os.cpu_bits","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.os.version","type":"string","operators":["eq"]},{"name":"device.protection_status","type":"string","operators":["eq"]},{"name":"device.uid","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"metadata.uid","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for ThreatDown Endpoint Detection \u0026 Response.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/malwarebytes-setup)","properties":{"account_identifier":{"description":"Account identifier for the ThreatDown EDR tenant.","example":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OR - https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard","nullable":false,"pattern":"^(https:\\/\\/cloud\\.malwarebytes\\.com\\/)?((?:[\\dA-Za-z]+-){4}[\\dA-Za-z]+)(\\/.*)?$","title":"Account ID","type":"string","x-validation-message":{"patternMismatch":"Must be a valid Account ID (`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`) or tenant URL (`https://cloud.malwarebytes.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/dashboard`)."}},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"MalwarebytesCredential"}},"type":{"const":"edr_malwarebytes"},"url":{"default":"https://api.malwarebytes.com","description":"Base URL for the ThreatDown EDR API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["account_identifier","credential","type"],"title":"ThreatDown EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sentinelone","name":"edr_sentinelone","fullname":"SentinelOne Singularity™ Endpoint","description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","request_method":"post","request_path":"/v1/edr/iocs","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateIocsRequest"}}},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","request_method":"delete","request_path":"/v1/edr/iocs","supported":true},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.last_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.first_seen_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gt","gte","lt","lte"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["like"]},{"name":"product.uid","type":"string","operators":["eq","like"]},{"name":"product.vendor_name","type":"string","operators":["like"]},{"name":"product.version","type":"string","operators":["eq","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/edr_events","supported":true,"filters":[{"name":"actor.process.file.hashes","type":"string","operators":["eq","ne","in"]},{"name":"actor.process.file.path","type":"string","operators":["eq","ne","like","in"]},{"name":"actor.process.name","type":"string","operators":["eq","ne","like","in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","like","in"]},{"name":"device.ip","type":"string","operators":["eq","ne","like","in"]},{"name":"device.network_status","type":"string","operators":["eq","ne","in"]},{"name":"device.os.name","type":"string","operators":["eq","ne","like","in"]},{"name":"metadata.labels","type":"string","operators":["eq","ne","like","in"]},{"name":"query.hostname","type":"string","operators":["eq","ne","like","in"]},{"name":"url.url_string","type":"string","operators":["eq","ne","like","in"]}]},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.domain","type":"string","operators":["eq","like"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.hw_info.serial_number","type":"string","operators":["like"]},{"name":"device.instance_uid","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"device.mac","type":"string","operators":["like"]},{"name":"device.name","type":"string","operators":["eq","like"]},{"name":"device.os.name","type":"string","operators":["like"]},{"name":"device.os.type","type":"string","operators":["eq","like"]},{"name":"device.os.version","type":"string","operators":["like"]},{"name":"device.type","type":"string","operators":["eq","like"]},{"name":"device.uid","type":"string","operators":["eq","like"]},{"name":"status","type":"string","operators":["eq","like"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/iocs","supported":true,"filters":[{"name":"created","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"created_by_ref","type":"string","operators":["like"]},{"name":"description","type":"string","operators":["like"]},{"name":"extensions.accountIds","type":"string","operators":["eq"]},{"name":"extensions.batchId","type":"string","operators":["eq"]},{"name":"extensions.category","type":"string","operators":["eq"]},{"name":"extensions.externalId","type":"string","operators":["eq"]},{"name":"extensions.groupIds","type":"string","operators":["eq"]},{"name":"extensions.sideIds","type":"string","operators":["eq"]},{"name":"extensions.source","type":"string","operators":["eq"]},{"name":"extensions.uploadTime","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq"]},{"name":"modified","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"name","type":"string","operators":["like"]},{"name":"pattern","type":"string","operators":["eq"]},{"name":"value","type":"string","operators":["eq"]}]},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.process.created_time_dt","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"actor.process.file.path","type":"string","operators":["like"]},{"name":"confidence","type":"string","operators":["eq"]},{"name":"device.container.image","type":"string","operators":["like"]},{"name":"device.container.name","type":"string","operators":["like"]},{"name":"device.container.tag","type":"string","operators":["like"]},{"name":"device.groups.uid","type":"string","operators":["eq"]},{"name":"device.hostname","type":"string","operators":["eq","like"]},{"name":"device.id","type":"string","operators":["eq"]},{"name":"device.org.uid","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"finding_info.modified_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"malware.classifications","type":"string","operators":["eq"]},{"name":"metadata.product.version","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for SentinelOne Singularity™ Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sentinelone-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneCredential"}},"edr_events_credential":{"description":"Credential used for the SentinelOne Singularity Data Lake API. This credential is required when querying EDR events.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Events Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SentinelOneEdrEventsCredential"}},"edr_events_url":{"description":"Base URL for the SentinelOne Singularity Data Lake API. This URL is required is required when querying EDR events.","example":"https://xdr.{region}.sentinelone.net","nullable":true,"title":"Events Base URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the SentinelOne TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"edr_sentinelone"},"url":{"description":"Base URL for the SentinelOne Management API.","example":"https://{tenant}.sentinelone.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"SentinelOne Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_sophos","name":"edr_sophos","fullname":"Sophos Endpoint","description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"finding_info.created_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.last_seen_time_dt","type":"datetime","operators":["lt","gt"]},{"name":"finding_info.title","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"metadata.uid","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"product.name","type":"string","operators":["lt","gt","eq","in"]},{"name":"product.path","type":"string","operators":["lt","gt","eq","in"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.type","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"device.uid","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"first_seen_time","type":"datetime","operators":["eq"]},{"name":"last_seen_time","type":"datetime","operators":["eq"]},{"name":"status","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"status_detail","type":"string","operators":["ne","lte","gte","lt","gt","eq","in"]},{"name":"time","type":"datetime","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/posture_score","supported":true},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"actor.user.name","type":"string","operators":["eq"]},{"name":"attacks.tactics.name","type":"string","operators":["eq"]},{"name":"device.first_seen_time","type":"datetime","operators":["eq"]},{"name":"device.first_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq"]},{"name":"device.last_seen_time_dt","type":"datetime","operators":["eq"]},{"name":"device.location","type":"string","operators":["eq"]},{"name":"device.os.name","type":"string","operators":["eq"]},{"name":"device.os.type","type":"string","operators":["eq"]},{"name":"device.type","type":"string","operators":["eq"]},{"name":"hostname","type":"string","operators":["eq"]},{"name":"metadata.product.name","type":"string","operators":["eq"]},{"name":"risk_score","type":"string","operators":["eq"]},{"name":"severity","type":"string","operators":["eq"]},{"name":"type_name","type":"string","operators":["eq"]},{"name":"vendor_name","type":"string","operators":["eq"]},{"name":"vulnerabilities.title","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Sophos Endpoint.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sophos-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SophosCredential"}},"type":{"const":"edr_sophos"},"url":{"default":"https://api.central.sophos.com","description":"Base URL for the Sophos Endpoint API.","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Sophos Endpoint","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"edr_tanium","name":"edr_tanium","fullname":"Tanium EDR","description":"Configuration for Tanium Cloud as a EDR Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"edr","connector":"edr","operations":[{"id":"edr_create_iocs","name":"create_iocs","fullname":"Create IOCs","description":"Creates a list of iocs that match the stix input for the EDR source.","supported":false},{"id":"edr_delete_iocs","name":"delete_iocs","fullname":"Delete IOCs","description":"Deletes a list of iocs that match the input of ids in the query param","supported":false},{"id":"edr_get_endpoint","name":"get_endpoint","fullname":"Get Endpoint","description":"Gets a single endpoint assets matching the UID from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints/{id}","supported":true},{"id":"edr_network_quarantine","name":"network_quarantine","fullname":"Quarantine Endpoints","description":"Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.","request_method":"post","request_path":"/v1/edr/endpoints/actions/quarantine","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/NetworkQuarantineRequest"}}},{"id":"edr_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Returns a list of alerts that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/alerts","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gte","lt"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]},{"id":"edr_query_applications","name":"query_applications","fullname":"Query Applications","description":"Returns a list of applications matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/applications","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"product.name","type":"string","operators":["eq","gte","like"]},{"name":"product.version","type":"string","operators":["eq","gte","like"]}]},{"id":"edr_query_edr_events","name":"query_edr_events","fullname":"Query EDR Events","description":"Returns a list of EDR events that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_endpoints","name":"query_endpoints","fullname":"Query Endpoints","description":"Returns a list of endpoint assets matching the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/endpoints","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"edr_query_iocs","name":"query_iocs","fullname":"Query IOCs","description":"Returns a list of iocs that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_posture_score","name":"query_posture_score","fullname":"Query Posture Score","description":"Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.","supported":false},{"id":"edr_query_threatevents","name":"query_threatevents","fullname":"Query Threat Events","description":"Returns a list of threats that match the query from the token-linked EDR source.","request_method":"get","request_path":"/v1/edr/threats","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["like"]},{"name":"device.ip","type":"string","operators":["like"]},{"name":"finding_info.created_time","type":"datetime","operators":["gt","gte","lt"]},{"name":"finding_info.created_time_dt","type":"datetime","operators":["gte","lt"]},{"name":"finding_info.uid","type":"string","operators":["eq"]},{"name":"status","type":"string","operators":["eq"]}]}],"provider_config":{"description":"Configuration for Tanium Cloud as a EDR Provider\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"edr_tanium"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium EDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_entra_id","name":"identity_entra_id","fullname":"Microsoft Entra ID","description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","supported":false},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in","like"]},{"name":"class_uid","type":"number","operators":["eq","in"]},{"name":"message","type":"string","operators":["eq","in","like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","in","like"]},{"name":"status_id","type":"number","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"number","operators":["eq","in"]},{"name":"user.name","type":"string","operators":["eq","in","like"]},{"name":"user.uid","type":"string","operators":["eq","in","like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.type","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"email_addrs","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.deleted_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.ldap_person.last_login_time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"entity.user.user_status_id","type":"number","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte","ne"]}]}],"provider_config":{"description":"Configuration for Microsoft Entra ID.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/entra-id-setup)","properties":{"credential":{"description":"Azure Client ID and Client Secret for a service principal. The application must be configured with permissions to access the user, group, and audit log graph APIs.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"EntraIdCredential"}},"tenant_id":{"description":"Azure Directory (tenant) identifier.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"identity_entra_id"},"url":{"description":"Base URL for the the Microsoft Graph API.","nullable":true,"title":"Base URL","type":"string"}},"required":["credential","tenant_id","type"],"title":"Microsoft Entra ID","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_google","name":"identity_google","fullname":"Google Workspace","description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"class_uid","type":"string","operators":["eq"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in"]},{"name":"entity.user.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.name","type":"string","operators":["eq","in"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","in"]},{"name":"entity.user.uid","type":"string","operators":["eq","in"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in"]}]}],"provider_config":{"description":"Configuration for Google Workspace.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-workspace-setup)","properties":{"client_email":{"description":"Client email associated with the service account key.","example":"{service-account-name}@{project-id}.iam.gserviceaccount.com","nullable":false,"title":"Client Email","type":"string"},"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleCredential"}},"delegate":{"description":"Email address of the user that the service account is impersonating for domain-wide delegation. For more information, see [this Google support article](https://support.google.com/a/answer/162106).","nullable":false,"title":"Delegate","type":"string"},"type":{"const":"identity_google"}},"required":["client_email","credential","delegate","type"],"title":"Google Workspace","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_okta","name":"identity_okta","fullname":"Okta Identity","description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"class_uid","type":"string","operators":["eq"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq"]},{"name":"status_id","type":"string","operators":["eq"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"type_uid","type":"string","operators":["eq"]},{"name":"user.email_addr","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.desc","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.group.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.type","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.manager.full_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq","gt","gte","lt","lte"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.org.ou_name","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","ne","in","not_in","like"]},{"name":"entity.user.user_status_id","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["eq","gt","gte","lt","lte"]}]}],"provider_config":{"description":"Configuration for Okta Identity.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/okta-identity-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Token URL, Client ID, and Client Secret for a Synqly Identity Connector API service application.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"OktaCredential"}},{"description":"Token to authenticate with Okta. Follow [this guide to generate an API token](https://developer.okta.com/docs/guides/create-an-api-token). The token must have access to list records in the system audit log. (Not for production use. Use `o_auth_client` instead)","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"OktaCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","TokenCredential"],"type":"OktaCredential"}},"type":{"const":"identity_okta"},"url":{"description":"Base URL for the Okta API.","example":"https://{tenant}.okta.com","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Okta Identity","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"identity_pingone","name":"identity_pingone","fullname":"PingOne Cloud Platform","description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","connector_id":"identity","connector":"identity","operations":[{"id":"identity_disable_user","name":"disable_user","fullname":"Disable User","description":"Disables a user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/disable","supported":true},{"id":"identity_enable_user","name":"enable_user","fullname":"Enable User","description":"Reenables a disabled user in the identity system based on user ID.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/enable","supported":true},{"id":"identity_expire_all_user_sessions","name":"expire_all_user_sessions","fullname":"Expire All User Sessions","description":"Logs a user out of all current sessions so they must log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/expire_all_sessions","supported":true},{"id":"identity_force_user_password_reset","name":"force_user_password_reset","fullname":"Force User Password Reset","description":"Forces a user to reset their password before they can log in again.","request_method":"post","request_path":"/v1/identity/users/{userId}/actions/force_reset_password","supported":true},{"id":"identity_get_group","name":"get_group","fullname":"Get Group","description":"Returns a `Group` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional group information, such as the roles assigned.","request_method":"get","request_path":"/v1/identity/groups/{groupId}","supported":true},{"id":"identity_get_group_members","name":"get_group_members","fullname":"Get Group Members","description":"Returns list of `User` objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID.","request_method":"get","request_path":"/v1/identity/groups/{groupId}/members","supported":true},{"id":"identity_get_user","name":"get_user","fullname":"Get User","description":"Returns a `User` object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending\non the providers offerings, this may include additional user information, such as the user's current groups and roles.","request_method":"get","request_path":"/v1/identity/users/{userId}","supported":true},{"id":"identity_query_audit_log","name":"query_audit_log","fullname":"Query Audit Log","description":"Returns a list of `Event` objects from the token-linked audit log.","request_method":"get","request_path":"/v1/identity/audit","supported":true,"filters":[{"name":"actor.user.uid","type":"string","operators":["eq","in"]},{"name":"class_uid","type":"string","operators":["eq","in"]},{"name":"name","type":"string","operators":["eq","in"]},{"name":"time","type":"datetime","operators":["lte","gte"]},{"name":"type_uid","type":"string","operators":["eq","in"]},{"name":"user.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_groups","name":"query_groups","fullname":"Query Groups","description":"Returns a list of `Group` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/groups","supported":true,"filters":[{"name":"entity.group.name","type":"string","operators":["eq","in"]},{"name":"entity.group.uid","type":"string","operators":["eq","in"]},{"name":"entity.uid","type":"string","operators":["eq","in"]}]},{"id":"identity_query_users","name":"query_users","fullname":"Query Users","description":"Returns a list of `User` objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider.","request_method":"get","request_path":"/v1/identity/users","supported":true,"filters":[{"name":"entity.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.email_addr","type":"string","operators":["eq","in","like"]},{"name":"entity.user.full_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.cost_center","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.created_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.employee_uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.given_name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.job_title","type":"string","operators":["eq","in","like"]},{"name":"entity.user.ldap_person.modified_time","type":"datetime","operators":["eq"]},{"name":"entity.user.ldap_person.surname","type":"string","operators":["eq","in","like"]},{"name":"entity.user.name","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid","type":"string","operators":["eq","in","like"]},{"name":"entity.user.uid_alt","type":"string","operators":["eq","in","like"]},{"name":"time","type":"datetime","operators":["eq"]}]}],"provider_config":{"description":"Configuration for PingOne Cloud Platform.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/ping-identity-setup)","properties":{"auth_url":{"default":"https://auth.pingone.com","description":"Base URL for making authentication requests to PingOne.","enum":["https://auth.pingone.com","https://auth.pingone.ca","https://auth.pingone.eu","https://auth.pingone.com.au","https://auth.pingone.sg","https://auth.pingone.asia"],"format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Auth URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"client_id":{"description":"Client ID for the application set up as a worker.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Configuration when creating new Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PingOneCredential"}},"organization_id":{"description":"The organization ID that the client app is a part of.","nullable":false,"title":"Organization ID","type":"string"},"type":{"const":"identity_pingone"},"url":{"default":"https://api.pingone.com","description":"Base URL for the PingOne API.","enum":["https://api.pingone.com","https://api.pingone.ca","https://api.pingone.eu","https://api.pingone.com.au","https://api.pingone.sg","https://api.pingone.asia"],"format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["auth_url","client_id","credential","organization_id","type","url"],"title":"PingOne Cloud Platform","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_jira","name":"notifications_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-notification-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"type":{"const":"notifications_jira"},"url":{"description":"Base URL for the Jira API.","example":"https://tenant.atlassian.net","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_mock_notifications","name":"notifications_mock_notifications","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/notifications/get/{notificationId}","supported":true}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain noficiations pushed to it.","properties":{"channel":{"description":"The channel to send notifications to.","nullable":true,"title":"Channel","type":"string"},"type":{"const":"notifications_mock_notifications"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"notifications_slack","name":"notifications_slack","fullname":"Slack","description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/clear/{notificationId}","supported":true},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Slack.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/slack-notification-setup)","properties":{"channel":{"description":"Channel to send notifications to. Must be a valid existing channel.","nullable":false,"title":"Channel","type":"string"},"credential":{"description":"Follow [this guide to generate a bot token](https://api.slack.com/concepts/token-types#bot). The token must have access to the configured channel.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"pattern":"^xoxb-.+$","title":"Token","type":"string","x-validation-message":{"patternMismatch":"Bot token must start with `xoxb-`."}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SlackCredential"}},"type":{"const":"notifications_slack"},"url":{"default":"https://slack.com/","description":"Base URL for the Slack API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["channel","credential","type"],"title":"Slack","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_slack_webhook","name":"notifications_slack_webhook","fullname":"Slack Incoming Webhook","description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for the Slack Notification Provider using Incoming Webhooks.\nIncoming Webhooks are a way to post messages from apps into Slack. The can not be used for any other actions, such as reading or deleting messages.","properties":{"type":{"const":"notifications_slack_webhook"},"webhook_url":{"description":"Slack Incoming Webhook URL. Use a Slack app with Incoming Webhooks enabled to generate the URL. See [configuration guide on Incoming Webhooks](https://api.slack.com/messaging/webhooks) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Secret","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Incoming Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SlackWebhookCredential"}}},"required":["type","webhook_url"],"title":"Slack Incoming Webhook","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"notifications_teams","name":"notifications_teams","fullname":"Microsoft Teams","description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","connector_id":"notifications","connector":"notifications","operations":[{"id":"notifications_clear_message","name":"clear_message","fullname":"Clear Notification","description":"Resolves a `Notification` object in the token-linked `Integration`.","supported":false},{"id":"notifications_create_message","name":"create_message","fullname":"Create Notification","description":"Creates a `Notification` object in the token-linked `Integration`.","request_method":"post","request_path":"/v1/notifications/create","supported":true,"required_fields":["summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNotificationRequest"}}},{"id":"notifications_get_message","name":"get_message","fullname":"Get Notification","description":"Returns the `Notification` object matching `{notificationId}` from the token-linked\n`Integration`.","supported":false}],"provider_config":{"description":"Configuration for Microsoft Teams.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/teams-notification-setup)","properties":{"channel_id":{"description":"Identifier of the channel to send messages to.","nullable":false,"title":"Channel ID","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"OAuth 2.0 Client Credentials for an Azure App Registration. The application must be configured with permissions to access Microsoft Power Automate with user delegation.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TeamsCredential"}},{"description":"Public Webhook URL used to authenticate with Teams.","properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"webhook_url"}},"required":["secret","type"],"title":"New Webhook URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"TeamsCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["OAuthClientCredential","SecretCredential"],"type":"TeamsCredential"}},"endpoint":{"description":"URL of the endpoint to send messages to. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Message Endpoint","type":"string"},"team_id":{"description":"Identifier of the team to send messages to.","nullable":false,"title":"Team ID","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID. Only required if OAuth Client Credentials are used for authentication.","nullable":true,"title":"Tenant ID","type":"string"},"type":{"const":"notifications_teams"}},"required":["channel_id","credential","team_id","type"],"title":"Microsoft Teams","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_crowdstrike","name":"siem_crowdstrike","fullname":"CrowdStrike Falcon® Next-Gen SIEM","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-siem-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon NextGen SIEM tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"hec_credential":{"description":"Token credential to use for connecting to the CrowdStrike HEC service. If not provided, sending events to CrowdStrike is disabled.\n","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"hec_url":{"description":"The generated CrowdStrike HEC URL provided with your token.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Next-Gen SIEM API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Next-Gen SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_elasticsearch","name":"siem_elasticsearch","fullname":"Elastic SIEM","description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Elastic SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events. Defaults to the `index` setting if not set.","nullable":true,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.","nullable":true,"title":"Read Index","type":"string"},"kibana_url":{"description":"Base URL for the Kibana API.\n","example":"https://tenant.elastic.com","nullable":true,"title":"Kibana API base URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Elastic SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_chronicle","name":"siem_google_chronicle","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider connecting via the older Backstory and Malachite APIs.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"customer_id":{"description":"The customer ID reported when writing events. This field is required if writing events.","nullable":true,"title":"Customer Id","type":"string"},"ingestion_credential":{"description":"Credentials used for writing events. If not specified then writing events is disabled.","nullable":true,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Ingestion Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"ingestion_url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"search_credential":{"description":"Credentials used for querying and reading events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Search Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"search_url":{"default":"https://backstory.googleapis.com","description":"Base URL for the Google SecOps Search API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Search API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"siem_google_chronicle"}},"required":["search_credential","type"],"title":"Google Security Operations (Chronicle Compatibility)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_google_security_operations","name":"siem_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"message","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.event_code","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_provider","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.log_version","type":"string","operators":["eq","ne","in","not_in"]},{"name":"metadata.processed_time","type":"datetime","operators":["gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","in","not_in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a SIEM Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-siem-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance.","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"siem_google_security_operations"},"url":{"description":"The base URL for the Google SecOps API.","example":"https://{region}-chronicle.googleapis.com","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"siem_mock_siem","name":"siem_mock_siem","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","supported":false}],"provider_config":{"description":"Configuration for the Synqly mock in-memory SIEM Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"index":{"description":"Name of the index where events are stored.","nullable":true,"title":"Index","type":"string"},"type":{"const":"siem_mock_siem"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"siem_opensearch","name":"siem_opensearch","fullname":"OpenSearch SIEM","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/alerts","supported":true},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events. Defaults to the 'index' setting if not set.\n","nullable":true,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"index":{"default":"_all","description":"The index, data stream, or index alias to read events from.\n","nullable":true,"title":"Read Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_q_radar","name":"siem_q_radar","fullname":"IBM QRadar SIEM","description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.app_uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"count","type":"number","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"device.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.last_seen_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"device.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"duration","type":"number","operators":["eq","ne","gt","gte","lt","lte","in","not_in"]},{"name":"end_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.host","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.port","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"http_request.url.url_string","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"message","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"metadata.log_provider","type":"string","operators":["eq"]},{"name":"process.file.ext","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.group.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"process.pid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"src_endpoint.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.location.description","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.os.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.owner.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.account.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.account.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.domain","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.name","type":"string","operators":["eq","ne","in","not_in","like","not_like"]},{"name":"user.uid","type":"string","operators":["eq","ne","in","not_in","like","not_like"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","gt","lt","in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for IBM QRadar SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-setup)","properties":{"collection_port":{"description":"Port used by QRadar to accept incoming HTTP Receiver events.","nullable":false,"title":"Collection Port","type":"integer"},"credential":{"description":"Authorized service token for QRadar Operations. [Guide to generate a token](https://www.ibm.com/docs/en/qradar-common?topic=app-creating-authorized-service-token-qradar-operations).","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"QRadarCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the QRadar TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"siem_q_radar"},"url":{"description":"Base URL for the QRadar API.","example":"https://qradar.westus2.cloudapp.azure.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["collection_port","credential","type","url"],"title":"IBM QRadar SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_rapid7_insightidr","name":"siem_rapid7_insightidr","fullname":"Rapid7 InsightIDR","description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","request_method":"get","request_path":"/v1/siem/investigations/{id}/evidence","supported":true},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"investigations.end_time","type":"datetime","operators":["lte"]},{"name":"investigations.id","type":"string","operators":["eq"]},{"name":"investigations.priority","type":"string","operators":["eq"],"values":["Unknown","Low","Medium","High","Critical"]},{"name":"investigations.start_time","type":"datetime","operators":["gte"]},{"name":"investigations.status","type":"string","operators":["eq"],"values":["Open","Closed","Investigating","Waiting"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Rapid7 InsightIDR.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-idr-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"siem_rapid7_insightidr"},"url":{"description":"Base URL for the Rapid7 API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightIDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sentinel","name":"siem_sentinel","fullname":"Microsoft Sentinel","description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Microsoft Sentinel SIEM Product.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/microsoft-sentinel-siem-setup)","properties":{"credential":{"description":"Client credentials for authenticating with Microsoft Sentinel.\nThe application registration must have appropriate permissions to read\nand write to Microsoft Sentinel. Required permissions:\n\n- `Microsoft.OperationalInsights/workspaces/read`\n- `Microsoft.OperationalInsights/workspaces/write`\n- `Microsoft.SecurityInsights/dataConnectors/*`\n","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"SentinelCredential"}},"default_tables":{"default":["_Im_AuditEvent","_Im_Authentication","_Im_DhcpEvent","_Im_Dns","_Im_DnsBuiltIn","_Im_FileEvent","_Im_NetworkSession","_Im_Process_EmptyV01","_Im_ProcessCreate","_Im_ProcessEvent","_Im_ProcessTerminate","_Im_RegistryEvent","_Im_UserManagement","_Im_WebSession"],"description":"The default tables to use for queries. Supply this value if you would like to a subset of the default tables or non-ASIM data tables with Sentinel/Log Analytics queries.\nIf more than one table is specified, a union operator will join them to query all of the tables at once. Supply a single value with `*` if you would like to query all tables without the normalizing ASIM transformations.\n**Note** that a single `*` entry will map to a `union *` query. Relying heavily on these queries is generally discouraged by Sentinel because they are slower and more resource intensive.","items":{"type":"string"},"nullable":true,"title":"Default Tables","type":"array"},"ingest_url":{"default":"https://monitor.azure.com","description":"Either the logs ingestion API url for you Data Collection Rule or your Data Collection Endpoint URL. This value must be supplied to ingest data into Microsoft Sentinel. This should look something like https://mydcr-xxx-westus2.logs.z1.ingest.monitor.azure.com","nullable":true,"title":"Ingest URL","type":"string"},"logs_url":{"description":"Base URL for the Microsoft Azure Monitor Logs API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Logs URL","type":"string"},"management_url":{"default":"https://management.azure.com","description":"Base URL for the Microsoft Azure Management API. Should only be supplied if using an alternate Microsoft cloud, such as GovCloud.","nullable":true,"title":"Base Management URL","type":"string"},"resource_group":{"description":"Azure resource group name that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Resource Group","type":"string"},"rule_id":{"description":"Immutable ID of the Data Collection Rule. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule ID","type":"string"},"stream_name":{"description":"Name of the Data Collection Rule stream. This value must be supplied to ingest data into Microsoft Sentinel.","nullable":true,"title":"Data Collection Rule stream","type":"string"},"subscription_id":{"description":"Azure subscription ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Subscription ID","type":"string"},"tenant_id":{"description":"Azure Active Directory tenant ID that contains the Microsoft Sentinel workspace.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"siem_sentinel"},"workspace_id":{"description":"ID of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace ID","type":"string"},"workspace_name":{"description":"Name of the Microsoft Sentinel Log Analytics workspace.","nullable":false,"title":"Workspace Name","type":"string"}},"required":["credential","resource_group","subscription_id","tenant_id","type","workspace_id","workspace_name"],"title":"Microsoft Sentinel","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_splunk","name":"siem_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","supported":false},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","supported":false},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"actor.app_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"actor.user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"auth_protocol","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"device.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.os.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.svc_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"dst_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"duration","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"http_request.user_agent","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"logon_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.event_code","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"metadata.processed_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"metadata.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.parent_folder","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.cmd_line","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.path","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.file.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.parent_process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"process.pid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","not_like","in","not_in"]},{"name":"session.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.hostname","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.ip","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.mac","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.owner.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.port","type":"number","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"src_endpoint.zone","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"start_time","type":"datetime","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"time","type":"datetime","operators":["gte","lte"]},{"name":"user.domain","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.org.name","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.type","type":"string","operators":["eq","ne","gt","gte","lt","lte"]},{"name":"user.uid","type":"string","operators":["eq","ne","gt","gte","lt","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","supported":false},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Splunk Enterprise Security.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","nullable":true,"title":"HEC URL","type":"string"},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"search_service_credential":{"description":"Credential used when authenticating with the Splunk Search Service.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Search Service Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkSearchCredential"}},"search_service_url":{"description":"URL used when connecting to the Splunk Search Service.","example":"https://splunk-service.com/services/collector/event","nullable":false,"title":"Search Service URL","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"siem_splunk"}},"required":["search_service_credential","search_service_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"siem_sumo_logic","name":"siem_sumo_logic","fullname":"Sumo Logic Cloud SIEM","description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","connector_id":"siem","connector":"siem","operations":[{"id":"siem_get_evidence","name":"get_evidence","fullname":"Get Evidence","description":"Retrieves the evidence for an investigation.","supported":false},{"id":"siem_get_investigation","name":"get_investigation","fullname":"Get Investigation","description":"Retrieves an investigation by ID.","request_method":"get","request_path":"/v1/siem/investigations/{id}","supported":true},{"id":"siem_patch_investigation","name":"patch_investigation","fullname":"Patch Investigation","description":"Updates an investigation by ID.","request_method":"patch","request_path":"/v1/siem/investigations/{id}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/PatchInvestigationRequest"}}},{"id":"siem_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.","request_method":"post","request_path":"/v1/siem/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}},{"id":"siem_query_alerts","name":"query_alerts","fullname":"Query Alerts","description":"Queries alerts from the SIEM configured with the token used for authentication.","supported":false},{"id":"siem_query_events","name":"query_events","fullname":"Query Events","description":"Queries events from the SIEM configured with the token used for authentication.","request_method":"get","request_path":"/v1/siem/events","supported":true,"filters":[{"name":"metadata.log_provider","type":"string","operators":["eq","in"]},{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]},{"name":"time","type":"datetime","operators":["gte","lte"]}]},{"id":"siem_query_investigations","name":"query_investigations","fullname":"Query Investigations","description":"Queries investigations","request_method":"get","request_path":"/v1/siem/investigations","supported":true,"filters":[{"name":"raw_data.*","type":"string","operators":["eq","ne","gt","lt","gte","lte","like","in","not_in"]}]},{"id":"siem_query_log_providers","name":"query_log_providers","fullname":"Query Log Providers","description":"Queries available log providers in the source SIEM","request_method":"get","request_path":"/v1/siem/log-providers","supported":true}],"provider_config":{"description":"Configuration for Sumo Logic Cloud SIEM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/sumo-logic-setup)","properties":{"auto_parse_logs":{"default":true,"description":"Automatically parse logs as JSON when running log queries.","nullable":true,"title":"Auto Parse Logs","type":"boolean"},"collection_url":{"description":"Secure Sumo Logic Collection URL for writing events. If not provided, sending events to Sumo Logic is disabled.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Collection URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"type":{"const":"secret"}},"required":["secret","type"],"title":"Collection URL","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"SumoLogicCollectionUrl"}},"credential":{"description":"Access ID and Access Key used to authenticate with Sumo Logic.","nullable":false,"properties":{"secret":{"description":"Access key secret.","format":"password","nullable":false,"title":"Access Key","type":"string"},"type":{"const":"basic"},"username":{"description":"Access key identifier.","nullable":false,"title":"Access ID","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"SumoLogicCredential"}},"siem_logs_only":{"default":false,"description":"Only query for logs that have been processed into the Sumo Logic Cloud SIEM app.","nullable":true,"title":"SIEM Logs Only","type":"boolean"},"type":{"const":"siem_sumo_logic"},"url":{"description":"Base URL for the Sumo Logic API.\n[Sumo Logic endpoints by deployment and firewall security](https://help.sumologic.com/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security).","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Sumo Logic Cloud SIEM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_s3","name":"sink_aws_s3","fullname":"Amazon S3","description":"Configuration for Amazon S3 as a Sink provider. Events are written directly to an AWS S3 bucket in compressed JSON format.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon S3 as a Sink provider. Events are written directly to an AWS S3 bucket in compressed JSON format.","properties":{"bucket":{"description":"Bucket","nullable":false,"title":"Name of the Amazon S3 bucket","type":"string"},"credential":{"description":"Credential","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"AWS Access Keys with write access to the configured S3 bucket.","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"path":{"description":"Path","nullable":false,"title":"Files will be written under this path.","type":"string"},"region":{"description":"AWS Region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","af-south-1","ap-east-1","ap-south-2","ap-southeast-3","ap-southeast-5","ap-southeast-4","ap-south-1","ap-northeast-3","ap-northeast-2","ap-southeast-1","ap-southeast-2","ap-east-2","ap-southeast-7","ap-northeast-1","ca-central-1","ca-west-1","eu-central-1","eu-west-1","eu-west-2","eu-south-1","eu-west-3","eu-south-2","eu-north-1","eu-central-2","il-central-1","mx-central-1","me-south-1","me-central-1","sa-east-1"],"nullable":false,"title":"AWS Region where the S3 bucket is located.","type":"string"},"type":{"const":"sink_aws_s3"}},"required":["bucket","credential","path","region","type"],"title":"Amazon S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_security_lake","name":"sink_aws_security_lake","fullname":"Amazon Security Lake","description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Security Lake as a Sink provider. Events are written directly to an AWS S3 bucket in Apache Parquet format.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/amazon-security-lake-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured S3 bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSecurityLakeCredential"}},"region":{"description":"Override the default AWS region for this integration. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_security_lake"},"url":{"description":"URL of the S3 bucket where the Amazon Security Lake events are stored.","format":"uri","nullable":false,"title":"URL","type":"string"}},"required":["credential","type","url"],"title":"Amazon Security Lake","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_aws_sqs","name":"sink_aws_sqs","fullname":"Amazon Simple Queue Service (SQS)","description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Amazon Simple Queue Service (SQS).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-sqs-sink-setup)","properties":{"credential":{"description":"AWS Access Keys with write access to the configured SQS queue.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsSQSCredential"}},"region":{"description":"Overrides the default AWS region. If not present, the region will be inferred from the URL.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_aws_sqs"},"url":{"description":"URL of the SQS queue where events are sent.","nullable":false,"pattern":"https://sqs..+?.amazonaws.com_.+?/.+?","title":"Queue URL","type":"string","x-validation-message":{"patternMismatch":"Must match the format `https://sqs.{region}.amazonaws.com_{account_id}/{queue_name}`."}}},"required":["credential","type","url"],"title":"Amazon SQS","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_azure_monitor_logs","name":"sink_azure_monitor_logs","fullname":"Microsoft Azure Monitor Logs","description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Azure Monitor Logs as a Sink Provider. Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/azure-monitor-logs)","properties":{"client_id":{"description":"Azure Client (Application) ID.","nullable":false,"title":"Client ID","type":"string"},"credential":{"description":"Credential with access to the configured data collection endpoint.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureMonitorLogsCredential"}},"rule_id":{"description":"Data collection rule immutable ID.","nullable":false,"title":"Rule ID","type":"string"},"stream_name":{"description":"Name of the data collection rule stream.","nullable":false,"title":"Stream Name","type":"string"},"tenant_id":{"description":"Azure Directory (tenant) ID.","nullable":false,"title":"Tenant ID","type":"string"},"type":{"const":"sink_azure_monitor_logs"},"url":{"description":"URL of the Azure data collection endpoint.","nullable":false,"title":"Collection URL","type":"string"}},"required":["client_id","credential","rule_id","stream_name","tenant_id","type","url"],"title":"Microsoft Azure Monitor Logs","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_crowdstrike_hec","name":"sink_crowdstrike_hec","fullname":"CrowdStrike Falcon® Next-Gen SIEM (HEC)","description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Next-Gen SIEM (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-sink-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"CrowdstrikeHECCredential"}},"type":{"const":"sink_crowdstrike_hec"},"url":{"description":"HTTPS URL for the CrowdStrike HTTP Event Collector (HEC) API.","example":"https://\u003csome-guid\u003e.ingest.us-2.crowdstrike.com/services/collector","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"CrowdStrike Next-Gen SIEM (HEC)","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_elasticsearch","name":"sink_elasticsearch","fullname":"Elasticsearch","description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Elasticsearch.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/elastic-setup)","properties":{"auth_options":{"description":"Options used to control how requests are made to Elasticsearch when different authentication types are used.","nullable":true,"properties":{"run_as":{"description":"Submit API requests as a specific user, with all of their roles and permissions. When populated, this option will send the `es-security-runas-user` header with every request made to the Elasticsearch API.","nullable":true,"title":"Run As","type":"string"},"shared_secret":{"description":"Some auth cases, notably JWT auth, can be configured to require sending a shared secret in the `ES-Client-Authentication` header. When this secret is populated it will get added as the shared secret for every request made to Elasticsearch.","nullable":true,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Shared Secret","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"ElasticsearchSharedSecret"}}},"title":"Authentication Options","type":"object"},"create_index":{"description":"The index or data stream to use when writing events.","nullable":false,"title":"Create Index","type":"string"},"credential":{"nullable":false,"oneOf":[{"description":"Basic authentication credentials for Elasticsearch. It is recommended to use API keys or OAuth client credentials whenever possible.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ElasticsearchCredential"}},{"description":"Client credentials and connection data for an identity provider (IdP) that has been configured for use as a [JWT realm](https://www.elastic.co/guide/en/elasticsearch/reference/8.15/jwt-auth-realm.html) in Elasticsearch. *([Instructions for Elastic Cloud](https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-JWT.html).)*\nRequires a Token URL for the third party identity provider. To send specific scopes during the client credentials OAuth flow, specify them in `extra.scopes` as a list of strings.","properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","token_url","type"],"title":"New Client Credentials","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"ElasticsearchCredential"}},{"description":"Elasticsearch API Key. Follow [this guide to generate an API Key](https://www.elastic.co/guide/en/kibana/current/api-keys.html). The API Key must have sufficient permissions to the target index.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New API Key","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ElasticsearchCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","OAuthClientCredential","TokenCredential"],"type":"ElasticsearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Elasticsearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_elasticsearch"},"url":{"description":"Base URL for the Elasticsearch API.","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"Elasticsearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_sec_ops","name":"sink_google_sec_ops","fullname":"Google Security Operations (Chronicle Compatibility)","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider connecting via the older Malachite API.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-chronicle-setup)","properties":{"credential":{"description":"Credentials used when writing events.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleChronicleCredential"}},"customer_id":{"description":"The customer ID reported when writing events.","nullable":false,"title":"Customer Id","type":"string"},"type":{"const":"sink_google_sec_ops"},"url":{"default":"https://malachiteingestion-pa.googleapis.com","description":"Base URL for the Google SecOps Ingestion API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Ingestion API base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_google_security_operations","name":"sink_google_security_operations","fullname":"Google Security Operations","description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Google Security Operations (formerly Google Chronicle) as a Sink Provider.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-security-operations-sink-setup)","properties":{"credential":{"description":"Credentials used for accessing the Google SecOps instance.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Connection specific JSON map, must include the field `client_email`.","nullable":false,"properties":{"client_email":{"nullable":false,"title":"Client Email","type":"string"}},"required":["client_email"],"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","extra","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"GoogleServiceAccountCredential"}},"customer_id":{"description":"The customer ID of the Google SecOps instance","nullable":false,"title":"Customer Id","type":"string"},"project_id":{"description":"The project ID of the Google SecOps instance.","nullable":false,"title":"Project Id","type":"string"},"region":{"default":"us","description":"The region of the Google SecOps instance. Usually `us` or `eu`.","nullable":true,"title":"Region","type":"string"},"type":{"const":"sink_google_security_operations"},"url":{"description":"The base URL for the Google SecOps API.","example":"https://{region}-chronicle.googleapis.com","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","customer_id","project_id","type"],"title":"Google Security Operations","type":"object"},"release":{"availability":"in-development","environments":["test","prod"]}},{"id":"sink_mock_sink","name":"sink_mock_sink","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory Sink Provider. This provider is for testing purposes only and does not retain events pushed to it.","properties":{"destination":{"description":"Name of the destination where events are stored. This field is unused and only used to demonstrate Provider configuration.","nullable":true,"title":"Destination","type":"string"},"type":{"const":"sink_mock_sink"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"sink_opensearch","name":"sink_opensearch","fullname":"OpenSearch","description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments\n","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for OpenSearch search and analytics engine. Supports both managed and self-hosted OpenSearch deployments","properties":{"create_index":{"description":"The index or data stream to use when writing events.\n","nullable":false,"title":"Write Index","type":"string"},"credential":{"description":"Basic authentication credentials for OpenSearch.\n","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"OpenSearchCredential"}},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the OpenSearch TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_opensearch"},"url":{"description":"Base URL for the OpenSearch API.\n","example":"https://tenant.elastic.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["create_index","credential","type","url"],"title":"OpenSearch","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_q_radar","name":"sink_q_radar","fullname":"IBM QRadar Sink","description":"Configuration for IBM QRadar Sink.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-sink-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for IBM QRadar Sink.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qradar-sink-setup)","properties":{"collection_port":{"description":"Port used by QRadar to accept incoming HTTP Receiver events.","nullable":false,"title":"Collection Port","type":"integer"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the QRadar TLS certificate. This should only be used for testing purposes and is not recommended in production environments.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"type":{"const":"sink_q_radar"},"url":{"description":"Base URL for the QRadar API.","example":"https://qradar.westus2.cloudapp.azure.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["collection_port","type","url"],"title":"IBM QRadar Sink","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"sink_splunk","name":"sink_splunk","fullname":"Splunk Enterprise Security","description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","connector_id":"sink","connector":"sink","operations":[{"id":"sink_post_events","name":"post_events","fullname":"Post Events","description":"Writes a batch of `Event` objects to the Sink configured with the token used for authentication.","request_method":"post","request_path":"/v1/sink/events","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/Event"},"type":"array"}}}],"provider_config":{"description":"Configuration for Splunk as a Sink provider. Allows sending data to Splunk using an HTTP Event Collector (HEC).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/splunk-setup)","properties":{"hec_credential":{"description":"Credential to use when connecting to the Splunk HEC service. If not provided, sending events to Splunk is disabled.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"HEC Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"SplunkHECToken"}},"hec_url":{"description":"URL for the Splunk HEC endpoint. Must include the full path to the HEC endpoint.","example":"https://tenant.cloud.splunk.com:8088/services_collector_event","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"HEC URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}},"index":{"description":"Splunk index to send events to. If not provided, will use the default index for the Splunk collector.","nullable":true,"title":"Index","type":"string"},"skip_tls_verify":{"default":false,"description":"When true, skips verification of the Splunk TLS certificate.","nullable":true,"title":"Skip TLS Verification","type":"boolean"},"source":{"description":"Splunk source to send events to. If not provided the default source for the Splunk collector is used.","nullable":true,"title":"Source","type":"string"},"source_type":{"description":"Splunk source type to send events to. If not provided the default source type for the Splunk collector is used.","nullable":true,"title":"Source Type","type":"string"},"type":{"const":"sink_splunk"}},"required":["hec_credential","hec_url","type"],"title":"Splunk Enterprise Security","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_aws_s3","name":"storage_aws_s3","fullname":"Amazon S3","description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Amazon S3.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/aws-s3-storage-setup)","properties":{"bucket":{"description":"Name of the Amazon S3 bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new AWS Access Keys.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"AwsS3Credential"}},"endpoint":{"description":"Endpoint used for connecting to Amazon S3 the external service. If not provided, the default Amazon S3 endpoint will be used.","nullable":true,"title":"Endpoint","type":"string"},"region":{"description":"AWS region where the Amazon S3 bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_aws_s3"}},"required":["bucket","credential","region","type"],"title":"Amazon S3","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_azure_blob","name":"storage_azure_blob","fullname":"Microsoft Azure Blob Storage","description":"Configuration for Azure Blob Storage as a Storage Provider","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Azure Blob Storage as a Storage Provider","properties":{"bucket":{"description":"Name of the blob container where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"Configuration when creating new Client Secret.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"AzureBlobCredential"}},"type":{"const":"storage_azure_blob"}},"required":["bucket","credential","type"],"title":"Azure Blob Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_gcs","name":"storage_gcs","fullname":"Google Cloud Storage","description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for Google Cloud Storage for storing unstructured data\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/google-gcs-storage-setup)","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"credential":{"description":"AWS like credential that stores [hash-based message authentication code (HMAC) keys](https://cloud.google.com/storage/docs/authentication/hmackeys) with write access to the GCS bucket.","nullable":false,"properties":{"access_key_id":{"description":"Access Key ID portion of the AWS access key pair.","nullable":false,"title":"Access Key ID","type":"string"},"secret_access_key":{"description":"Secret portion of the AWS access key pair.","format":"password","nullable":false,"title":"Secret Access Key","type":"string"},"session":{"description":"A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.","format":"password","nullable":true,"title":"Session","type":"string"},"type":{"const":"aws"}},"required":["access_key_id","secret_access_key","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"AwsCredential","type":"GCSCredential"}},"region":{"description":"Google Cloud region where the bucket is located.","nullable":false,"title":"Region","type":"string"},"type":{"const":"storage_gcs"}},"required":["bucket","credential","region","type"],"title":"Google Cloud Storage","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"storage_mock_storage","name":"storage_mock_storage","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","connector_id":"storage","connector":"storage","operations":[{"id":"storage_delete_file","name":"delete_file","fullname":"Delete File","description":"Deletes a file from the provided `{path}` in the token-linked `Integration`.","request_method":"delete","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_download_file","name":"download_file","fullname":"Download File","description":"Downloads a file from the provided `{path}` in the token-linked\n`Integration`.","request_method":"get","request_path":"/v1/storage/files/{path}","supported":true},{"id":"storage_list_files","name":"list_files","fullname":"List Files","description":"Returns a list of contents from the token-linked `Integration`.","request_method":"get","request_path":"/v1/storage/folders/{path}","supported":true},{"id":"storage_upload_file","name":"upload_file","fullname":"Upload File","description":"Uploads a file from the provided `{path}` to the token-linked `Integration`.","request_method":"post","request_path":"/v1/storage/files/{path}","supported":true,"request_body":{"required":true}}],"provider_config":{"description":"Configuration for the Synqly mock in-memory storage Provider. This provider is for testing purposes only and does not retain files pushed to it.","properties":{"bucket":{"description":"Name of the bucket where files are stored.","nullable":false,"title":"Bucket","type":"string"},"type":{"const":"storage_mock_storage"}},"required":["bucket","type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_autotask","name":"ticketing_autotask","fullname":"Autotask Operations Cloud","description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"companyid","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"createdate","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"description","type":"string","operators":["eq","like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte"]},{"name":"id","type":"string","operators":["eq","neq","in"]},{"name":"name","type":"string","operators":["eq","like"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["URGENT","CRITICAL","HIGH","MEDIUM","LOW","PLANNING"]},{"name":"queueid","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","neq","in","not in"]}]}],"provider_config":{"description":"Configuration for Autotask Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/autotask-ticketing-setup)","properties":{"api_integration_code_credential":{"description":"Identifier used for individual tracking and management of API calls.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"API Tracking ID","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskApiIntegrationCodeCredential"}},"secret_credential":{"description":"Configuration when creating new Secret.","nullable":false,"properties":{"secret":{"description":"Secret value","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"secret"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"SecretCredential","type":"AutotaskSecretCredential"}},"type":{"const":"ticketing_autotask"},"user_name":{"description":"User name of the API User created to authenticate with the Autotask API.","nullable":false,"title":"User Name","type":"string"},"zone_path":{"description":"Zone for the Autotask API.","nullable":false,"title":"API Zone","type":"string"}},"required":["api_integration_code_credential","secret_credential","type","user_name","zone_path"],"title":"Autotask Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_freshdesk","name":"ticketing_freshdesk","fullname":"Freshdesk","description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"agent_id","type":"number","operators":["eq","gte","lte"]},{"name":"created_at","type":"datetime","operators":["eq","gte","lte"]},{"name":"due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"fr_due_by","type":"datetime","operators":["eq","gte","lte"]},{"name":"group_id","type":"number","operators":["eq","gte","lte"]},{"name":"priority","type":"number","operators":["eq","gte","lte"]},{"name":"status","type":"number","operators":["eq","gte","lte"]},{"name":"tag","type":"string","operators":["eq"]},{"name":"type","type":"string","operators":["eq"]},{"name":"updated_at","type":"datetime","operators":["eq","gte","lte"]}]}],"provider_config":{"description":"Configuration for Freshdesk.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/freshdesk-ticketing-setup)","properties":{"credential":{"description":"You can use your personal API key to authenticate the request. If you use the API key, there is no need for a password. The token is supplied as \"Your API Key\". [Freshdesk API token generation documentation](https://developer.freshdesk.com/api/#authentication)","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"FreshdeskCredential"}},"type":{"const":"ticketing_freshdesk"},"url":{"description":"Base URL to your Freshdesk tenant.","example":"https://tenant.freshdesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Freshdesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira","name":"ticketing_jira","fullname":"Atlassian Jira","description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"creator","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Atlassian Jira.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_issue_type":{"description":"Default Issue Type for the integration. If provided, the issue_type field becomes optional in ticket creation requests.","nullable":true,"title":"Default Issue Type","type":"string"},"default_project":{"description":"Default Project for the integration.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_jira"},"url":{"default":"https://tenant.atlassian.net","description":"Base URL for the Jira API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Atlassian Jira","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_jira_service_management","name":"ticketing_jira_service_management","fullname":"Jira Service Management","description":"Configuration for Jira Service Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-service-management-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","request_method":"post","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAttachmentRequest"}}},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["project","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}","supported":true},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}/{attachmentId}/download","supported":true},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/attachments/{ticketId}","supported":true},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for Jira Service Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/jira-service-management-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Basic Credentials.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"JiraCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_issue_type":{"description":"Default issue type when creating tickets.","nullable":true,"title":"Default Issue Type","type":"string"},"default_project":{"description":"Default project when listing, creating, or editing tickets.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_jira_service_management"},"url":{"description":"Base URL for the Jira Service Management API.","example":"https://tenant.atlassian.net","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Jira Service Management Configuration","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_mock_ticketing","name":"ticketing_mock_ticketing","fullname":"Synqly Test Provider","description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","project","summary","assignee"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"id","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]}]}],"provider_config":{"description":"Configuration for the Synqly mock in-memory ticketing Provider. This provider is for testing purposes only. It retains tickets for a limited time and does not persist them for long-term usage.","properties":{"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"name":{"description":"Optional name of the mock provider. This value is unused.","nullable":true,"title":"Name","type":"string"},"type":{"const":"ticketing_mock_ticketing"}},"required":["type"],"title":"Test Provider","type":"object"},"release":{"availability":"generally-available","environments":["test"]}},{"id":"ticketing_pagerduty","name":"ticketing_pagerduty","fullname":"PagerDuty Operations Cloud","description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","project","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","request_method":"get","request_path":"/v1/ticketing/escalation-policies/{escalationPolicyId}/on-call","supported":true},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","request_method":"get","request_path":"/v1/ticketing/projects","supported":true},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","request_method":"get","request_path":"/v1/ticketing/escalation-policies","supported":true},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true}],"provider_config":{"description":"Configuration for PagerDuty Operations Cloud.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/pagerduty-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"PagerDutyCredential"}},"type":{"const":"ticketing_pagerduty"},"url":{"default":"https://api.pagerduty.com","description":"Base URL for the PagerDuty API.","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"PagerDuty Operations Cloud","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow","name":"ticketing_servicenow","fullname":"ServiceNow IT Service Management (ITSM)","description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow IT Service Management (ITSM).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. Defaults to the incident table if not specified.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_servicenow"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow ITSM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_servicenow_sir","name":"ticketing_servicenow_sir","fullname":"ServiceNow Security Incident Response (SIR)","description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["issue_type","priority","summary"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","request_method":"get","request_path":"/v1/ticketing/remote-fields","supported":true},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"completion_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"contact","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"created_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"description","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"due_date","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]},{"name":"id","type":"string","operators":["eq","neq","in","not in"]},{"name":"issue_type","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"labels","type":"string","operators":["eq","neq","in","not in"]},{"name":"name","type":"string","operators":["eq","neq","in","not in"]},{"name":"priority","type":"enum","operators":["eq","neq","in","not in"],"values":["highest","high","medium","low"]},{"name":"project","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"reporter","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"status","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"summary","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"text","type":"string","operators":["eq","neq","in","not in","like","not like"]},{"name":"updated_at","type":"datetime","operators":["eq","neq","gt","gte","lt","lte","in","not in"]}]}],"provider_config":{"description":"Configuration for ServiceNow Security Incident Response (SIR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/servicenow-ticketing-setup)","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"default_project":{"description":"Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Security Incident table. Defaults to the security incident table if not specified.","nullable":true,"title":"Default Project","type":"string"},"type":{"const":"ticketing_servicenow_sir"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow SIR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_torq","name":"ticketing_torq","fullname":"Torq","description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateCommentRequest"}}},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateNoteRequest"}}},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["creator","status","name"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/comments/{commentId}","supported":true},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","request_method":"delete","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/comments","supported":true},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}/notes","supported":true},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}/notes/{noteId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"assignee","type":"string","operators":["eq","in"]},{"name":"created_at","type":"datetime","operators":["gte","lte","gt","lt"]},{"name":"issue_type","type":"string","operators":["eq","in"]},{"name":"priority","type":"string","operators":["eq","in"]},{"name":"status","type":"string","operators":["eq","in"]},{"name":"tags","type":"string","operators":["eq","in"]},{"name":"text","type":"string","operators":["like"]}]}],"provider_config":{"description":"Configuration for Torq.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/torq-ticketing-setup)","properties":{"credential":{"description":"Configuration when creating new Client Credentials.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"TorqCredential"}},"custom_field_mappings":{"description":"Custom field mappings for this provider.","items":{"properties":{"name":{"description":"Name for the custom field that you will use in the `custom_fields` field in the returned ticket objects.","nullable":false,"title":"Name","type":"string"},"project_id":{"description":"ID of the project this field mapping is associated with. ID of \"*\" is used to apply to all projects.","nullable":false,"title":"Project ID","type":"string"},"provider_field_path":{"description":"Path to or name of the custom field in the provider.","nullable":false,"title":"Field Path (Provider)","type":"string"}},"required":["name","project_id","provider_field_path"],"title":"CustomFieldMapping","type":"object"},"nullable":true,"title":"Custom Field Mappings","type":"array"},"type":{"const":"ticketing_torq"}},"required":["credential","type"],"title":"Torq","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"ticketing_zendesk","name":"ticketing_zendesk","fullname":"Zendesk","description":"Configuration for Zendesk as a Ticketing Provider","connector_id":"ticketing","connector":"ticketing","operations":[{"id":"ticketing_create_attachment","name":"create_attachment","fullname":"Create Attachment","description":"[beta: currently supported by Jira] Creates an `Attachment` for the ticket with id `{ticketId}` in the token-linked `Integration`.","supported":false},{"id":"ticketing_create_comment","name":"create_comment","fullname":"Create Comment","description":"Creates a comment on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_note","name":"create_note","fullname":"Create Note","description":"Creates a note on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_create_ticket","name":"create_ticket","fullname":"Create Ticket","description":"Creates a `Ticket` object in the token-linked Integration.","request_method":"post","request_path":"/v1/ticketing/tickets","supported":true,"required_fields":["name","priority","subject"],"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateTicketRequest"}}},{"id":"ticketing_delete_attachment","name":"delete_attachment","fullname":"Delete Attachment","description":"[beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_comment","name":"delete_comment","fullname":"Delete Comment","description":"Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_delete_note","name":"delete_note","fullname":"Delete Note","description":"Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_download_attachment","name":"download_attachment","fullname":"Download Attachment","description":"[beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration.","supported":false},{"id":"ticketing_get_ticket","name":"get_ticket","fullname":"Get Ticket","description":"Returns a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true},{"id":"ticketing_list_attachments_metadata","name":"list_attachments_metadata","fullname":"List Attachments Metadata","description":"[beta: currently supported by Jira] Returns metadata for all Attachments for a `Ticket` object matching `{ticketId}` from the token-linked `Integration`.","supported":false},{"id":"ticketing_list_comments","name":"list_comments","fullname":"List Comments","description":"Lists all comments for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_notes","name":"list_notes","fullname":"List Notes","description":"Lists all notes for the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_list_on_call","name":"list_on_call","fullname":"List On Call Agents","description":"Returns a list of all on-call agents for an escalation policy.","supported":false},{"id":"ticketing_list_projects","name":"list_projects","fullname":"List Projects","description":"Returns a list of `Projects` from the token-linked `Integration`.\nTickets must be created and retrieved within the context of a specific Project.","supported":false},{"id":"ticketing_list_remote_fields","name":"list_remote_fields","fullname":"List Remote Fields","description":"List all remote fields for all Projects in a ticketing integration. The response will include a list of\nfields for each issue type in the ticketing provider.","supported":false},{"id":"ticketing_patch_note","name":"patch_note","fullname":"Patch Note","description":"Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration.","supported":false},{"id":"ticketing_patch_ticket","name":"patch_ticket","fullname":"Patch Ticket","description":"Updates the `Ticket` object matching `{ticketId}` in the token-linked `Integration`.","request_method":"patch","request_path":"/v1/ticketing/tickets/{ticketId}","supported":true,"request_body":{"required":true,"schema":{"items":{"$ref":"#/components/schemas/PatchOperation"},"type":"array"}}},{"id":"ticketing_query_escalation_policies","name":"query_escalation_policies","fullname":"Query Escalation Policies","description":"Returns a list of escalation policies.","supported":false},{"id":"ticketing_query_tickets","name":"query_tickets","fullname":"Query Tickets","description":"Returns a list of `Ticket` objects from the token-linked `Integration`.","request_method":"get","request_path":"/v1/ticketing/tickets","supported":true,"filters":[{"name":"description","type":"string","operators":["eq","ne","like"]},{"name":"id","type":"string","operators":["eq","ne","like"]},{"name":"name","type":"string","operators":["eq","ne","like"]},{"name":"priority","type":"string","operators":["eq","ne"]},{"name":"status","type":"string","operators":["eq","ne"]}]}],"provider_config":{"description":"Configuration for Zendesk as a Ticketing Provider","properties":{"credential":{"description":"E-mail address and API Token for use with the Zendesk API. Use the e-mail address for the `username` field and API Token for the `secret` field. See [Zendesk API token generation documentation](https://developer.zendesk.com/api-reference/introduction/security-and-auth/#api-token) for more detail.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ZendeskCredential"}},"type":{"const":"ticketing_zendesk"},"url":{"description":"Base URL for your Zendesk tenant.","example":"https://tenant.zendesk.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Zendesk","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike","name":"vulnerabilities_crowdstrike","fullname":"CrowdStrike Falcon® Spotlight","description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for CrowdStrike Falcon® Spotlight.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/crowdstrike-vulns-setup)","properties":{"credential":{"description":"The credential to use for the CrowdStrike Falcon tenant.","nullable":false,"properties":{"client_id":{"description":"The ID of the client application defined at the service provider","nullable":false,"title":"Client ID","type":"string"},"client_secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Client Secret","type":"string"},"extra":{"additionalProperties":true,"description":"Optional connection specific JSON map data such as a signing key ID or organization ID","nullable":true,"title":"Extra","type":"object"},"token_url":{"description":"Optional URL for the OAuth 2.0 token exchange if it can not be constructed based on provider configuration","nullable":true,"title":"Token URL","type":"string"},"type":{"const":"o_auth_client"}},"required":["client_id","client_secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"OAuthClientCredential","type":"CrowdStrikeCredential"}},"type":{"const":"vulnerabilities_crowdstrike"},"url":{"default":"https://api.crowdstrike.com","description":"Base URL for the CrowdStrike Falcon® Spotlight API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"CrowdStrike Falcon® Spotlight","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_crowdstrike_mock","name":"vulnerabilities_crowdstrike_mock","fullname":"[MOCK] CrowdStrike Falcon® Spotlight","description":"Configuration for [MOCK] CrowdStrike Falcon® Spotlight.","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for [MOCK] CrowdStrike Falcon® Spotlight.","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_crowdstrike_mock"}},"required":["dataset","type"],"title":"[Mock] CrowdStrike Falcon® Spotlight","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_nucleus","name":"vulnerabilities_nucleus","fullname":"Nucleus Vulnerability Management","description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"severity","type":"enum","operators":["eq"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/assets/{assetId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","request_method":"put","request_path":"/v1/vulnerabilities/findings/{findingId}","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UpdateFindingRequest"}}},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/scans","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/UploadScanRequest"}}}],"provider_config":{"description":"Configuration for Nucleus Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/nucleus-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Key.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"NucleusCredential"}},"project_id":{"description":"Numeric identifier for a Nucleus project.","nullable":false,"pattern":"^\\d+$","title":"Project ID","type":"string","x-validation-message":{"patternMismatch":"Must be a numeric project identifier."}},"type":{"const":"vulnerabilities_nucleus"},"url":{"description":"Base URL for the Nucleus API.","example":"https://{sandbox}.nucleussec.com","nullable":false,"title":"Base URL","type":"string"}},"required":["credential","project_id","type","url"],"title":"Nucleus VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud","name":"vulnerabilities_qualys_cloud","fullname":"Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Qualys Vulnerability Management, Detection \u0026 Response (VMDR).\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/qualys-vulns-setup)","properties":{"credential":{"description":"Username and password used to authenticate with Qualys Cloud.","nullable":false,"properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"QualysCloudCredential"}},"type":{"const":"vulnerabilities_qualys_cloud"},"url":{"description":"Base URL for the Qualys Cloud API.","example":"https://qualysguard.qg4.apps.qualys.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Qualys VMDR","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_qualys_cloud_mock","name":"vulnerabilities_qualys_cloud_mock","fullname":"[MOCK] Qualys Vulnerability Management, Detection \u0026 Response (VMDR)","description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Qualys Cloud Platform as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_qualys_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Qualys VMDR","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_rapid7_insight_cloud","name":"vulnerabilities_rapid7_insight_cloud","fullname":"Rapid7 InsightVM","description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Rapid7 InsightVM.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/rapid7-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"Rapid7InsightCloudCredential"}},"type":{"const":"vulnerabilities_rapid7_insight_cloud"},"url":{"description":"Base URL for the Rapid7 InsightVM API.","example":"https://us2.api.insight.rapid7.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Rapid7 InsightVM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_rapid7_insight_cloud_mock","name":"vulnerabilities_rapid7_insight_cloud_mock","fullname":"[MOCK] Rapid7 Insight Vulnerability Management Cloud","description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq","in"]},{"name":"device.ip","type":"string","operators":["eq","in"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq","in"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mocked Rapid7 Insight Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_rapid7_insight_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Rapid7 InsightVM Cloud","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_servicenow_vr","name":"vulnerabilities_servicenow_vr","fullname":"ServiceNow Vulnerability Response","description":"Configuration for ServiceNow Vulnerability Response.","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/findings/bulk","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateFindingsRequest"}}},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]},{"name":"device.name","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for ServiceNow Vulnerability Response.","properties":{"credential":{"nullable":false,"oneOf":[{"description":"Username and secret used to authenticate with ServiceNow. The password can be a [generated token](https://docs.servicenow.com/bundle/vancouver-platform-administration/page/administer/users-and-groups/task/t_CreateAUser.html). The token receives the same permissions as the user that generated it, so they must have access to the necessary projects.","properties":{"secret":{"description":"Secret value for authentication","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"basic"},"username":{"description":"Username value for authentication","nullable":false,"title":"Username","type":"string"}},"required":["secret","type","username"],"title":"New Basic Credentials","type":"object","x-synqly-credential":{"extends":"BasicCredential","type":"ServiceNowCredential"}},{"description":"Token used to authenticate with ServiceNow. This token will be used with the authentication header `x-sn-apikey`. To use token authentication, the version of ServiceNow must be `Washington D.C.` or later.","properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"New Token","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"ServiceNowCredential"}}],"title":"Credential","x-synqly-credential":{"extends":["BasicCredential","TokenCredential"],"type":"ServiceNowCredential"}},"type":{"const":"vulnerabilities_servicenow_vr"},"url":{"description":"Base URL for the ServiceNow API.","example":"https://tenant.service-now.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"ServiceNow Vulnerability Response","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud","name":"vulnerabilities_tanium_cloud","fullname":"Tanium Vulnerability Management","description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tanium Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tanium-setup)","properties":{"credential":{"description":"Configuration when creating new API Token.","nullable":false,"properties":{"secret":{"description":"Secret value of the token.","format":"password","nullable":false,"title":"Secret","type":"string"},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TaniumCloudCredential"}},"type":{"const":"vulnerabilities_tanium_cloud"},"url":{"description":"Base URL for the Tanium Cloud API","example":"https://{customername}-api.cloud.tanium.com","format":"uri","nullable":false,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type","url"],"title":"Tanium VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}},{"id":"vulnerabilities_tanium_cloud_mock","name":"vulnerabilities_tanium_cloud_mock","fullname":"[MOCK] Tsanium Vulnerability Management","description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","supported":false},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte","lte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for a mock Tanium Cloud as a Vulnerabilities Provider","properties":{"dataset":{"enum":["basic_v0"],"nullable":false,"title":"Dataset","type":"string"},"type":{"const":"vulnerabilities_tanium_cloud_mock"}},"required":["dataset","type"],"title":"[MOCK] Tanium Vulnerability Management","type":"object"},"release":{"availability":"in-development","environments":["test"]}},{"id":"vulnerabilities_tenable_cloud","name":"vulnerabilities_tenable_cloud","fullname":"Tenable Vulnerability Management","description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","connector_id":"vulnerabilities","connector":"vulnerabilities","operations":[{"id":"vulnerabilities_create_asset","name":"create_asset","fullname":"Create Asset","description":"Create assets in a vulnerability scanning system","request_method":"post","request_path":"/v1/vulnerabilities/assets","supported":true,"request_body":{"required":true,"schema":{"$ref":"#/components/schemas/CreateAssetRequest"}}},{"id":"vulnerabilities_create_findings","name":"create_findings","fullname":"Create Findings","description":"Create findings (bulk) in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_get_scan_activity","name":"get_scan_activity","fullname":"Get Scan Activity","description":"Get a list of activity generated by a configured scan.","request_method":"get","request_path":"/v1/vulnerabilities/scans/{scan_id}/activity","supported":true},{"id":"vulnerabilities_query_assets","name":"query_assets","fullname":"Query Assets","description":"Query assets in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/assets","supported":true,"filters":[{"name":"device.hostname","type":"string","operators":["eq"]},{"name":"device.ip","type":"string","operators":["eq"]},{"name":"device.last_seen_time","type":"datetime","operators":["gte"]},{"name":"device.mac","type":"string","operators":["eq"]}]},{"id":"vulnerabilities_query_findings","name":"query_findings","fullname":"Query Findings","description":"Query vulnerability findings","request_method":"get","request_path":"/v1/vulnerabilities/findings","supported":true,"filters":[{"name":"finding.first_seen_time","type":"datetime","operators":["gte"]},{"name":"finding.last_seen_time","type":"datetime","operators":["gte"]},{"name":"severity","type":"enum","operators":["eq","in"],"values":["critical","high","medium","low","info"]}]},{"id":"vulnerabilities_query_scans","name":"query_scans","fullname":"Query Scans","description":"Query scans in a vulnerability scanning system","request_method":"get","request_path":"/v1/vulnerabilities/scans","supported":true},{"id":"vulnerabilities_update_asset","name":"update_asset","fullname":"Update Asset","description":"update an asset in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_update_finding","name":"update_finding","fullname":"Update Finding","description":"update a finding in a vulnerability scanning system","supported":false},{"id":"vulnerabilities_upload_scan","name":"upload_scan","fullname":"Upload Scan","description":"Upload a scan in a vulnerability scanning system","supported":false}],"provider_config":{"description":"Configuration for Tenable Vulnerability Management.\n\n[Configuration guide](https://docs.synqly.com/guides/provider-configuration/tenable-vulns-setup)","properties":{"credential":{"description":"Configuration when creating new API Keys.","nullable":false,"properties":{"secret":{"description":"API Keys in the format `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`.","format":"password","nullable":false,"pattern":"^accessKey=.+?;secretKey=.+?$","title":"API Keys","type":"string","x-validation-message":{"patternMismatch":"Input must match the pattern: `accessKey=\u003ckey\u003e;secretKey=\u003csecret\u003e`"}},"type":{"const":"token"}},"required":["secret","type"],"title":"Credential","type":"object","x-synqly-credential":{"extends":"TokenCredential","type":"TenableCloudCredential"}},"type":{"const":"vulnerabilities_tenable_cloud"},"url":{"default":"https://cloud.tenable.com","description":"Base URL for the Tenable Cloud API.","format":"uri","nullable":true,"pattern":"^https?:.+$","title":"Base URL","type":"string","x-validation-message":{"patternMismatch":"Must be a valid HTTP(S) URL."}}},"required":["credential","type"],"title":"Tenable VM","type":"object"},"release":{"availability":"generally-available","environments":["test","prod"]}}]}