From 37064083826f6bd6c7778c19b5f2bdb08022668b Mon Sep 17 00:00:00 2001 From: he2ss <19668340+he2ss@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:32:12 +0000 Subject: [PATCH] Update python SDK 1.119.5 --- crowdsec_tracker_api/__init__.py | 30 +- .../__pycache__/base_model.cpython-311.pyc | Bin 4407 -> 4407 bytes .../__pycache__/http_client.cpython-311.pyc | Bin 7797 -> 7797 bytes crowdsec_tracker_api/models.py | 1658 +++++++++++------ .../__pycache__/__init__.cpython-311.pyc | Bin 236 -> 236 bytes crowdsec_tracker_api/services/cves.py | 49 +- crowdsec_tracker_api/services/fingerprints.py | 28 +- crowdsec_tracker_api/services/integrations.py | 2 +- crowdsec_tracker_api/services/products.py | 6 +- .../services/tracker_events.py | 41 + crowdsec_tracker_api/services/tracker_tags.py | 115 ++ crowdsec_tracker_api/services/vendors.py | 173 +- doc/Cves.md | 80 +- doc/Fingerprints.md | 40 +- doc/Models.md | 239 ++- doc/Products.md | 2 +- doc/README.md | 48 +- doc/Tags.md | 89 - doc/TrackerEvents.md | 53 + doc/TrackerTags.md | 173 ++ doc/Vendors.md | 274 ++- let-openapi.json | 2 +- pyproject.toml | 2 +- 23 files changed, 2358 insertions(+), 746 deletions(-) create mode 100644 crowdsec_tracker_api/services/tracker_events.py create mode 100644 crowdsec_tracker_api/services/tracker_tags.py delete mode 100644 doc/Tags.md create mode 100644 doc/TrackerEvents.md create mode 100644 doc/TrackerTags.md diff --git a/crowdsec_tracker_api/__init__.py b/crowdsec_tracker_api/__init__.py index 1fb352c..1a50314 100644 --- a/crowdsec_tracker_api/__init__.py +++ b/crowdsec_tracker_api/__init__.py @@ -5,8 +5,9 @@ from .services.cves import Cves from .services.vendors import Vendors from .services.products import Products -from .services.tags import Tags +from .services.tracker_tags import TrackerTags from .services.fingerprints import Fingerprints +from .services.tracker_events import TrackerEvents from .http_client import ApiKeyAuth class Server(Enum): @@ -17,8 +18,9 @@ class Server(Enum): 'Cves', 'Vendors', 'Products', - 'Tags', + 'TrackerTags', 'Fingerprints', + 'TrackerEvents', 'ApiKeyCredentials', 'BasicAuthCredentials', 'BlocklistSubscription', @@ -36,12 +38,14 @@ class Server(Enum): 'OutputFormat', 'Stats', 'ValidationError', + 'VendorSubscription', 'AdjustmentScore', 'AffectedComponent', 'AllowlistSubscription', 'AttackDetail', 'Behavior', - 'CVEEvent', + 'CVEEventOutput', + 'CVEExploitationPhase', 'CVEResponseBase', 'CVEsubscription', 'CWE', @@ -49,37 +53,51 @@ class Server(Enum): 'Classifications', 'EntityType', 'ExploitationPhase', + 'ExploitationPhaseChangeEventItem', + 'ExploitationPhaseChangeEventsResponsePage', + 'FacetBucket', + 'FingerprintEventOutput', 'FingerprintRuleResponse', 'FingerprintRuleSummary', 'FingerprintTimelineItem', 'GetCVEIPsResponsePage', + 'GetCVEProtectRulesResponse', 'GetCVEResponse', 'GetCVESubscribedIntegrationsResponsePage', - 'GetCVEsFilterBy', 'GetCVEsResponsePage', 'GetCVEsSortBy', 'GetCVEsSortOrder', 'GetFingerprintIPsResponsePage', 'GetFingerprintRulesResponsePage', 'GetFingerprintSubscribedIntegrationsResponsePage', + 'GetVendorIPsResponsePage', + 'GetVendorSubscribedIntegrationsResponsePage', 'History', 'IPItem', 'IntegrationResponse', 'IntervalOptions', + 'IpsDetailsStats', 'Location', 'LookupImpactCVEItem', 'LookupImpactFingerprintItem', 'LookupImpactResponsePage', - 'LookupListItem', - 'LookupListResponsePage', + 'LookupListItemWithStats', + 'LookupListWithStatsResponsePage', 'MitreTechnique', + 'ProtectRule', + 'ProtectRuleTag', 'Reference', 'ScoreBreakdown', 'Scores', 'SinceOptions', 'SubscribeCVEIntegrationRequest', 'SubscribeFingerprintIntegrationRequest', + 'SubscribeVendorIntegrationRequest', + 'ThreatContext', 'TimelineItem', + 'TopProductItem', + 'VendorSortBy', + 'VendorStatsResponse', 'ApiKeyAuth', 'Server', 'Page' diff --git a/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc b/crowdsec_tracker_api/__pycache__/base_model.cpython-311.pyc index a48f15d154982d0e684afc810c60b74f0dc1dd88..b86a4aca60c9ba271685ff874f30878a76ce3cae 100644 GIT binary patch delta 27 hcmdn4v|WjNIWI340}$L!yS9 -# timestamp: 2026-02-24T17:00:06+00:00 +# timestamp: 2026-04-08T14:32:07+00:00 from __future__ import annotations @@ -97,14 +97,21 @@ class ValidationError(BaseModelSdk): type: Annotated[str, Field(title='Error Type')] +class VendorSubscription(BaseModelSdk): + id: Annotated[str, Field(title='Id')] + + class AdjustmentScore(BaseModelSdk): - total: Annotated[int, Field(description='Total score adjustment', title='Total')] + total: Annotated[ + Optional[int], Field(description='Total score adjustment', title='Total') + ] = 0 recency: Annotated[ - int, Field(description='Recency score adjustment', title='Recency') - ] + Optional[int], Field(description='Recency score adjustment', title='Recency') + ] = 0 low_info: Annotated[ - int, Field(description='Low information score adjustment', title='Low Info') - ] + Optional[int], + Field(description='Low information score adjustment', title='Low Info'), + ] = 0 class AffectedComponent(BaseModelSdk): @@ -142,13 +149,24 @@ class Behavior(BaseModelSdk): ] -class CVEEvent(BaseModelSdk): - date: Annotated[datetime, Field(description='Date of the event', title='Date')] - description: Annotated[ - str, Field(description='Description of the event', title='Description') - ] - label: Annotated[str, Field(description='Label of the event', title='Label')] - name: Annotated[str, Field(description='Name of the event', title='Name')] +class CVEEventOutput(BaseModelSdk): + name: Annotated[str, Field(title='Name')] + date: Annotated[str, Field(title='Date')] + description: Annotated[str, Field(title='Description')] + label: Annotated[str, Field(title='Label')] + sorting_priority: Annotated[int, Field(title='Sorting Priority')] + + +class CVEExploitationPhase(StrEnum): + INSUFFICIENT_DATA = 'insufficient_data' + EARLY_EXPLOITATION = 'early_exploitation' + FRESH_AND_POPULAR = 'fresh_and_popular' + TARGETED_EXPLOITATION = 'targeted_exploitation' + MASS_EXPLOITATION = 'mass_exploitation' + BACKGROUND_NOISE = 'background_noise' + UNPOPULAR = 'unpopular' + WEARING_OUT = 'wearing_out' + UNCLASSIFIED = 'unclassified' class CvssScore(RootModelSdk[float]): @@ -212,599 +230,241 @@ class ExploitationPhase(BaseModelSdk): ] -class FingerprintRuleResponse(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), +class ExploitationPhaseChangeEventItem(BaseModelSdk): + cve_id: Annotated[str, Field(description='CVE identifier', title='Cve Id')] + name: Annotated[str, Field(description='Event type name', title='Name')] + date: Annotated[str, Field(description='Date of the phase change', title='Date')] + label: Annotated[ + str, Field(description='Human-readable event label', title='Label') ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score for the fingerprint rule', - ge=0, - le=10, - title='Crowdsec Score', - ), + description: Annotated[ + str, Field(description='Rendered event description', title='Description') ] - opportunity_score: Annotated[ - Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), - ] = 0 + previous_phase: Annotated[ + str, + Field(description='Previous exploitation phase label', title='Previous Phase'), + ] + new_phase: Annotated[ + str, Field(description='New exploitation phase label', title='New Phase') + ] + + +class ExploitationPhaseChangeEventsResponsePage(BaseModelSdk): + items: Annotated[List[ExploitationPhaseChangeEventItem], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class FacetBucket(BaseModelSdk): + value: Annotated[str, Field(description='Facet value', title='Value')] + count: Annotated[ + int, Field(description='Number of IPs matching this value', ge=0, title='Count') + ] + + +class FingerprintEventOutput(BaseModelSdk): + name: Annotated[str, Field(title='Name')] + date: Annotated[str, Field(title='Date')] + description: Annotated[str, Field(title='Description')] + label: Annotated[str, Field(title='Label')] + + +class FingerprintTimelineItem(BaseModelSdk): + timestamp: Annotated[ + datetime, + Field(description='Timestamp of the timeline event', title='Timestamp'), + ] + count: Annotated[ + int, Field(description='Count of occurrences at the timestamp', title='Count') + ] + + +class GetCVEsSortBy(StrEnum): + RULE_RELEASE_DATE = 'rule_release_date' + TRENDING = 'trending' + NB_IPS = 'nb_ips' + NAME = 'name' + FIRST_SEEN = 'first_seen' + + +class GetCVEsSortOrder(StrEnum): + ASC = 'asc' + DESC = 'desc' + + +class History(BaseModelSdk): first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None + datetime, Field(description='First seen timestamp', title='First Seen') + ] last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') + datetime, Field(description='Last seen timestamp', title='Last Seen') ] - rule_release_date: Annotated[ + full_age: Annotated[int, Field(description='Full age in days', title='Full Age')] + days_age: Annotated[int, Field(description='Days age', title='Days Age')] + + +class IntegrationResponse(BaseModelSdk): + tags: Annotated[Optional[List[str]], Field(title='Tags')] = [] + organization_id: Annotated[str, Field(title='Organization Id')] + created_at: Annotated[ Optional[datetime], - Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', - ), + Field(description='Time the integration was created', title='Created At'), ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') + entity_type: Annotated[EntityType, Field(description='Type of the integration')] + id: Annotated[ + Optional[str], Field(description='ID of the integration', title='Id') ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the fingerprint rule', title='Tags'), + blocklists: Annotated[ + Optional[List[BlocklistSubscription]], Field(title='Blocklists') + ] = [] + allowlists: Annotated[ + Optional[List[AllowlistSubscription]], Field(title='Allowlists') + ] = [] + cves: Annotated[Optional[List[CVEsubscription]], Field(title='Cves')] = None + fingerprints: Annotated[ + Optional[List[FingerprintSubscription]], Field(title='Fingerprints') + ] = None + vendors: Annotated[Optional[List[VendorSubscription]], Field(title='Vendors')] = ( + None + ) + name: Annotated[str, Field(description='Name of the integration', title='Name')] + updated_at: Annotated[ + Optional[datetime], + Field(description='Last time the integration was updated', title='Updated At'), ] = None description: Annotated[ Optional[str], - Field(description='Fingerprint rule description', title='Description'), + Field(description='Description of the integration', title='Description'), ] = None - references: Annotated[ - Optional[List[str]], + output_format: Annotated[ + OutputFormat, Field(description='Output format of the integration') + ] + last_pull: Annotated[ + Optional[datetime], Field( - description='Reference links for the fingerprint rule', title='References' + description='Last time the integration pulled blocklists', title='Last Pull' ), ] = None - crowdsec_analysis: Annotated[ - Optional[str], + pull_limit: Annotated[ + Optional[int], + Field(description='Maximum number of items to pull', title='Pull Limit'), + ] = None + enable_ip_aggregation: Annotated[ + Optional[bool], Field( - description='CrowdSec analysis for this fingerprint rule', - title='Crowdsec Analysis', + description='Whether to enable IP aggregation into ranges', + title='Enable Ip Aggregation', ), - ] = None - events: Annotated[ - Optional[List[CVEEvent]], + ] = False + + +class IntervalOptions(StrEnum): + HOUR = 'hour' + DAY = 'day' + WEEK = 'week' + + +class IpsDetailsStats(BaseModelSdk): + total: Annotated[ + int, Field(description='Total number of matching IPs', ge=0, title='Total') + ] + reputation: Annotated[ + List[FacetBucket], + Field(description='IP count by reputation', title='Reputation'), + ] + country: Annotated[ + List[FacetBucket], + Field(description='IP count by country (top 5)', title='Country'), + ] + as_name: Annotated[ + List[FacetBucket], + Field(description='IP count by AS name (top 5)', title='As Name'), + ] + cves: Annotated[ + List[FacetBucket], Field(description='IP count by CVE (top 5)', title='Cves') + ] + classifications: Annotated[ + List[FacetBucket], Field( - description='List of events related to the fingerprint rule', title='Events' + description='IP count by classification (top 5)', title='Classifications' ), + ] + + +class Location(BaseModelSdk): + country: Annotated[ + Optional[str], Field(description='Country code', title='Country') + ] = None + city: Annotated[Optional[str], Field(description='City name', title='City')] = None + latitude: Annotated[ + Optional[float], Field(description='Latitude coordinate', title='Latitude') + ] = None + longitude: Annotated[ + Optional[float], Field(description='Longitude coordinate', title='Longitude') ] = None -class FingerprintRuleSummary(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, +class LookupListItemWithStats(BaseModelSdk): + value: Annotated[str, Field(description='Lookup entry value', title='Value')] + nb_cves: Annotated[ + Optional[int], Field(description='Number of CVEs', ge=0, title='Nb Cves') + ] = 0 + nb_fingerprints: Annotated[ + Optional[int], + Field(description='Number of fingerprint rules', ge=0, title='Nb Fingerprints'), + ] = 0 + nb_ips: Annotated[ + Optional[int], Field( - description='Live Exploit Tracker score for the fingerprint rule', + description='Total number of unique IPs targeting this entry', ge=0, - le=10, - title='Crowdsec Score', + title='Nb Ips', ), - ] - opportunity_score: Annotated[ + ] = 0 + nb_ips_cves: Annotated[ Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), + Field(description='Number of IPs across CVEs', ge=0, title='Nb Ips Cves'), ] = 0 - momentum_score: Annotated[ + nb_ips_fingerprints: Annotated[ Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), + Field( + description='Number of IPs across fingerprint rules', + ge=0, + title='Nb Ips Fingerprints', + ), ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') - ] - rule_release_date: Annotated[ + latest_rule_release: Annotated[ Optional[datetime], Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', + description='Most recent rule release date for this entry', + title='Latest Rule Release', ), ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') - ] = None -class FingerprintTimelineItem(BaseModelSdk): - timestamp: Annotated[ - datetime, - Field(description='Timestamp of the timeline event', title='Timestamp'), - ] - count: Annotated[ - int, Field(description='Count of occurrences at the timestamp', title='Count') +class LookupListWithStatsResponsePage(BaseModelSdk): + items: Annotated[List[LookupListItemWithStats], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class MitreTechnique(BaseModelSdk): + name: Annotated[str, Field(description='MITRE technique ID', title='Name')] + label: Annotated[str, Field(description='MITRE technique label', title='Label')] + description: Annotated[ + str, Field(description='MITRE technique description', title='Description') ] -class GetCVEResponse(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - title: Annotated[str, Field(description='Title of the CVE', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score of the CVE', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field( - description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", - ge=0, - le=5, - title='Opportunity Score', - ), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field( - description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", - ge=0, - le=5, - title='Momentum Score', - ), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') - ] - published_date: Annotated[ - datetime, Field(description='Published date of the CVE', title='Published Date') - ] - cvss_score: Annotated[ - Optional[CvssScore], - Field(description='CVSS score of the CVE', title='Cvss Score'), - ] = None - has_public_exploit: Annotated[ - bool, - Field( - description='Indicates if there is a public exploit for the CVE', - title='Has Public Exploit', - ), - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the associated detection rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], - Field( - description='Score adjustments applied to the CVE score based on various factors' - ), - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the CVE', title='Tags'), - ] = None - references: Annotated[ - List[str], - Field(description='List of references for the CVE', title='References'), - ] - description: Annotated[ - str, Field(description='Description of the CVE', title='Description') - ] - crowdsec_analysis: Annotated[ - Optional[str], - Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), - ] = None - cwes: Annotated[ - List[CWE], - Field(description='List of CWEs associated with the CVE', title='Cwes'), - ] - events: Annotated[ - Optional[List[CVEEvent]], - Field(description='List of events related to the CVE', title='Events'), - ] = None - - -class GetCVEsFilterBy(StrEnum): - IS_PUBLIC = 'is_public' - - -class GetCVEsSortBy(StrEnum): - RULE_RELEASE_DATE = 'rule_release_date' - TRENDING = 'trending' - NB_IPS = 'nb_ips' - NAME = 'name' - - -class GetCVEsSortOrder(StrEnum): - ASC = 'asc' - DESC = 'desc' - - -class GetFingerprintRulesResponsePage(BaseModelSdk): - items: Annotated[List[FingerprintRuleSummary], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links - - -class History(BaseModelSdk): - first_seen: Annotated[ - datetime, Field(description='First seen timestamp', title='First Seen') - ] - last_seen: Annotated[ - datetime, Field(description='Last seen timestamp', title='Last Seen') - ] - full_age: Annotated[int, Field(description='Full age in days', title='Full Age')] - days_age: Annotated[int, Field(description='Days age', title='Days Age')] - - -class IntegrationResponse(BaseModelSdk): - tags: Annotated[Optional[List[str]], Field(title='Tags')] = [] - organization_id: Annotated[str, Field(title='Organization Id')] - created_at: Annotated[ - Optional[datetime], - Field(description='Time the integration was created', title='Created At'), - ] = None - entity_type: Annotated[EntityType, Field(description='Type of the integration')] - id: Annotated[ - Optional[str], Field(description='ID of the integration', title='Id') - ] = None - blocklists: Annotated[ - Optional[List[BlocklistSubscription]], Field(title='Blocklists') - ] = [] - allowlists: Annotated[ - Optional[List[AllowlistSubscription]], Field(title='Allowlists') - ] = [] - cves: Annotated[Optional[List[CVEsubscription]], Field(title='Cves')] = [] - fingerprints: Annotated[ - Optional[List[FingerprintSubscription]], Field(title='Fingerprints') - ] = [] - name: Annotated[str, Field(description='Name of the integration', title='Name')] - updated_at: Annotated[ - Optional[datetime], - Field(description='Last time the integration was updated', title='Updated At'), - ] = None - description: Annotated[ - Optional[str], - Field(description='Description of the integration', title='Description'), - ] = None - output_format: Annotated[ - OutputFormat, Field(description='Output format of the integration') - ] - last_pull: Annotated[ - Optional[datetime], - Field( - description='Last time the integration pulled blocklists', title='Last Pull' - ), - ] = None - pull_limit: Annotated[ - Optional[int], - Field(description='Maximum number of items to pull', title='Pull Limit'), - ] = None - enable_ip_aggregation: Annotated[ - Optional[bool], - Field( - description='Whether to enable IP aggregation into ranges', - title='Enable Ip Aggregation', - ), - ] = False - - -class IntervalOptions(StrEnum): - HOUR = 'hour' - DAY = 'day' - WEEK = 'week' - - -class Location(BaseModelSdk): - country: Annotated[ - Optional[str], Field(description='Country code', title='Country') - ] = None - city: Annotated[Optional[str], Field(description='City name', title='City')] = None - latitude: Annotated[ - Optional[float], Field(description='Latitude coordinate', title='Latitude') - ] = None - longitude: Annotated[ - Optional[float], Field(description='Longitude coordinate', title='Longitude') - ] = None - - -class LookupImpactCVEItem(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - title: Annotated[str, Field(description='Title of the CVE', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score of the CVE', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field( - description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", - ge=0, - le=5, - title='Opportunity Score', - ), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field( - description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", - ge=0, - le=5, - title='Momentum Score', - ), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') - ] - published_date: Annotated[ - datetime, Field(description='Published date of the CVE', title='Published Date') - ] - cvss_score: Annotated[ - Optional[CvssScore], - Field(description='CVSS score of the CVE', title='Cvss Score'), - ] = None - has_public_exploit: Annotated[ - bool, - Field( - description='Indicates if there is a public exploit for the CVE', - title='Has Public Exploit', - ), - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the associated detection rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], - Field( - description='Score adjustments applied to the CVE score based on various factors' - ), - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the CVE', title='Tags'), - ] = None - references: Annotated[ - List[str], - Field(description='List of references for the CVE', title='References'), - ] - description: Annotated[ - str, Field(description='Description of the CVE', title='Description') - ] - crowdsec_analysis: Annotated[ - Optional[str], - Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), - ] = None - cwes: Annotated[ - List[CWE], - Field(description='List of CWEs associated with the CVE', title='Cwes'), - ] - events: Annotated[ - Optional[List[CVEEvent]], - Field(description='List of events related to the CVE', title='Events'), - ] = None - type: Annotated[ - Literal['cve'], Field(description='Resource type', title='Type') - ] = 'cve' - - -class LookupImpactFingerprintItem(BaseModelSdk): - id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] - name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] - title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - crowdsec_score: Annotated[ - int, - Field( - description='Live Exploit Tracker score for the fingerprint rule', - ge=0, - le=10, - title='Crowdsec Score', - ), - ] - opportunity_score: Annotated[ - Optional[int], - Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), - ] = 0 - momentum_score: Annotated[ - Optional[int], - Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), - ] = 0 - first_seen: Annotated[ - Optional[datetime], Field(description='First seen date', title='First Seen') - ] = None - last_seen: Annotated[ - Optional[datetime], Field(description='Last seen date', title='Last Seen') - ] = None - nb_ips: Annotated[ - int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') - ] - rule_release_date: Annotated[ - Optional[datetime], - Field( - description='Release date of the fingerprint rule', - title='Rule Release Date', - ), - ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase') - ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], Field(description='Score adjustment details') - ] = None - hype_score: Annotated[ - Optional[int], - Field( - description='Hype score (raw momentum component)', - ge=0, - le=5, - title='Hype Score', - ), - ] = 0 - tags: Annotated[ - Optional[List[str]], - Field(description='Tags associated with the fingerprint rule', title='Tags'), - ] = None - description: Annotated[ - Optional[str], - Field(description='Fingerprint rule description', title='Description'), - ] = None - references: Annotated[ - Optional[List[str]], - Field( - description='Reference links for the fingerprint rule', title='References' - ), - ] = None - crowdsec_analysis: Annotated[ - Optional[str], - Field( - description='CrowdSec analysis for this fingerprint rule', - title='Crowdsec Analysis', - ), - ] = None - events: Annotated[ - Optional[List[CVEEvent]], - Field( - description='List of events related to the fingerprint rule', title='Events' - ), - ] = None - type: Annotated[ - Literal['fingerprint'], Field(description='Resource type', title='Type') - ] = 'fingerprint' - - -class Items(RootModelSdk[Union[LookupImpactCVEItem, LookupImpactFingerprintItem]]): - root: Annotated[ - Union[LookupImpactCVEItem, LookupImpactFingerprintItem], - Field(discriminator='type'), - ] - - -class LookupImpactResponsePage(BaseModelSdk): - items: Annotated[List[Items], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links - - -class LookupListItem(BaseModelSdk): - value: Annotated[str, Field(description='Lookup entry value', title='Value')] - - -class LookupListResponsePage(BaseModelSdk): - items: Annotated[List[LookupListItem], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links - - -class MitreTechnique(BaseModelSdk): - name: Annotated[str, Field(description='MITRE technique ID', title='Name')] - label: Annotated[str, Field(description='MITRE technique label', title='Label')] - description: Annotated[ - str, Field(description='MITRE technique description', title='Description') - ] +class ProtectRuleTag(BaseModelSdk): + tag: Annotated[str, Field(description='Tag identifier', title='Tag')] + label: Annotated[str, Field(description='Human-readable tag label', title='Label')] class Reference(BaseModelSdk): @@ -856,6 +516,53 @@ class SubscribeFingerprintIntegrationRequest(BaseModelSdk): ] +class SubscribeVendorIntegrationRequest(BaseModelSdk): + model_config = ConfigDict( + extra='forbid', + ) + name: Annotated[ + str, Field(description='Name of the integration to subscribe', title='Name') + ] + + +class ThreatContext(BaseModelSdk): + attacker_countries: Annotated[ + Optional[Dict[str, int]], + Field( + description='Attacker country distribution (country code → count)', + title='Attacker Countries', + ), + ] = None + defender_countries: Annotated[ + Optional[Dict[str, int]], + Field( + description='Defender country distribution (country code → count)', + title='Defender Countries', + ), + ] = None + industry_types: Annotated[ + Optional[Dict[str, int]], + Field( + description='Industry type distribution (type → count)', + title='Industry Types', + ), + ] = None + industry_risk_profiles: Annotated[ + Optional[Dict[str, int]], + Field( + description='Industry risk profile distribution (profile → count)', + title='Industry Risk Profiles', + ), + ] = None + attacker_objectives: Annotated[ + Optional[Dict[str, int]], + Field( + description='Attacker objective distribution (objective → count)', + title='Attacker Objectives', + ), + ] = None + + class TimelineItem(BaseModelSdk): timestamp: Annotated[ datetime, @@ -866,6 +573,67 @@ class TimelineItem(BaseModelSdk): ] +class TopProductItem(BaseModelSdk): + value: Annotated[str, Field(description='Product name', title='Value')] + nb_ips_cves: Annotated[ + Optional[int], + Field(description='Number of IPs across CVEs', ge=0, title='Nb Ips Cves'), + ] = 0 + nb_ips_fingerprints: Annotated[ + Optional[int], + Field( + description='Number of IPs across fingerprint rules', + ge=0, + title='Nb Ips Fingerprints', + ), + ] = 0 + + +class VendorSortBy(StrEnum): + VALUE = 'value' + NB_CVES = 'nb_cves' + NB_IPS = 'nb_ips' + LATEST_RULE_RELEASE = 'latest_rule_release' + + +class VendorStatsResponse(BaseModelSdk): + value: Annotated[str, Field(description='Vendor name', title='Value')] + nb_cves: Annotated[ + Optional[int], Field(description='Number of CVEs', ge=0, title='Nb Cves') + ] = 0 + nb_fingerprints: Annotated[ + Optional[int], + Field(description='Number of fingerprint rules', ge=0, title='Nb Fingerprints'), + ] = 0 + nb_ips: Annotated[ + Optional[int], + Field( + description='Total number of unique IPs targeting this vendor', + ge=0, + title='Nb Ips', + ), + ] = 0 + nb_ips_cves: Annotated[ + Optional[int], + Field(description='Number of IPs across CVEs', ge=0, title='Nb Ips Cves'), + ] = 0 + nb_ips_fingerprints: Annotated[ + Optional[int], + Field( + description='Number of IPs across fingerprint rules', + ge=0, + title='Nb Ips Fingerprints', + ), + ] = 0 + top_products: Annotated[ + Optional[List[TopProductItem]], + Field( + description='Top products for this vendor sorted by total IPs descending', + title='Top Products', + ), + ] = None + + class IntegrationsGetIntegrationsQueryParameters(BaseModelSdk): tag: Annotated[ Optional[List[str]], @@ -965,9 +733,9 @@ class CvesGetCvesQueryParameters(BaseModelSdk): Optional[GetCVEsSortOrder], Field(description='Sort order: ascending or descending', title='Sort Order'), ] = 'desc' - filters: Annotated[ - Optional[List[GetCVEsFilterBy]], - Field(description='Filters to apply on the CVE list', title='Filters'), + exploitation_phase: Annotated[ + Optional[CVEExploitationPhase], + Field(description='Filter by exploitation phase', title='Exploitation Phase'), ] = None page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') @@ -981,6 +749,10 @@ class CvesGetCvePathParameters(BaseModelSdk): cve_id: Annotated[str, Field(title='Cve Id')] +class CvesGetCveProtectRulesPathParameters(BaseModelSdk): + cve_id: Annotated[str, Field(title='Cve Id')] + + class CvesDownloadCveIpsPathParameters(BaseModelSdk): cve_id: Annotated[str, Field(title='Cve Id')] @@ -1016,6 +788,20 @@ class CvesGetCveIpsDetailsPathParameters(BaseModelSdk): cve_id: Annotated[str, Field(title='Cve Id')] +class CvesGetCveIpsDetailsStatsQueryParameters(BaseModelSdk): + since: Annotated[ + Optional[Since], + Field( + description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', + title='Since', + ), + ] = '14d' + + +class CvesGetCveIpsDetailsStatsPathParameters(BaseModelSdk): + cve_id: Annotated[str, Field(title='Cve Id')] + + class CvesSubscribeIntegrationToCvePathParameters(BaseModelSdk): cve_id: Annotated[str, Field(title='Cve Id')] @@ -1055,6 +841,72 @@ class VendorsGetVendorsQueryParameters(BaseModelSdk): query: Annotated[ Optional[str], Field(description='Search query for vendors', title='Query') ] = None + sort_by: Annotated[ + Optional[VendorSortBy], + Field( + description='Sort by: value, nb_cves, nb_ips, latest_rule_release', + title='Sort By', + ), + ] = None + sort_order: Annotated[ + Optional[GetCVEsSortOrder], + Field(description='Sort order: asc or desc', title='Sort Order'), + ] = 'desc' + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 + + +class VendorsGetVendorStatsPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsDownloadVendorIpsPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsGetVendorIpsDetailsQueryParameters(BaseModelSdk): + since: Annotated[ + Optional[Since], + Field( + description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', + title='Since', + ), + ] = '14d' + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 + + +class VendorsGetVendorIpsDetailsPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsGetVendorIpsDetailsStatsQueryParameters(BaseModelSdk): + since: Annotated[ + Optional[Since], + Field( + description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', + title='Since', + ), + ] = '14d' + + +class VendorsGetVendorIpsDetailsStatsPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsSubscribeIntegrationToVendorPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsGetVendorSubscribedIntegrationsQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1063,6 +915,15 @@ class VendorsGetVendorsQueryParameters(BaseModelSdk): ] = 50 +class VendorsGetVendorSubscribedIntegrationsPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + + +class VendorsUnsubscribeIntegrationFromVendorPathParameters(BaseModelSdk): + vendor: Annotated[str, Field(title='Vendor')] + integration_name: Annotated[str, Field(title='Integration Name')] + + class VendorsGetVendorImpactQueryParameters(BaseModelSdk): sort_by: Annotated[ Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') @@ -1115,7 +976,39 @@ class ProductsGetProductImpactPathParameters(BaseModelSdk): product: Annotated[str, Field(title='Product')] -class TagsGetTagsQueryParameters(BaseModelSdk): +class TrackerTagsGetTagsQueryParameters(BaseModelSdk): + query: Annotated[ + Optional[str], Field(description='Search query for tags', title='Query') + ] = None + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 + + +class TrackerTagsGetTagImpactQueryParameters(BaseModelSdk): + sort_by: Annotated[ + Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') + ] = 'rule_release_date' + sort_order: Annotated[ + Optional[GetCVEsSortOrder], + Field(description='Sort order: ascending or descending', title='Sort Order'), + ] = 'desc' + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 + + +class TrackerTagsGetTagImpactPathParameters(BaseModelSdk): + tag: Annotated[str, Field(title='Tag')] + + +class TrackerTagsGetTrackerTagsQueryParameters(BaseModelSdk): query: Annotated[ Optional[str], Field(description='Search query for tags', title='Query') ] = None @@ -1127,7 +1020,7 @@ class TagsGetTagsQueryParameters(BaseModelSdk): ] = 50 -class TagsGetTagImpactQueryParameters(BaseModelSdk): +class TrackerTagsGetTrackerTagImpactQueryParameters(BaseModelSdk): sort_by: Annotated[ Optional[GetCVEsSortBy], Field(description='Field to sort by', title='Sort By') ] = 'rule_release_date' @@ -1143,7 +1036,7 @@ class TagsGetTagImpactQueryParameters(BaseModelSdk): ] = 50 -class TagsGetTagImpactPathParameters(BaseModelSdk): +class TrackerTagsGetTrackerTagImpactPathParameters(BaseModelSdk): tag: Annotated[str, Field(title='Tag')] @@ -1159,12 +1052,6 @@ class FingerprintsGetFingerprintRulesQueryParameters(BaseModelSdk): Optional[GetCVEsSortOrder], Field(description='Sort order: ascending or descending', title='Sort Order'), ] = 'desc' - filters: Annotated[ - Optional[List[GetCVEsFilterBy]], - Field( - description='Filters to apply on the fingerprint rule list', title='Filters' - ), - ] = None page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') ] = 1 @@ -1197,6 +1084,20 @@ class FingerprintsGetFingerprintIpsDetailsPathParameters(BaseModelSdk): fingerprint: Annotated[str, Field(title='Fingerprint')] +class FingerprintsGetFingerprintIpsDetailsStatsQueryParameters(BaseModelSdk): + since: Annotated[ + Optional[Since], + Field( + description='Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d', + title='Since', + ), + ] = '14d' + + +class FingerprintsGetFingerprintIpsDetailsStatsPathParameters(BaseModelSdk): + fingerprint: Annotated[str, Field(title='Fingerprint')] + + class FingerprintsSubscribeIntegrationToFingerprintPathParameters(BaseModelSdk): fingerprint: Annotated[str, Field(title='Fingerprint')] @@ -1233,14 +1134,49 @@ class FingerprintsGetFingerprintTimelineQueryParameters(BaseModelSdk): title='Interval', ), ] = None - - -class FingerprintsGetFingerprintTimelinePathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] - - -class FingerprintsGetFingerprintRulePathParameters(BaseModelSdk): - fingerprint: Annotated[str, Field(title='Fingerprint')] + + +class FingerprintsGetFingerprintTimelinePathParameters(BaseModelSdk): + fingerprint: Annotated[str, Field(title='Fingerprint')] + + +class FingerprintsGetFingerprintRulePathParameters(BaseModelSdk): + fingerprint: Annotated[str, Field(title='Fingerprint')] + + +class TrackerEventsGetExploitationPhaseChangeEventsQueryParameters(BaseModelSdk): + since: Annotated[ + Optional[str], + Field( + description="Duration string (e.g. '30d', '24h') to filter events", + title='Since', + ), + ] = '30d' + sort_order: Annotated[ + Optional[GetCVEsSortOrder], + Field(description='Sort order: ascending or descending', title='Sort Order'), + ] = 'desc' + cve_id: Annotated[ + Optional[str], + Field(description='Filter by CVE identifier (exact match)', title='Cve Id'), + ] = None + previous_phase: Annotated[ + Optional[CVEExploitationPhase], + Field( + description='Filter by previous exploitation phase name', + title='Previous Phase', + ), + ] = None + new_phase: Annotated[ + Optional[CVEExploitationPhase], + Field(description='Filter by new exploitation phase name', title='New Phase'), + ] = None + page: Annotated[ + Optional[int], Field(description='Page number', ge=1, title='Page') + ] = 1 + size: Annotated[ + Optional[int], Field(description='Page size', ge=1, le=100, title='Size') + ] = 50 class HTTPValidationError(BaseModelSdk): @@ -1335,6 +1271,13 @@ class IntegrationCreateResponse(BaseModelSdk): title='Fingerprints', ), ] + vendors: Annotated[ + List[VendorSubscription], + Field( + description='Vendors that are subscribed by the integration', + title='Vendors', + ), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1423,6 +1366,13 @@ class IntegrationGetResponse(BaseModelSdk): title='Fingerprints', ), ] + vendors: Annotated[ + List[VendorSubscription], + Field( + description='Vendors that are subscribed by the integration', + title='Vendors', + ), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1547,6 +1497,13 @@ class IntegrationUpdateResponse(BaseModelSdk): title='Fingerprints', ), ] + vendors: Annotated[ + List[VendorSubscription], + Field( + description='Vendors that are subscribed by the integration', + title='Vendors', + ), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1643,14 +1600,262 @@ class CVEResponseBase(BaseModelSdk): title='Rule Release Date', ), ] = None - exploitation_phase: Annotated[ - ExploitationPhase, Field(description='Current exploitation phase of the CVE') + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase of the CVE') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], + Field( + description='Score adjustments applied to the CVE score based on various factors' + ), + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + + +class FingerprintRuleResponse(BaseModelSdk): + id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] + name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] + title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] + affected_components: Annotated[ + List[AffectedComponent], + Field(description='List of affected components', title='Affected Components'), + ] + crowdsec_score: Annotated[ + int, + Field( + description='Live Exploit Tracker score for the fingerprint rule', + ge=0, + le=10, + title='Crowdsec Score', + ), + ] + opportunity_score: Annotated[ + Optional[int], + Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), + ] = 0 + momentum_score: Annotated[ + Optional[int], + Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), + ] = 0 + first_seen: Annotated[ + Optional[datetime], Field(description='First seen date', title='First Seen') + ] = None + last_seen: Annotated[ + Optional[datetime], Field(description='Last seen date', title='Last Seen') + ] = None + nb_ips: Annotated[ + int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') + ] + rule_release_date: Annotated[ + Optional[datetime], + Field( + description='Release date of the fingerprint rule', + title='Rule Release Date', + ), + ] = None + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], Field(description='Score adjustment details') + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + tags: Annotated[ + Optional[List[str]], + Field(description='Tags associated with the fingerprint rule', title='Tags'), + ] = None + description: Annotated[ + Optional[str], + Field(description='Fingerprint rule description', title='Description'), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='Reference links for the fingerprint rule', title='References' + ), + ] = None + crowdsec_analysis: Annotated[ + Optional[str], + Field( + description='CrowdSec analysis for this fingerprint rule', + title='Crowdsec Analysis', + ), + ] = None + events: Annotated[ + Optional[List[FingerprintEventOutput]], + Field( + description='List of events related to the fingerprint rule', title='Events' + ), + ] = None + + +class FingerprintRuleSummary(BaseModelSdk): + id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] + name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] + title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] + affected_components: Annotated[ + List[AffectedComponent], + Field(description='List of affected components', title='Affected Components'), + ] + crowdsec_score: Annotated[ + int, + Field( + description='Live Exploit Tracker score for the fingerprint rule', + ge=0, + le=10, + title='Crowdsec Score', + ), + ] + opportunity_score: Annotated[ + Optional[int], + Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), + ] = 0 + momentum_score: Annotated[ + Optional[int], + Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), + ] = 0 + first_seen: Annotated[ + Optional[datetime], Field(description='First seen date', title='First Seen') + ] = None + last_seen: Annotated[ + Optional[datetime], Field(description='Last seen date', title='Last Seen') + ] = None + nb_ips: Annotated[ + int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') + ] + rule_release_date: Annotated[ + Optional[datetime], + Field( + description='Release date of the fingerprint rule', + title='Rule Release Date', + ), + ] = None + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], Field(description='Score adjustment details') + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + + +class GetCVEResponse(BaseModelSdk): + id: Annotated[str, Field(description='ID of the CVE', title='Id')] + name: Annotated[str, Field(description='Name of the CVE', title='Name')] + title: Annotated[str, Field(description='Title of the CVE', title='Title')] + affected_components: Annotated[ + List[AffectedComponent], + Field(description='List of affected components', title='Affected Components'), + ] + crowdsec_score: Annotated[ + int, + Field( + description='Live Exploit Tracker score of the CVE', + ge=0, + le=10, + title='Crowdsec Score', + ), + ] + opportunity_score: Annotated[ + Optional[int], + Field( + description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", + ge=0, + le=5, + title='Opportunity Score', + ), + ] = 0 + momentum_score: Annotated[ + Optional[int], + Field( + description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", + ge=0, + le=5, + title='Momentum Score', + ), + ] = 0 + first_seen: Annotated[ + Optional[datetime], Field(description='First seen date', title='First Seen') + ] = None + last_seen: Annotated[ + Optional[datetime], Field(description='Last seen date', title='Last Seen') + ] = None + nb_ips: Annotated[ + int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') + ] + published_date: Annotated[ + datetime, Field(description='Published date of the CVE', title='Published Date') + ] + cvss_score: Annotated[ + Optional[CvssScore], + Field(description='CVSS score of the CVE', title='Cvss Score'), + ] = None + has_public_exploit: Annotated[ + bool, + Field( + description='Indicates if there is a public exploit for the CVE', + title='Has Public Exploit', + ), + ] + rule_release_date: Annotated[ + Optional[datetime], + Field( + description='Release date of the associated detection rule', + title='Rule Release Date', + ), + ] = None + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase of the CVE') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], + Field( + description='Score adjustments applied to the CVE score based on various factors' + ), + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + tags: Annotated[ + Optional[List[str]], + Field(description='Tags associated with the CVE', title='Tags'), + ] = None + references: Annotated[ + List[str], + Field(description='List of references for the CVE', title='References'), + ] + description: Annotated[ + str, Field(description='Description of the CVE', title='Description') + ] + crowdsec_analysis: Annotated[ + Optional[str], + Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), + ] = None + cwes: Annotated[ + List[CWE], + Field(description='List of CWEs associated with the CVE', title='Cwes'), ] - adjustment_score: Annotated[ - Optional[AdjustmentScore], - Field( - description='Score adjustments applied to the CVE score based on various factors' - ), + events: Annotated[ + Optional[List[CVEEventOutput]], + Field(description='List of events related to the CVE', title='Events'), ] = None @@ -1672,6 +1877,15 @@ class GetCVEsResponsePage(BaseModelSdk): links: Links +class GetFingerprintRulesResponsePage(BaseModelSdk): + items: Annotated[List[FingerprintRuleSummary], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + class GetFingerprintSubscribedIntegrationsResponsePage(BaseModelSdk): items: Annotated[List[IntegrationResponse], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] @@ -1681,6 +1895,15 @@ class GetFingerprintSubscribedIntegrationsResponsePage(BaseModelSdk): links: Links +class GetVendorSubscribedIntegrationsResponsePage(BaseModelSdk): + items: Annotated[List[IntegrationResponse], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + class IPItem(BaseModelSdk): ip: Annotated[str, Field(description='IP address', title='Ip')] reputation: Annotated[ @@ -1756,6 +1979,232 @@ class IPItem(BaseModelSdk): scores: Annotated[Optional[Scores], Field(description='Scoring information')] = None +class LookupImpactCVEItem(BaseModelSdk): + id: Annotated[str, Field(description='ID of the CVE', title='Id')] + name: Annotated[str, Field(description='Name of the CVE', title='Name')] + title: Annotated[str, Field(description='Title of the CVE', title='Title')] + affected_components: Annotated[ + List[AffectedComponent], + Field(description='List of affected components', title='Affected Components'), + ] + crowdsec_score: Annotated[ + int, + Field( + description='Live Exploit Tracker score of the CVE', + ge=0, + le=10, + title='Crowdsec Score', + ), + ] + opportunity_score: Annotated[ + Optional[int], + Field( + description="Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", + ge=0, + le=5, + title='Opportunity Score', + ), + ] = 0 + momentum_score: Annotated[ + Optional[int], + Field( + description="Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", + ge=0, + le=5, + title='Momentum Score', + ), + ] = 0 + first_seen: Annotated[ + Optional[datetime], Field(description='First seen date', title='First Seen') + ] = None + last_seen: Annotated[ + Optional[datetime], Field(description='Last seen date', title='Last Seen') + ] = None + nb_ips: Annotated[ + int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') + ] + published_date: Annotated[ + datetime, Field(description='Published date of the CVE', title='Published Date') + ] + cvss_score: Annotated[ + Optional[CvssScore], + Field(description='CVSS score of the CVE', title='Cvss Score'), + ] = None + has_public_exploit: Annotated[ + bool, + Field( + description='Indicates if there is a public exploit for the CVE', + title='Has Public Exploit', + ), + ] + rule_release_date: Annotated[ + Optional[datetime], + Field( + description='Release date of the associated detection rule', + title='Rule Release Date', + ), + ] = None + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase of the CVE') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], + Field( + description='Score adjustments applied to the CVE score based on various factors' + ), + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + tags: Annotated[ + Optional[List[str]], + Field(description='Tags associated with the CVE', title='Tags'), + ] = None + references: Annotated[ + List[str], + Field(description='List of references for the CVE', title='References'), + ] + description: Annotated[ + str, Field(description='Description of the CVE', title='Description') + ] + crowdsec_analysis: Annotated[ + Optional[str], + Field(description='CrowdSec analysis of the CVE', title='Crowdsec Analysis'), + ] = None + cwes: Annotated[ + List[CWE], + Field(description='List of CWEs associated with the CVE', title='Cwes'), + ] + events: Annotated[ + Optional[List[CVEEventOutput]], + Field(description='List of events related to the CVE', title='Events'), + ] = None + type: Annotated[ + Literal['cve'], Field(description='Resource type', title='Type') + ] = 'cve' + + +class LookupImpactFingerprintItem(BaseModelSdk): + id: Annotated[str, Field(description='Fingerprint rule identifier', title='Id')] + name: Annotated[str, Field(description='Fingerprint rule name', title='Name')] + title: Annotated[str, Field(description='Fingerprint rule title', title='Title')] + affected_components: Annotated[ + List[AffectedComponent], + Field(description='List of affected components', title='Affected Components'), + ] + crowdsec_score: Annotated[ + int, + Field( + description='Live Exploit Tracker score for the fingerprint rule', + ge=0, + le=10, + title='Crowdsec Score', + ), + ] + opportunity_score: Annotated[ + Optional[int], + Field(description='Opportunity score', ge=0, le=5, title='Opportunity Score'), + ] = 0 + momentum_score: Annotated[ + Optional[int], + Field(description='Momentum score', ge=0, le=5, title='Momentum Score'), + ] = 0 + first_seen: Annotated[ + Optional[datetime], Field(description='First seen date', title='First Seen') + ] = None + last_seen: Annotated[ + Optional[datetime], Field(description='Last seen date', title='Last Seen') + ] = None + nb_ips: Annotated[ + int, Field(description='Number of unique IPs observed', ge=0, title='Nb Ips') + ] + rule_release_date: Annotated[ + Optional[datetime], + Field( + description='Release date of the fingerprint rule', + title='Rule Release Date', + ), + ] = None + exploitation_phase: Annotated[ + ExploitationPhase, Field(description='Current exploitation phase') + ] + adjustment_score: Annotated[ + Optional[AdjustmentScore], Field(description='Score adjustment details') + ] = None + threat_context: Annotated[ + Optional[ThreatContext], + Field( + description='Threat context (attacker/defender countries, industries, objectives)' + ), + ] = None + tags: Annotated[ + Optional[List[str]], + Field(description='Tags associated with the fingerprint rule', title='Tags'), + ] = None + description: Annotated[ + Optional[str], + Field(description='Fingerprint rule description', title='Description'), + ] = None + references: Annotated[ + Optional[List[str]], + Field( + description='Reference links for the fingerprint rule', title='References' + ), + ] = None + crowdsec_analysis: Annotated[ + Optional[str], + Field( + description='CrowdSec analysis for this fingerprint rule', + title='Crowdsec Analysis', + ), + ] = None + events: Annotated[ + Optional[List[FingerprintEventOutput]], + Field( + description='List of events related to the fingerprint rule', title='Events' + ), + ] = None + type: Annotated[ + Literal['fingerprint'], Field(description='Resource type', title='Type') + ] = 'fingerprint' + + +class Items(RootModelSdk[Union[LookupImpactCVEItem, LookupImpactFingerprintItem]]): + root: Annotated[ + Union[LookupImpactCVEItem, LookupImpactFingerprintItem], + Field(discriminator='type'), + ] + + +class LookupImpactResponsePage(BaseModelSdk): + items: Annotated[List[Items], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links + + +class ProtectRule(BaseModelSdk): + link: Annotated[str, Field(description='URL to the rule source', title='Link')] + published_date: Annotated[ + Optional[datetime], + Field(description='Date the rule was published', title='Published Date'), + ] = None + tags: Annotated[ + Optional[List[ProtectRuleTag]], + Field(description='Tags associated with the rule', title='Tags'), + ] = None + name: Annotated[str, Field(description='Rule name', title='Name')] + label: Annotated[str, Field(description='Human-readable rule label', title='Label')] + content: Annotated[ + Optional[str], Field(description='Rule content/definition', title='Content') + ] = None + + class GetCVEIPsResponsePage(BaseModelSdk): items: Annotated[List[IPItem], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] @@ -1765,6 +2214,16 @@ class GetCVEIPsResponsePage(BaseModelSdk): links: Links +class GetCVEProtectRulesResponse(BaseModelSdk): + protect_rules: Annotated[ + Optional[List[ProtectRule]], + Field( + description='Protection/detection rules associated with the CVE', + title='Protect Rules', + ), + ] = None + + class GetFingerprintIPsResponsePage(BaseModelSdk): items: Annotated[List[IPItem], Field(title='Items')] total: Annotated[int, Field(ge=0, title='Total')] @@ -1772,3 +2231,12 @@ class GetFingerprintIPsResponsePage(BaseModelSdk): size: Annotated[int, Field(ge=1, title='Size')] pages: Annotated[int, Field(ge=0, title='Pages')] links: Links + + +class GetVendorIPsResponsePage(BaseModelSdk): + items: Annotated[List[IPItem], Field(title='Items')] + total: Annotated[int, Field(ge=0, title='Total')] + page: Annotated[int, Field(ge=1, title='Page')] + size: Annotated[int, Field(ge=1, title='Size')] + pages: Annotated[int, Field(ge=0, title='Pages')] + links: Links diff --git a/crowdsec_tracker_api/services/__pycache__/__init__.cpython-311.pyc b/crowdsec_tracker_api/services/__pycache__/__init__.cpython-311.pyc index 031bdb7d0eae45a1fed0bcf1318710282ae9beff..d5938d974c9a32e666a97675c8477ea42a7789b4 100644 GIT binary patch delta 24 ecmaFE_=b^tIWI340}$L!yEc(KhS79lMhgI190zj% delta 24 ecmaFE_=b^tIWI340}!y^oI8;_hS6kVMhgH_c?Q@3 diff --git a/crowdsec_tracker_api/services/cves.py b/crowdsec_tracker_api/services/cves.py index 0ca4437..ad44c1d 100644 --- a/crowdsec_tracker_api/services/cves.py +++ b/crowdsec_tracker_api/services/cves.py @@ -11,14 +11,14 @@ class Cves(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") def get_cves( self, query: Optional[str] = None, sort_by: Optional[GetCVEsSortBy] = GetCVEsSortBy("rule_release_date"), sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), - filters: Optional[list[GetCVEsFilterBy]] = None, + exploitation_phase: Optional[CVEExploitationPhase] = None, page: int = 1, size: int = 50, )-> GetCVEsResponsePage: @@ -58,6 +58,26 @@ def get_cve( return GetCVEResponse(**response.json()) + def get_cve_protect_rules( + self, + cve_id: str, + )-> GetCVEProtectRulesResponse: + endpoint_url = "/cves/{cve_id}/protect-rules" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + CvesGetCveProtectRulesPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return GetCVEProtectRulesResponse(**response.json()) + def download_cve_ips( self, cve_id: str, @@ -105,6 +125,31 @@ def get_cve_ips_details( return GetCVEIPsResponsePage(_client=self, **response.json()) + def get_cve_ips_details_stats( + self, + cve_id: str, + since: Optional[str] = "14d", + )-> IpsDetailsStats: + endpoint_url = "/cves/{cve_id}/ips-details-stats" + loc = locals() + headers = {} + params = json.loads( + CvesGetCveIpsDetailsStatsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + CvesGetCveIpsDetailsStatsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return IpsDetailsStats(**response.json()) + def get_cve_subscribed_integrations( self, cve_id: str, diff --git a/crowdsec_tracker_api/services/fingerprints.py b/crowdsec_tracker_api/services/fingerprints.py index aa7861c..ea1c573 100644 --- a/crowdsec_tracker_api/services/fingerprints.py +++ b/crowdsec_tracker_api/services/fingerprints.py @@ -11,14 +11,13 @@ class Fingerprints(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") def get_fingerprint_rules( self, query: Optional[str] = None, sort_by: Optional[GetCVEsSortBy] = GetCVEsSortBy("rule_release_date"), sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), - filters: Optional[list[GetCVEsFilterBy]] = None, page: int = 1, size: int = 50, )-> GetFingerprintRulesResponsePage: @@ -85,6 +84,31 @@ def get_fingerprint_ips_details( return GetFingerprintIPsResponsePage(_client=self, **response.json()) + def get_fingerprint_ips_details_stats( + self, + fingerprint: str, + since: Optional[str] = "14d", + )-> IpsDetailsStats: + endpoint_url = "/fingerprints/{fingerprint}/ips-details-stats" + loc = locals() + headers = {} + params = json.loads( + FingerprintsGetFingerprintIpsDetailsStatsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + FingerprintsGetFingerprintIpsDetailsStatsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return IpsDetailsStats(**response.json()) + def get_fingerprint_subscribed_integrations( self, fingerprint: str, diff --git a/crowdsec_tracker_api/services/integrations.py b/crowdsec_tracker_api/services/integrations.py index 46ed4a7..941860b 100644 --- a/crowdsec_tracker_api/services/integrations.py +++ b/crowdsec_tracker_api/services/integrations.py @@ -11,7 +11,7 @@ class Integrations(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") def get_integrations( self, diff --git a/crowdsec_tracker_api/services/products.py b/crowdsec_tracker_api/services/products.py index 4c18648..47e44f3 100644 --- a/crowdsec_tracker_api/services/products.py +++ b/crowdsec_tracker_api/services/products.py @@ -11,14 +11,14 @@ class Products(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") def get_products( self, query: Optional[str] = None, page: int = 1, size: int = 50, - )-> LookupListResponsePage: + )-> LookupListWithStatsResponsePage: endpoint_url = "/products" loc = locals() headers = {} @@ -33,7 +33,7 @@ def get_products( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return LookupListResponsePage(_client=self, **response.json()) + return LookupListWithStatsResponsePage(_client=self, **response.json()) def get_product_impact( self, diff --git a/crowdsec_tracker_api/services/tracker_events.py b/crowdsec_tracker_api/services/tracker_events.py new file mode 100644 index 0000000..1202578 --- /dev/null +++ b/crowdsec_tracker_api/services/tracker_events.py @@ -0,0 +1,41 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class TrackerEvents(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") + + def get_exploitation_phase_change_events( + self, + since: str = "30d", + sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), + cve_id: Optional[str] = None, + previous_phase: Optional[CVEExploitationPhase] = None, + new_phase: Optional[CVEExploitationPhase] = None, + page: int = 1, + size: int = 50, + )-> ExploitationPhaseChangeEventsResponsePage: + endpoint_url = "/tracker-events/exploitation-phase-change" + loc = locals() + headers = {} + params = json.loads( + TrackerEventsGetExploitationPhaseChangeEventsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return ExploitationPhaseChangeEventsResponsePage(_client=self, **response.json()) + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/tracker_tags.py b/crowdsec_tracker_api/services/tracker_tags.py new file mode 100644 index 0000000..f64e35b --- /dev/null +++ b/crowdsec_tracker_api/services/tracker_tags.py @@ -0,0 +1,115 @@ +import json +from types import NoneType +from typing import Optional, Union, Annotated + +from ..models import * +from ..base_model import Page, Service +from pydantic import BaseModel, Field +from pydantic.fields import FieldInfo +from httpx import Auth +from ..http_client import HttpClient + +class TrackerTags(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") + + def get_tags( + self, + query: Optional[str] = None, + page: int = 1, + size: int = 50, + )-> LookupListWithStatsResponsePage: + endpoint_url = "/tags" + loc = locals() + headers = {} + params = json.loads( + TrackerTagsGetTagsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return LookupListWithStatsResponsePage(_client=self, **response.json()) + + def get_tag_impact( + self, + tag: str, + sort_by: Optional[GetCVEsSortBy] = GetCVEsSortBy("rule_release_date"), + sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), + page: int = 1, + size: int = 50, + )-> LookupImpactResponsePage: + endpoint_url = "/tags/{tag}" + loc = locals() + headers = {} + params = json.loads( + TrackerTagsGetTagImpactQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + TrackerTagsGetTagImpactPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return LookupImpactResponsePage(_client=self, **response.json()) + + def get_tracker_tags( + self, + query: Optional[str] = None, + page: int = 1, + size: int = 50, + )-> LookupListWithStatsResponsePage: + endpoint_url = "/tracker-tags" + loc = locals() + headers = {} + params = json.loads( + TrackerTagsGetTrackerTagsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = {} + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return LookupListWithStatsResponsePage(_client=self, **response.json()) + + def get_tracker_tag_impact( + self, + tag: str, + sort_by: Optional[GetCVEsSortBy] = GetCVEsSortBy("rule_release_date"), + sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), + page: int = 1, + size: int = 50, + )-> LookupImpactResponsePage: + endpoint_url = "/tracker-tags/{tag}" + loc = locals() + headers = {} + params = json.loads( + TrackerTagsGetTrackerTagImpactQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + TrackerTagsGetTrackerTagImpactPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return LookupImpactResponsePage(_client=self, **response.json()) + \ No newline at end of file diff --git a/crowdsec_tracker_api/services/vendors.py b/crowdsec_tracker_api/services/vendors.py index 6058dc9..bbf8055 100644 --- a/crowdsec_tracker_api/services/vendors.py +++ b/crowdsec_tracker_api/services/vendors.py @@ -11,14 +11,16 @@ class Vendors(Service): def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: - super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.108.1") + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_tracker_api/1.119.5") def get_vendors( self, query: Optional[str] = None, + sort_by: Optional[VendorSortBy] = None, + sort_order: Optional[GetCVEsSortOrder] = GetCVEsSortOrder("desc"), page: int = 1, size: int = 50, - )-> LookupListResponsePage: + )-> LookupListWithStatsResponsePage: endpoint_url = "/vendors" loc = locals() headers = {} @@ -33,7 +35,172 @@ def get_vendors( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return LookupListResponsePage(_client=self, **response.json()) + return LookupListWithStatsResponsePage(_client=self, **response.json()) + + def get_vendor_stats( + self, + vendor: str, + )-> VendorStatsResponse: + endpoint_url = "/vendors/{vendor}/stats" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + VendorsGetVendorStatsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return VendorStatsResponse(**response.json()) + + def download_vendor_ips( + self, + vendor: str, + )-> str: + endpoint_url = "/vendors/{vendor}/ips-download" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + VendorsDownloadVendorIpsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return response.text + + def get_vendor_ips_details( + self, + vendor: str, + since: Optional[str] = "14d", + page: int = 1, + size: int = 50, + )-> GetVendorIPsResponsePage: + endpoint_url = "/vendors/{vendor}/ips-details" + loc = locals() + headers = {} + params = json.loads( + VendorsGetVendorIpsDetailsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + VendorsGetVendorIpsDetailsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return GetVendorIPsResponsePage(_client=self, **response.json()) + + def get_vendor_ips_details_stats( + self, + vendor: str, + since: Optional[str] = "14d", + )-> IpsDetailsStats: + endpoint_url = "/vendors/{vendor}/ips-details-stats" + loc = locals() + headers = {} + params = json.loads( + VendorsGetVendorIpsDetailsStatsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + VendorsGetVendorIpsDetailsStatsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return IpsDetailsStats(**response.json()) + + def get_vendor_subscribed_integrations( + self, + vendor: str, + page: int = 1, + size: int = 50, + )-> GetVendorSubscribedIntegrationsResponsePage: + endpoint_url = "/vendors/{vendor}/integrations" + loc = locals() + headers = {} + params = json.loads( + VendorsGetVendorSubscribedIntegrationsQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + path_params = json.loads( + VendorsGetVendorSubscribedIntegrationsPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.get( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return GetVendorSubscribedIntegrationsResponsePage(_client=self, **response.json()) + + def subscribe_integration_to_vendor( + self, + request: SubscribeVendorIntegrationRequest, + vendor: str, + ): + endpoint_url = "/vendors/{vendor}/integrations" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + VendorsSubscribeIntegrationToVendorPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + payload = json.loads( + request.model_dump_json( + exclude_none=True + ) + ) if "request" in loc else None + response = self.http_client.post( + url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload + ) + + return None + + def unsubscribe_integration_from_vendor( + self, + vendor: str, + integration_name: str, + ): + endpoint_url = "/vendors/{vendor}/integrations/{integration_name}" + loc = locals() + headers = {} + params = {} + path_params = json.loads( + VendorsUnsubscribeIntegrationFromVendorPathParameters(**loc).model_dump_json( + exclude_none=True + ) + ) + + response = self.http_client.delete( + url=endpoint_url, path_params=path_params, params=params, headers=headers + ) + + return None def get_vendor_impact( self, diff --git a/doc/Cves.md b/doc/Cves.md index fad591b..2f7739c 100644 --- a/doc/Cves.md +++ b/doc/Cves.md @@ -5,8 +5,10 @@ | ------ | ----------- | | [get_cves](#get_cves) | Get a paginated list of CVEs that CrowdSec is tracking | | [get_cve](#get_cve) | Get information about a specific CVE ID | +| [get_cve_protect_rules](#get_cve_protect_rules) | Get protection/detection rules associated with a specific CVE ID | | [download_cve_ips](#download_cve_ips) | Download the list of IPs exploiting a specific CVE ID in raw format | | [get_cve_ips_details](#get_cve_ips_details) | Get detailed information about IPs exploiting a specific CVE ID | +| [get_cve_ips_details_stats](#get_cve_ips_details_stats) | Get aggregated statistics about IPs exploiting a specific CVE ID | | [get_cve_subscribed_integrations](#get_cve_subscribed_integrations) | Get the list of integrations subscribed to a specific CVE ID | | [subscribe_integration_to_cve](#subscribe_integration_to_cve) | Subscribe an integration to receive threats related to a specific CVE ID | | [unsubscribe_integration_from_cve](#unsubscribe_integration_from_cve) | Unsubscribe an integration from receiving threats related to a specific CVE ID | @@ -23,7 +25,7 @@ | query | Optional[str] | Search query for CVEs | False | None | | sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | | sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| filters | Optional[list[GetCVEsFilterBy]] | Filters to apply on the CVE list | False | None | +| exploitation_phase | Optional[CVEExploitationPhase] | Filter by exploitation phase | False | None | | page | int | Page number | False | 1 | | size | int | Page size | False | 50 | ### Returns: @@ -47,7 +49,7 @@ try: query=None, sort_by=rule_release_date, sort_order=desc, - filters=None, + exploitation_phase=None, page=1, size=50, ) @@ -93,6 +95,42 @@ except HTTPStatusError as e: ``` +## **get_cve_protect_rules** +### Get protection/detection rules associated with a specific CVE ID +- Endpoint: `/cves/{cve_id}/protect-rules` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| cve_id | str | | True | | +### Returns: +[GetCVEProtectRulesResponse](./Models.md#getcveprotectrulesresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | CVE Not Found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Cves, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Cves(auth=auth) +try: + response = client.get_cve_protect_rules( + cve_id='cve_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + ## **download_cve_ips** ### Download the list of IPs exploiting a specific CVE ID in raw format - Endpoint: `/cves/{cve_id}/ips-download` @@ -171,6 +209,44 @@ except HTTPStatusError as e: ``` +## **get_cve_ips_details_stats** +### Get aggregated statistics about IPs exploiting a specific CVE ID +- Endpoint: `/cves/{cve_id}/ips-details-stats` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| cve_id | str | | True | | +| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | +### Returns: +[IpsDetailsStats](./Models.md#ipsdetailsstats) +### Errors: +| Code | Description | +| ---- | ----------- | +| 404 | CVE Not Found | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Cves, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Cves(auth=auth) +try: + response = client.get_cve_ips_details_stats( + cve_id='cve_id', + since=14d, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + ## **get_cve_subscribed_integrations** ### Get the list of integrations subscribed to a specific CVE ID - Endpoint: `/cves/{cve_id}/integrations` diff --git a/doc/Fingerprints.md b/doc/Fingerprints.md index 4a4e862..4c4b167 100644 --- a/doc/Fingerprints.md +++ b/doc/Fingerprints.md @@ -6,6 +6,7 @@ | [get_fingerprint_rules](#get_fingerprint_rules) | Get a paginated list of fingerprint rules | | [download_fingerprint_ips](#download_fingerprint_ips) | Download the list of IPs exploiting a specific fingerprint rule in raw format | | [get_fingerprint_ips_details](#get_fingerprint_ips_details) | Get detailed information about IPs exploiting a specific fingerprint rule | +| [get_fingerprint_ips_details_stats](#get_fingerprint_ips_details_stats) | Get aggregated statistics about IPs exploiting a specific fingerprint rule | | [get_fingerprint_subscribed_integrations](#get_fingerprint_subscribed_integrations) | Get the list of integrations subscribed to a specific fingerprint rule | | [subscribe_integration_to_fingerprint](#subscribe_integration_to_fingerprint) | Subscribe an integration to receive threats related to a specific fingerprint rule | | [unsubscribe_integration_from_fingerprint](#unsubscribe_integration_from_fingerprint) | Unsubscribe an integration from receiving threats related to a specific fingerprint rule | @@ -23,7 +24,6 @@ | query | Optional[str] | Search query for fingerprint rules | False | None | | sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | | sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| filters | Optional[list[GetCVEsFilterBy]] | Filters to apply on the fingerprint rule list | False | None | | page | int | Page number | False | 1 | | size | int | Page size | False | 50 | ### Returns: @@ -47,7 +47,6 @@ try: query=None, sort_by=rule_release_date, sort_order=desc, - filters=None, page=1, size=50, ) @@ -133,6 +132,43 @@ except HTTPStatusError as e: ``` +## **get_fingerprint_ips_details_stats** +### Get aggregated statistics about IPs exploiting a specific fingerprint rule +- Endpoint: `/fingerprints/{fingerprint}/ips-details-stats` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| fingerprint | str | | True | | +| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | +### Returns: +[IpsDetailsStats](./Models.md#ipsdetailsstats) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Fingerprints, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Fingerprints(auth=auth) +try: + response = client.get_fingerprint_ips_details_stats( + fingerprint='fingerprint', + since=14d, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + ## **get_fingerprint_subscribed_integrations** ### Get the list of integrations subscribed to a specific fingerprint rule - Endpoint: `/fingerprints/{fingerprint}/integrations` diff --git a/doc/Models.md b/doc/Models.md index 9909bfb..f823f62 100644 --- a/doc/Models.md +++ b/doc/Models.md @@ -63,7 +63,7 @@ name, entity_type, output_format # **IntegrationCreateResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, endpoint, credentials +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, vendors, endpoint, credentials ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -79,6 +79,7 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || | cves | list[CVESubscription] | CVEs that are subscribed by the integration || | fingerprints | list[FingerprintSubscription] | Fingerprints that are subscribed by the integration || +| vendors | list[VendorSubscription] | Vendors that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -88,7 +89,7 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b # **IntegrationGetResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, endpoint +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, vendors, endpoint ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -104,6 +105,7 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || | cves | list[CVESubscription] | CVEs that are subscribed by the integration || | fingerprints | list[FingerprintSubscription] | Fingerprints that are subscribed by the integration || +| vendors | list[VendorSubscription] | Vendors that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -140,7 +142,7 @@ FIREWALL_INTEGRATION, REMEDIATION_COMPONENT_INTEGRATION # **IntegrationUpdateResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, endpoint +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, fingerprints, vendors, endpoint ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -156,6 +158,7 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || | cves | list[CVESubscription] | CVEs that are subscribed by the integration || | fingerprints | list[FingerprintSubscription] | Fingerprints that are subscribed by the integration || +| vendors | list[VendorSubscription] | Vendors that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -195,9 +198,15 @@ loc, msg, type | msg | str | None || | type | str | None || -# **AdjustmentScore** +# **VendorSubscription** ## Required: -total, recency, low_info +id +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| id | str | None || + +# **AdjustmentScore** ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -241,16 +250,21 @@ name, label, description | label | str | Behavior label || | description | str | Behavior description || -# **CVEEvent** +# **CVEEventOutput** ## Required: -date, description, label, name +name, date, description, label, sorting_priority ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| date | str | Date of the event || -| description | str | Description of the event || -| label | str | Label of the event || -| name | str | Name of the event || +| name | str | None || +| date | str | None || +| description | str | None || +| label | str | None || +| sorting_priority | int | None || + +# **CVEExploitationPhase** +## Enum: +INSUFFICIENT_DATA, EARLY_EXPLOITATION, FRESH_AND_POPULAR, TARGETED_EXPLOITATION, MASS_EXPLOITATION, BACKGROUND_NOISE, UNPOPULAR, WEARING_OUT, UNCLASSIFIED # **CVEResponseBase** ## Required: @@ -274,6 +288,7 @@ id, name, title, affected_components, crowdsec_score, nb_ips, published_date, ha | rule_release_date | Optional[str] | Release date of the associated detection rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || # **CVEsubscription** ## Required: @@ -324,6 +339,53 @@ name, label, description | label | str | Label of the exploitation phase || | description | str | Description of the exploitation phase || +# **ExploitationPhaseChangeEventItem** +## Required: +cve_id, name, date, label, description, previous_phase, new_phase +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| cve_id | str | CVE identifier || +| name | str | Event type name || +| date | str | Date of the phase change || +| label | str | Human-readable event label || +| description | str | Rendered event description || +| previous_phase | str | Previous exploitation phase label || +| new_phase | str | New exploitation phase label || + +# **ExploitationPhaseChangeEventsResponsePage** +## Required: +items, total, page, size, pages, links +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| items | list[ExploitationPhaseChangeEventItem] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || + +# **FacetBucket** +## Required: +value, count +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| value | str | Facet value || +| count | int | Number of IPs matching this value || + +# **FingerprintEventOutput** +## Required: +name, date, description, label +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| name | str | None || +| date | str | None || +| description | str | None || +| label | str | None || + # **FingerprintRuleResponse** ## Required: id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase @@ -343,12 +405,12 @@ id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase | rule_release_date | Optional[str] | Release date of the fingerprint rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustment details || -| hype_score | int | Hype score (raw momentum component) || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || | tags | list[str] | Tags associated with the fingerprint rule || | description | Optional[str] | Fingerprint rule description || | references | list[str] | Reference links for the fingerprint rule || | crowdsec_analysis | Optional[str] | CrowdSec analysis for this fingerprint rule || -| events | list[CVEEvent] | List of events related to the fingerprint rule || +| events | list[FingerprintEventOutput] | List of events related to the fingerprint rule || # **FingerprintRuleSummary** ## Required: @@ -369,6 +431,7 @@ id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase | rule_release_date | Optional[str] | Release date of the fingerprint rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustment details || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || # **FingerprintTimelineItem** ## Required: @@ -392,6 +455,12 @@ items, total, page, size, pages, links | pages | int | None || | links | Links | None || +# **GetCVEProtectRulesResponse** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| protect_rules | list[ProtectRule] | Protection/detection rules associated with the CVE || + # **GetCVEResponse** ## Required: id, name, title, affected_components, crowdsec_score, nb_ips, published_date, has_public_exploit, exploitation_phase, references, description, crowdsec_analysis, cwes @@ -414,13 +483,13 @@ id, name, title, affected_components, crowdsec_score, nb_ips, published_date, ha | rule_release_date | Optional[str] | Release date of the associated detection rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || -| hype_score | int | Hype score (raw momentum component) || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || | tags | list[str] | Tags associated with the CVE || | references | list[str] | List of references for the CVE || | description | str | Description of the CVE || | crowdsec_analysis | Optional[str] | CrowdSec analysis of the CVE || | cwes | list[CWE] | List of CWEs associated with the CVE || -| events | list[CVEEvent] | List of events related to the CVE || +| events | list[CVEEventOutput] | List of events related to the CVE || # **GetCVESubscribedIntegrationsResponsePage** ## Required: @@ -435,10 +504,6 @@ items, total, page, size, pages, links | pages | int | None || | links | Links | None || -# **GetCVEsFilterBy** -## Enum: -IS_PUBLIC - # **GetCVEsResponsePage** ## Required: items, total, page, size, pages, links @@ -454,7 +519,7 @@ items, total, page, size, pages, links # **GetCVEsSortBy** ## Enum: -RULE_RELEASE_DATE, TRENDING, NB_IPS, NAME +RULE_RELEASE_DATE, TRENDING, NB_IPS, NAME, FIRST_SEEN # **GetCVEsSortOrder** ## Enum: @@ -499,6 +564,32 @@ items, total, page, size, pages, links | pages | int | None || | links | Links | None || +# **GetVendorIPsResponsePage** +## Required: +items, total, page, size, pages, links +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| items | list[IPItem] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || + +# **GetVendorSubscribedIntegrationsResponsePage** +## Required: +items, total, page, size, pages, links +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| items | list[IntegrationResponse] | None || +| total | int | None || +| page | int | None || +| size | int | None || +| pages | int | None || +| links | Links | None || + # **History** ## Required: first_seen, last_seen, full_age, days_age @@ -553,8 +644,9 @@ organization_id, entity_type, name, output_format | id | str | ID of the integration || | blocklists | list[BlocklistSubscription] | None || | allowlists | list[AllowlistSubscription] | None || -| cves | list[CVEsubscription] | None || -| fingerprints | list[FingerprintSubscription] | None || +| cves | Optional[list[CVEsubscription]] | None || +| fingerprints | Optional[list[FingerprintSubscription]] | None || +| vendors | Optional[list[VendorSubscription]] | None || | name | str | Name of the integration || | updated_at | str | Last time the integration was updated || | description | Optional[str] | Description of the integration || @@ -567,6 +659,19 @@ organization_id, entity_type, name, output_format ## Enum: HOUR, DAY, WEEK +# **IpsDetailsStats** +## Required: +total, reputation, country, as_name, cves, classifications +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| total | int | Total number of matching IPs || +| reputation | list[FacetBucket] | IP count by reputation || +| country | list[FacetBucket] | IP count by country (top 5) || +| as_name | list[FacetBucket] | IP count by AS name (top 5) || +| cves | list[FacetBucket] | IP count by CVE (top 5) || +| classifications | list[FacetBucket] | IP count by classification (top 5) || + # **Location** ## Properties | Property | Type | Description | Example | @@ -598,13 +703,13 @@ id, name, title, affected_components, crowdsec_score, nb_ips, published_date, ha | rule_release_date | Optional[str] | Release date of the associated detection rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustments applied to the CVE score based on various factors || -| hype_score | int | Hype score (raw momentum component) || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || | tags | list[str] | Tags associated with the CVE || | references | list[str] | List of references for the CVE || | description | str | Description of the CVE || | crowdsec_analysis | Optional[str] | CrowdSec analysis of the CVE || | cwes | list[CWE] | List of CWEs associated with the CVE || -| events | list[CVEEvent] | List of events related to the CVE || +| events | list[CVEEventOutput] | List of events related to the CVE || | type | str | Resource type || # **LookupImpactFingerprintItem** @@ -626,12 +731,12 @@ id, name, title, affected_components, crowdsec_score, nb_ips, exploitation_phase | rule_release_date | Optional[str] | Release date of the fingerprint rule || | exploitation_phase | ExploitationPhase | None || | adjustment_score | Optional[AdjustmentScore] | Score adjustment details || -| hype_score | int | Hype score (raw momentum component) || +| threat_context | Optional[ThreatContext] | Threat context (attacker/defender countries, industries, objectives) || | tags | list[str] | Tags associated with the fingerprint rule || | description | Optional[str] | Fingerprint rule description || | references | list[str] | Reference links for the fingerprint rule || | crowdsec_analysis | Optional[str] | CrowdSec analysis for this fingerprint rule || -| events | list[CVEEvent] | List of events related to the fingerprint rule || +| events | list[FingerprintEventOutput] | List of events related to the fingerprint rule || | type | str | Resource type || # **LookupImpactResponsePage** @@ -647,21 +752,27 @@ items, total, page, size, pages, links | pages | int | None || | links | Links | None || -# **LookupListItem** +# **LookupListItemWithStats** ## Required: value ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| | value | str | Lookup entry value || +| nb_cves | int | Number of CVEs || +| nb_fingerprints | int | Number of fingerprint rules || +| nb_ips | int | Total number of unique IPs targeting this entry || +| nb_ips_cves | int | Number of IPs across CVEs || +| nb_ips_fingerprints | int | Number of IPs across fingerprint rules || +| latest_rule_release | Optional[str] | Most recent rule release date for this entry || -# **LookupListResponsePage** +# **LookupListWithStatsResponsePage** ## Required: items, total, page, size, pages, links ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| items | list[LookupListItem] | None || +| items | list[LookupListItemWithStats] | None || | total | int | None || | page | int | None || | size | int | None || @@ -678,6 +789,28 @@ name, label, description | label | str | MITRE technique label || | description | str | MITRE technique description || +# **ProtectRule** +## Required: +link, name, label +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| link | str | URL to the rule source || +| published_date | Optional[str] | Date the rule was published || +| tags | list[ProtectRuleTag] | Tags associated with the rule || +| name | str | Rule name || +| label | str | Human-readable rule label || +| content | Optional[str] | Rule content/definition || + +# **ProtectRuleTag** +## Required: +tag, label +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| tag | str | Tag identifier || +| label | str | Human-readable tag label || + # **Reference** ## Required: name, label, description @@ -729,6 +862,24 @@ name |----------|------|-------------|---------| | name | str | Name of the integration to subscribe || +# **SubscribeVendorIntegrationRequest** +## Required: +name +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| name | str | Name of the integration to subscribe || + +# **ThreatContext** +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| attacker_countries | Attacker Countries | Attacker country distribution (country code → count) || +| defender_countries | Defender Countries | Defender country distribution (country code → count) || +| industry_types | Industry Types | Industry type distribution (type → count) || +| industry_risk_profiles | Industry Risk Profiles | Industry risk profile distribution (profile → count) || +| attacker_objectives | Attacker Objectives | Attacker objective distribution (objective → count) || + # **TimelineItem** ## Required: timestamp, count @@ -736,4 +887,32 @@ timestamp, count | Property | Type | Description | Example | |----------|------|-------------|---------| | timestamp | str | Timestamp of the timeline event || -| count | int | Count of occurrences at the timestamp || \ No newline at end of file +| count | int | Count of occurrences at the timestamp || + +# **TopProductItem** +## Required: +value +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| value | str | Product name || +| nb_ips_cves | int | Number of IPs across CVEs || +| nb_ips_fingerprints | int | Number of IPs across fingerprint rules || + +# **VendorSortBy** +## Enum: +VALUE, NB_CVES, NB_IPS, LATEST_RULE_RELEASE + +# **VendorStatsResponse** +## Required: +value +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| value | str | Vendor name || +| nb_cves | int | Number of CVEs || +| nb_fingerprints | int | Number of fingerprint rules || +| nb_ips | int | Total number of unique IPs targeting this vendor || +| nb_ips_cves | int | Number of IPs across CVEs || +| nb_ips_fingerprints | int | Number of IPs across fingerprint rules || +| top_products | list[TopProductItem] | Top products for this vendor sorted by total IPs descending || \ No newline at end of file diff --git a/doc/Products.md b/doc/Products.md index 945b3e5..90f8cba 100644 --- a/doc/Products.md +++ b/doc/Products.md @@ -18,7 +18,7 @@ | page | int | Page number | False | 1 | | size | int | Page size | False | 50 | ### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) +[LookupListWithStatsResponsePage](./Models.md#lookuplistwithstatsresponsepage) ### Errors: | Code | Description | | ---- | ----------- | diff --git a/doc/README.md b/doc/README.md index 1127917..dcb5488 100644 --- a/doc/README.md +++ b/doc/README.md @@ -19,10 +19,12 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [Products](./Products.md) -[Tags](./Tags.md) +[TrackerTags](./TrackerTags.md) [Fingerprints](./Fingerprints.md) +[TrackerEvents](./TrackerEvents.md) + ## API Endpoint models [ApiKeyCredentials](./Models.md#apikeycredentials) @@ -59,6 +61,8 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [ValidationError](./Models.md#validationerror) +[VendorSubscription](./Models.md#vendorsubscription) + [AdjustmentScore](./Models.md#adjustmentscore) [AffectedComponent](./Models.md#affectedcomponent) @@ -69,7 +73,9 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [Behavior](./Models.md#behavior) -[CVEEvent](./Models.md#cveevent) +[CVEEventOutput](./Models.md#cveeventoutput) + +[CVEExploitationPhase](./Models.md#cveexploitationphase) [CVEResponseBase](./Models.md#cveresponsebase) @@ -85,6 +91,14 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [ExploitationPhase](./Models.md#exploitationphase) +[ExploitationPhaseChangeEventItem](./Models.md#exploitationphasechangeeventitem) + +[ExploitationPhaseChangeEventsResponsePage](./Models.md#exploitationphasechangeeventsresponsepage) + +[FacetBucket](./Models.md#facetbucket) + +[FingerprintEventOutput](./Models.md#fingerprinteventoutput) + [FingerprintRuleResponse](./Models.md#fingerprintruleresponse) [FingerprintRuleSummary](./Models.md#fingerprintrulesummary) @@ -93,12 +107,12 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [GetCVEIPsResponsePage](./Models.md#getcveipsresponsepage) +[GetCVEProtectRulesResponse](./Models.md#getcveprotectrulesresponse) + [GetCVEResponse](./Models.md#getcveresponse) [GetCVESubscribedIntegrationsResponsePage](./Models.md#getcvesubscribedintegrationsresponsepage) -[GetCVEsFilterBy](./Models.md#getcvesfilterby) - [GetCVEsResponsePage](./Models.md#getcvesresponsepage) [GetCVEsSortBy](./Models.md#getcvessortby) @@ -111,6 +125,10 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [GetFingerprintSubscribedIntegrationsResponsePage](./Models.md#getfingerprintsubscribedintegrationsresponsepage) +[GetVendorIPsResponsePage](./Models.md#getvendoripsresponsepage) + +[GetVendorSubscribedIntegrationsResponsePage](./Models.md#getvendorsubscribedintegrationsresponsepage) + [History](./Models.md#history) [IPItem](./Models.md#ipitem) @@ -119,6 +137,8 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [IntervalOptions](./Models.md#intervaloptions) +[IpsDetailsStats](./Models.md#ipsdetailsstats) + [Location](./Models.md#location) [LookupImpactCVEItem](./Models.md#lookupimpactcveitem) @@ -127,12 +147,16 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) -[LookupListItem](./Models.md#lookuplistitem) +[LookupListItemWithStats](./Models.md#lookuplistitemwithstats) -[LookupListResponsePage](./Models.md#lookuplistresponsepage) +[LookupListWithStatsResponsePage](./Models.md#lookuplistwithstatsresponsepage) [MitreTechnique](./Models.md#mitretechnique) +[ProtectRule](./Models.md#protectrule) + +[ProtectRuleTag](./Models.md#protectruletag) + [Reference](./Models.md#reference) [ScoreBreakdown](./Models.md#scorebreakdown) @@ -145,4 +169,14 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [SubscribeFingerprintIntegrationRequest](./Models.md#subscribefingerprintintegrationrequest) -[TimelineItem](./Models.md#timelineitem) \ No newline at end of file +[SubscribeVendorIntegrationRequest](./Models.md#subscribevendorintegrationrequest) + +[ThreatContext](./Models.md#threatcontext) + +[TimelineItem](./Models.md#timelineitem) + +[TopProductItem](./Models.md#topproductitem) + +[VendorSortBy](./Models.md#vendorsortby) + +[VendorStatsResponse](./Models.md#vendorstatsresponse) \ No newline at end of file diff --git a/doc/Tags.md b/doc/Tags.md deleted file mode 100644 index afca4ce..0000000 --- a/doc/Tags.md +++ /dev/null @@ -1,89 +0,0 @@ - - -# Tags Methods -| Method | Description | -| ------ | ----------- | -| [get_tags](#get_tags) | Get a paginated list of tags | -| [get_tag_impact](#get_tag_impact) | Get CVE and fingerprint rules affecting a tag | - -## **get_tags** -### Get a paginated list of tags -- Endpoint: `/tags` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| query | Optional[str] | Search query for tags | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Tags, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Tags(auth=auth) -try: - response = client.get_tags( - query=None, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - - -## **get_tag_impact** -### Get CVE and fingerprint rules affecting a tag -- Endpoint: `/tags/{tag}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| tag | str | | True | | -| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | -| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_tracker_api import ( - Tags, - ApiKeyAuth, -) -from httpx import HTTPStatusError -auth = ApiKeyAuth(api_key='your_api_key') -client = Tags(auth=auth) -try: - response = client.get_tag_impact( - tag='tag', - sort_by=rule_release_date, - sort_order=desc, - page=1, - size=50, - ) - print(response) -except HTTPStatusError as e: - print(f"An error occurred: {e.response.status_code} - {e.response.text}") -``` - diff --git a/doc/TrackerEvents.md b/doc/TrackerEvents.md new file mode 100644 index 0000000..2663182 --- /dev/null +++ b/doc/TrackerEvents.md @@ -0,0 +1,53 @@ + + +# TrackerEvents Methods +| Method | Description | +| ------ | ----------- | +| [get_exploitation_phase_change_events](#get_exploitation_phase_change_events) | Get a paginated list of exploitation phase change events across tracked CVEs | + +## **get_exploitation_phase_change_events** +### Get a paginated list of exploitation phase change events across tracked CVEs +- Endpoint: `/tracker-events/exploitation-phase-change` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| since | str | Duration string (e.g. '30d', '24h') to filter events | False | "30d" | +| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | +| cve_id | Optional[str] | Filter by CVE identifier (exact match) | False | None | +| previous_phase | Optional[CVEExploitationPhase] | Filter by previous exploitation phase name | False | None | +| new_phase | Optional[CVEExploitationPhase] | Filter by new exploitation phase name | False | None | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[ExploitationPhaseChangeEventsResponsePage](./Models.md#exploitationphasechangeeventsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + TrackerEvents, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = TrackerEvents(auth=auth) +try: + response = client.get_exploitation_phase_change_events( + since=30d, + sort_order=desc, + cve_id=None, + previous_phase=None, + new_phase=None, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/TrackerTags.md b/doc/TrackerTags.md new file mode 100644 index 0000000..5d7cc9d --- /dev/null +++ b/doc/TrackerTags.md @@ -0,0 +1,173 @@ + + +# TrackerTags Methods +| Method | Description | +| ------ | ----------- | +| [get_tags](#get_tags) | Get a paginated list of tags | +| [get_tag_impact](#get_tag_impact) | Get CVE and fingerprint rules affecting a tag | +| [get_tracker_tags](#get_tracker_tags) | Get a paginated list of tracker tags | +| [get_tracker_tag_impact](#get_tracker_tag_impact) | Get CVE and fingerprint rules affecting a tracker tag | + +## **get_tags** +### Get a paginated list of tags +- Endpoint: `/tags` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| query | Optional[str] | Search query for tags | False | None | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[LookupListWithStatsResponsePage](./Models.md#lookuplistwithstatsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + TrackerTags, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = TrackerTags(auth=auth) +try: + response = client.get_tags( + query=None, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_tag_impact** +### Get CVE and fingerprint rules affecting a tag +- Endpoint: `/tags/{tag}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| tag | str | | True | | +| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | +| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + TrackerTags, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = TrackerTags(auth=auth) +try: + response = client.get_tag_impact( + tag='tag', + sort_by=rule_release_date, + sort_order=desc, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_tracker_tags** +### Get a paginated list of tracker tags +- Endpoint: `/tracker-tags` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| query | Optional[str] | Search query for tags | False | None | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[LookupListWithStatsResponsePage](./Models.md#lookuplistwithstatsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + TrackerTags, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = TrackerTags(auth=auth) +try: + response = client.get_tracker_tags( + query=None, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_tracker_tag_impact** +### Get CVE and fingerprint rules affecting a tracker tag +- Endpoint: `/tracker-tags/{tag}` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| tag | str | | True | | +| sort_by | Optional[GetCVEsSortBy] | Field to sort by | False | GetCVEsSortBy("rule_release_date") | +| sort_order | Optional[GetCVEsSortOrder] | Sort order: ascending or descending | False | GetCVEsSortOrder("desc") | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[LookupImpactResponsePage](./Models.md#lookupimpactresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + TrackerTags, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = TrackerTags(auth=auth) +try: + response = client.get_tracker_tag_impact( + tag='tag', + sort_by=rule_release_date, + sort_order=desc, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + diff --git a/doc/Vendors.md b/doc/Vendors.md index 67129ed..cb016c0 100644 --- a/doc/Vendors.md +++ b/doc/Vendors.md @@ -4,6 +4,13 @@ | Method | Description | | ------ | ----------- | | [get_vendors](#get_vendors) | Get a paginated list of vendors | +| [get_vendor_stats](#get_vendor_stats) | Get statistics for a vendor including CVE/fingerprint counts, IP counts, and top affected products | +| [download_vendor_ips](#download_vendor_ips) | Download the list of IPs exploiting a specific vendor in raw format | +| [get_vendor_ips_details](#get_vendor_ips_details) | Get detailed information about IPs exploiting a specific vendor | +| [get_vendor_ips_details_stats](#get_vendor_ips_details_stats) | Get aggregated statistics about IPs exploiting a specific vendor | +| [get_vendor_subscribed_integrations](#get_vendor_subscribed_integrations) | Get the list of integrations subscribed to a specific vendor | +| [subscribe_integration_to_vendor](#subscribe_integration_to_vendor) | Subscribe an integration to receive threats related to a specific vendor | +| [unsubscribe_integration_from_vendor](#unsubscribe_integration_from_vendor) | Unsubscribe an integration from receiving threats related to a specific vendor | | [get_vendor_impact](#get_vendor_impact) | Get CVE and fingerprint rules affecting a vendor | ## **get_vendors** @@ -15,10 +22,12 @@ | Parameter | Type | Description | Required | Default | | --------- | ---- | ----------- | -------- | ------- | | query | Optional[str] | Search query for vendors | False | None | +| sort_by | Optional[VendorSortBy] | Sort by: value, nb_cves, nb_ips, latest_rule_release | False | None | +| sort_order | Optional[GetCVEsSortOrder] | Sort order: asc or desc | False | GetCVEsSortOrder("desc") | | page | int | Page number | False | 1 | | size | int | Page size | False | 50 | ### Returns: -[LookupListResponsePage](./Models.md#lookuplistresponsepage) +[LookupListWithStatsResponsePage](./Models.md#lookuplistwithstatsresponsepage) ### Errors: | Code | Description | | ---- | ----------- | @@ -36,6 +45,195 @@ client = Vendors(auth=auth) try: response = client.get_vendors( query=None, + sort_by=None, + sort_order=desc, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_vendor_stats** +### Get statistics for a vendor including CVE/fingerprint counts, IP counts, and top affected products +- Endpoint: `/vendors/{vendor}/stats` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +### Returns: +[VendorStatsResponse](./Models.md#vendorstatsresponse) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.get_vendor_stats( + vendor='vendor', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **download_vendor_ips** +### Download the list of IPs exploiting a specific vendor in raw format +- Endpoint: `/vendors/{vendor}/ips-download` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +### Returns: +[str](./Models.md#str) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.download_vendor_ips( + vendor='vendor', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_vendor_ips_details** +### Get detailed information about IPs exploiting a specific vendor +- Endpoint: `/vendors/{vendor}/ips-details` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[GetVendorIPsResponsePage](./Models.md#getvendoripsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.get_vendor_ips_details( + vendor='vendor', + since=14d, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_vendor_ips_details_stats** +### Get aggregated statistics about IPs exploiting a specific vendor +- Endpoint: `/vendors/{vendor}/ips-details-stats` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d | False | "14d" | +### Returns: +[IpsDetailsStats](./Models.md#ipsdetailsstats) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.get_vendor_ips_details_stats( + vendor='vendor', + since=14d, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **get_vendor_subscribed_integrations** +### Get the list of integrations subscribed to a specific vendor +- Endpoint: `/vendors/{vendor}/integrations` +- Method: `GET` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +| page | int | Page number | False | 1 | +| size | int | Page size | False | 50 | +### Returns: +[GetVendorSubscribedIntegrationsResponsePage](./Models.md#getvendorsubscribedintegrationsresponsepage) +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.get_vendor_subscribed_integrations( + vendor='vendor', page=1, size=50, ) @@ -45,6 +243,80 @@ except HTTPStatusError as e: ``` +## **subscribe_integration_to_vendor** +### Subscribe an integration to receive threats related to a specific vendor +- Endpoint: `/vendors/{vendor}/integrations` +- Method: `POST` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| request | [SubscribeVendorIntegrationRequest](./Models.md#subscribevendorintegrationrequest) | Request body | Yes | - | +| vendor | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, + SubscribeVendorIntegrationRequest, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +request = SubscribeVendorIntegrationRequest( + name=None, +) +try: + response = client.subscribe_integration_to_vendor( + request=request, + vendor='vendor', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + +## **unsubscribe_integration_from_vendor** +### Unsubscribe an integration from receiving threats related to a specific vendor +- Endpoint: `/vendors/{vendor}/integrations/{integration_name}` +- Method: `DELETE` + +### Parameters: +| Parameter | Type | Description | Required | Default | +| --------- | ---- | ----------- | -------- | ------- | +| vendor | str | | True | | +| integration_name | str | | True | | +### Errors: +| Code | Description | +| ---- | ----------- | +| 422 | Validation Error | +### Usage + +```python +from crowdsec_tracker_api import ( + Vendors, + ApiKeyAuth, +) +from httpx import HTTPStatusError +auth = ApiKeyAuth(api_key='your_api_key') +client = Vendors(auth=auth) +try: + response = client.unsubscribe_integration_from_vendor( + vendor='vendor', + integration_name='integration_name', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") +``` + + ## **get_vendor_impact** ### Get CVE and fingerprint rules affecting a vendor - Endpoint: `/vendors/{vendor}` diff --git a/let-openapi.json b/let-openapi.json index 1fee82c..67448b1 100644 --- a/let-openapi.json +++ b/let-openapi.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "LET API", "description": "This is the API to manage Crowdsec Live Exploit Tracker service", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.108.1"}, "paths": {"/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)", "default": false, "title": "Force"}, "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)"}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}, {"name": "pull_limit", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit"}}, {"name": "enable_ip_aggregation", "in": "query", "required": false, "schema": {"type": "boolean", "default": false, "title": "Enable Ip Aggregation"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves": {"get": {"tags": ["Cves"], "summary": "Get list of CVEs CrowdSec is tracking", "description": "Get a paginated list of CVEs that CrowdSec is tracking", "operationId": "getCves", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for CVEs", "title": "Query"}, "description": "Search query for CVEs"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "filters", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"$ref": "#/components/schemas/GetCVEsFilterBy"}}, {"type": "null"}], "description": "Filters to apply on the CVE list", "title": "Filters"}, "description": "Filters to apply on the CVE list"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}": {"get": {"tags": ["Cves"], "summary": "Get CVE ID informations", "description": "Get information about a specific CVE ID", "operationId": "getCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEResponse"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-download": {"get": {"tags": ["Cves"], "summary": "Download IPs exploiting a CVE ID (raw)", "description": "Download the list of IPs exploiting a specific CVE ID in raw format", "operationId": "downloadCveIps", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-details": {"get": {"tags": ["Cves"], "summary": "Get IPs details exploiting a CVE ID", "description": "Get detailed information about IPs exploiting a specific CVE ID", "operationId": "getCveIpsDetails", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEIPsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations": {"post": {"tags": ["Cves"], "summary": "Subscribe an integration to a CVE ID", "description": "Subscribe an integration to receive threats related to a specific CVE ID", "operationId": "subscribeIntegrationToCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeCVEIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Subscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Cves"], "summary": "Get subscribed integrations for a CVE ID", "description": "Get the list of integrations subscribed to a specific CVE ID", "operationId": "getCveSubscribedIntegrations", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVESubscribedIntegrationsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations/{integration_name}": {"delete": {"tags": ["Cves"], "summary": "Unsubscribe an integration from a CVE ID", "description": "Unsubscribe an integration from receiving threats related to a specific CVE ID", "operationId": "unsubscribeIntegrationFromCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Unsubscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/timeline": {"get": {"tags": ["Cves"], "summary": "Get timeline data for a CVE ID", "description": "Get timeline data of occurrences for a specific CVE ID", "operationId": "getCveTimeline", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/TimelineItem"}, "title": "Response Getcvetimeline"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors": {"get": {"tags": ["Vendors"], "summary": "Get list of vendors", "description": "Get a paginated list of vendors", "operationId": "getVendors", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for vendors", "title": "Query"}, "description": "Search query for vendors"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}": {"get": {"tags": ["Vendors"], "summary": "Get vendor impact", "description": "Get CVE and fingerprint rules affecting a vendor", "operationId": "getVendorImpact", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products": {"get": {"tags": ["Products"], "summary": "Get list of products", "description": "Get a paginated list of products", "operationId": "getProducts", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for products", "title": "Query"}, "description": "Search query for products"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products/{product}": {"get": {"tags": ["Products"], "summary": "Get product impact", "description": "Get CVE and fingerprint rules affecting a product", "operationId": "getProductImpact", "parameters": [{"name": "product", "in": "path", "required": true, "schema": {"type": "string", "title": "Product"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags": {"get": {"tags": ["Tags"], "summary": "Get list of tags", "description": "Get a paginated list of tags", "operationId": "getTags", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for tags", "title": "Query"}, "description": "Search query for tags"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags/{tag}": {"get": {"tags": ["Tags"], "summary": "Get tag impact", "description": "Get CVE and fingerprint rules affecting a tag", "operationId": "getTagImpact", "parameters": [{"name": "tag", "in": "path", "required": true, "schema": {"type": "string", "title": "Tag"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints": {"get": {"tags": ["Fingerprints"], "summary": "Get list of fingerprint rules", "description": "Get a paginated list of fingerprint rules", "operationId": "getFingerprintRules", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for fingerprint rules", "title": "Query"}, "description": "Search query for fingerprint rules"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "filters", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"$ref": "#/components/schemas/GetCVEsFilterBy"}}, {"type": "null"}], "description": "Filters to apply on the fingerprint rule list", "title": "Filters"}, "description": "Filters to apply on the fingerprint rule list"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintRulesResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-download": {"get": {"tags": ["Fingerprints"], "summary": "Download IPs exploiting a fingerprint rule (raw)", "description": "Download the list of IPs exploiting a specific fingerprint rule in raw format", "operationId": "downloadFingerprintIps", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-details": {"get": {"tags": ["Fingerprints"], "summary": "Get IP details exploiting a fingerprint rule", "description": "Get detailed information about IPs exploiting a specific fingerprint rule", "operationId": "getFingerprintIpsDetails", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintIPsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations": {"post": {"tags": ["Fingerprints"], "summary": "Subscribe an integration to a fingerprint rule", "description": "Subscribe an integration to receive threats related to a specific fingerprint rule", "operationId": "subscribeIntegrationToFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeFingerprintIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Fingerprints"], "summary": "Get subscribed integrations for a fingerprint rule", "description": "Get the list of integrations subscribed to a specific fingerprint rule", "operationId": "getFingerprintSubscribedIntegrations", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintSubscribedIntegrationsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations/{integration_name}": {"delete": {"tags": ["Fingerprints"], "summary": "Unsubscribe an integration from a fingerprint rule", "description": "Unsubscribe an integration from receiving threats related to a specific fingerprint rule", "operationId": "unsubscribeIntegrationFromFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/timeline": {"get": {"tags": ["Fingerprints"], "summary": "Get timeline data for a fingerprint rule", "description": "Get timeline data of occurrences for a specific fingerprint rule", "operationId": "getFingerprintTimeline", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}, {"name": "interval", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/IntervalOptions"}, {"type": "null"}], "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter.", "title": "Interval"}, "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/FingerprintTimelineItem"}, "title": "Response Getfingerprinttimeline"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}": {"get": {"tags": ["Fingerprints"], "summary": "Get fingerprint rule information", "description": "Get information about a specific fingerprint rule", "operationId": "getFingerprintRule", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/FingerprintRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}}, "components": {"schemas": {"ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}}, "type": "object", "required": ["id"], "title": "BlocklistSubscription"}, "CVESubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "CVE ID"}}, "type": "object", "required": ["id"], "title": "CVESubscription"}, "FingerprintSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "FingerprintSubscription"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "AdjustmentScore": {"properties": {"total": {"type": "integer", "title": "Total", "description": "Total score adjustment"}, "recency": {"type": "integer", "title": "Recency", "description": "Recency score adjustment"}, "low_info": {"type": "integer", "title": "Low Info", "description": "Low information score adjustment"}}, "type": "object", "required": ["total", "recency", "low_info"], "title": "AdjustmentScore"}, "AffectedComponent": {"properties": {"vendor": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Vendor", "description": "Vendor of the affected component"}, "product": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Product", "description": "Product name of the affected component"}}, "type": "object", "title": "AffectedComponent", "description": "Affected Component in a CVE"}, "AllowlistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "AllowlistSubscription"}, "AttackDetail": {"properties": {"name": {"type": "string", "title": "Name", "description": "Attack detail name"}, "label": {"type": "string", "title": "Label", "description": "Attack detail label"}, "description": {"type": "string", "title": "Description", "description": "Attack detail description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Attack detail references"}}, "type": "object", "required": ["name", "label", "description"], "title": "AttackDetail"}, "Behavior": {"properties": {"name": {"type": "string", "title": "Name", "description": "Behavior name"}, "label": {"type": "string", "title": "Label", "description": "Behavior label"}, "description": {"type": "string", "title": "Description", "description": "Behavior description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Behavior"}, "CVEEvent": {"properties": {"date": {"type": "string", "format": "date-time", "title": "Date", "description": "Date of the event"}, "description": {"type": "string", "title": "Description", "description": "Description of the event"}, "label": {"type": "string", "title": "Label", "description": "Label of the event"}, "name": {"type": "string", "title": "Name", "description": "Name of the event"}}, "type": "object", "required": ["date", "description", "label", "name"], "title": "CVEEvent", "description": "CVE Event Information"}, "CVEResponseBase": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase"], "title": "CVEResponseBase", "description": "GET CVE ID Response"}, "CVEsubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "CVEsubscription"}, "CWE": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the CWE"}, "label": {"type": "string", "title": "Label", "description": "Label of the CWE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CWE"}}, "type": "object", "required": ["name", "label", "description"], "title": "CWE", "description": "CWE Information"}, "Classification": {"properties": {"name": {"type": "string", "title": "Name", "description": "Classification name"}, "label": {"type": "string", "title": "Label", "description": "Classification label"}, "description": {"type": "string", "title": "Description", "description": "Classification description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Classification"}, "Classifications": {"properties": {"false_positives": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "False Positives", "description": "False positive classifications"}, "classifications": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "Classifications", "description": "Main classifications"}}, "type": "object", "title": "Classifications"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "ExploitationPhase": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the exploitation phase"}, "label": {"type": "string", "title": "Label", "description": "Label of the exploitation phase"}, "description": {"type": "string", "title": "Description", "description": "Description of the exploitation phase"}}, "type": "object", "required": ["name", "label", "description"], "title": "ExploitationPhase"}, "FingerprintRuleResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleResponse"}, "FingerprintRuleSummary": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleSummary"}, "FingerprintTimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "FingerprintTimelineItem"}, "GetCVEIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEIPsResponsePage"}, "GetCVEResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "GetCVEResponse"}, "GetCVESubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVESubscribedIntegrationsResponsePage"}, "GetCVEsFilterBy": {"type": "string", "enum": ["is_public"], "title": "GetCVEsFilterBy"}, "GetCVEsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/CVEResponseBase"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEsResponsePage"}, "GetCVEsSortBy": {"type": "string", "enum": ["rule_release_date", "trending", "nb_ips", "name"], "title": "GetCVEsSortBy"}, "GetCVEsSortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "GetCVEsSortOrder"}, "GetFingerprintIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintIPsResponsePage"}, "GetFingerprintRulesResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/FingerprintRuleSummary"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintRulesResponsePage"}, "GetFingerprintSubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintSubscribedIntegrationsResponsePage"}, "History": {"properties": {"first_seen": {"type": "string", "format": "date-time", "title": "First Seen", "description": "First seen timestamp"}, "last_seen": {"type": "string", "format": "date-time", "title": "Last Seen", "description": "Last seen timestamp"}, "full_age": {"type": "integer", "title": "Full Age", "description": "Full age in days"}, "days_age": {"type": "integer", "title": "Days Age", "description": "Days age"}}, "type": "object", "required": ["first_seen", "last_seen", "full_age", "days_age"], "title": "History"}, "IPItem": {"properties": {"ip": {"type": "string", "title": "Ip", "description": "IP address"}, "reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reputation", "description": "Reputation of the IP"}, "ip_range": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range", "description": "IP range"}, "ip_range_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range Score", "description": "IP range score"}, "ip_range_24": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24", "description": "IP range /24"}, "ip_range_24_reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24 Reputation", "description": "IP range /24 reputation"}, "ip_range_24_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range 24 Score", "description": "IP range /24 score"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number"}, "background_noise_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Background Noise Score", "description": "Background noise score"}, "background_noise": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Background Noise", "description": "Background noise level"}, "confidence": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Confidence", "description": "Confidence level"}, "location": {"anyOf": [{"$ref": "#/components/schemas/Location"}, {"type": "null"}], "description": "IP location information"}, "reverse_dns": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reverse Dns", "description": "Reverse DNS"}, "behaviors": {"items": {"$ref": "#/components/schemas/Behavior"}, "type": "array", "title": "Behaviors", "description": "List of behaviors"}, "references": {"items": {"$ref": "#/components/schemas/Reference"}, "type": "array", "title": "References", "description": "List of references"}, "history": {"anyOf": [{"$ref": "#/components/schemas/History"}, {"type": "null"}], "description": "Historical data"}, "classifications": {"anyOf": [{"$ref": "#/components/schemas/Classifications"}, {"type": "null"}], "description": "Classification data"}, "mitre_techniques": {"items": {"$ref": "#/components/schemas/MitreTechnique"}, "type": "array", "title": "Mitre Techniques", "description": "MITRE techniques"}, "cves": {"items": {"type": "string"}, "type": "array", "title": "Cves", "description": "List of CVEs"}, "attack_details": {"items": {"$ref": "#/components/schemas/AttackDetail"}, "type": "array", "title": "Attack Details", "description": "Attack details"}, "target_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Target Countries", "description": "Target countries"}, "scores": {"anyOf": [{"$ref": "#/components/schemas/Scores"}, {"type": "null"}], "description": "Scoring information"}}, "type": "object", "required": ["ip"], "title": "IPItem"}, "IntegrationResponse": {"properties": {"tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "default": []}, "organization_id": {"type": "string", "title": "Organization Id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "entity_type": {"$ref": "#/components/schemas/EntityType", "description": "Type of the integration"}, "id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "default": []}, "allowlists": {"items": {"$ref": "#/components/schemas/AllowlistSubscription"}, "type": "array", "title": "Allowlists", "default": []}, "cves": {"items": {"$ref": "#/components/schemas/CVEsubscription"}, "type": "array", "title": "Cves", "default": []}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "default": []}, "name": {"type": "string", "title": "Name", "description": "Name of the integration"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["organization_id", "entity_type", "name", "output_format"], "title": "IntegrationResponse"}, "IntervalOptions": {"type": "string", "enum": ["hour", "day", "week"], "title": "IntervalOptions"}, "Location": {"properties": {"country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country code"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City name"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude coordinate"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude coordinate"}}, "type": "object", "title": "Location"}, "LookupImpactCVEItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}, "type": {"type": "string", "const": "cve", "title": "Type", "description": "Resource type", "default": "cve"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "LookupImpactCVEItem"}, "LookupImpactFingerprintItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "hype_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Hype Score", "description": "Hype score (raw momentum component)", "default": 0}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/CVEEvent"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}, "type": {"type": "string", "const": "fingerprint", "title": "Type", "description": "Resource type", "default": "fingerprint"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "LookupImpactFingerprintItem"}, "LookupImpactResponsePage": {"properties": {"items": {"items": {"oneOf": [{"$ref": "#/components/schemas/LookupImpactCVEItem"}, {"$ref": "#/components/schemas/LookupImpactFingerprintItem"}], "discriminator": {"propertyName": "type", "mapping": {"cve": "#/components/schemas/LookupImpactCVEItem", "fingerprint": "#/components/schemas/LookupImpactFingerprintItem"}}}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupImpactResponsePage"}, "LookupListItem": {"properties": {"value": {"type": "string", "title": "Value", "description": "Lookup entry value"}}, "type": "object", "required": ["value"], "title": "LookupListItem"}, "LookupListResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/LookupListItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupListResponsePage"}, "MitreTechnique": {"properties": {"name": {"type": "string", "title": "Name", "description": "MITRE technique ID"}, "label": {"type": "string", "title": "Label", "description": "MITRE technique label"}, "description": {"type": "string", "title": "Description", "description": "MITRE technique description"}}, "type": "object", "required": ["name", "label", "description"], "title": "MitreTechnique"}, "Reference": {"properties": {"name": {"type": "string", "title": "Name", "description": "Reference name"}, "label": {"type": "string", "title": "Label", "description": "Reference label"}, "description": {"type": "string", "title": "Description", "description": "Reference description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Reference"}, "ScoreBreakdown": {"properties": {"aggressiveness": {"type": "integer", "title": "Aggressiveness", "description": "Aggressiveness score"}, "threat": {"type": "integer", "title": "Threat", "description": "Threat score"}, "trust": {"type": "integer", "title": "Trust", "description": "Trust score"}, "anomaly": {"type": "integer", "title": "Anomaly", "description": "Anomaly score"}, "total": {"type": "integer", "title": "Total", "description": "Total score"}}, "type": "object", "required": ["aggressiveness", "threat", "trust", "anomaly", "total"], "title": "ScoreBreakdown"}, "Scores": {"properties": {"overall": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Overall scores"}, "last_day": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last day scores"}, "last_week": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last week scores"}, "last_month": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last month scores"}}, "type": "object", "required": ["overall", "last_day", "last_week", "last_month"], "title": "Scores"}, "SinceOptions": {"type": "integer", "enum": [1, 7, 30], "title": "SinceOptions"}, "SubscribeCVEIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeCVEIntegrationRequest"}, "SubscribeFingerprintIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeFingerprintIntegrationRequest"}, "TimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "TimelineItem"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1", "description": "Production server"}]} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "LET API", "description": "This is the API to manage Crowdsec Live Exploit Tracker service", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.119.5"}, "paths": {"/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)", "default": false, "title": "Force"}, "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)"}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}, {"name": "pull_limit", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit"}}, {"name": "enable_ip_aggregation", "in": "query", "required": false, "schema": {"type": "boolean", "default": false, "title": "Enable Ip Aggregation"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves": {"get": {"tags": ["Cves"], "summary": "Get list of CVEs CrowdSec is tracking", "description": "Get a paginated list of CVEs that CrowdSec is tracking", "operationId": "getCves", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for CVEs", "title": "Query"}, "description": "Search query for CVEs"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "exploitation_phase", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/CVEExploitationPhase"}, {"type": "null"}], "description": "Filter by exploitation phase", "title": "Exploitation Phase"}, "description": "Filter by exploitation phase"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}": {"get": {"tags": ["Cves"], "summary": "Get CVE ID informations", "description": "Get information about a specific CVE ID", "operationId": "getCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEResponse"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/protect-rules": {"get": {"tags": ["Cves"], "summary": "Get protection rules for a CVE ID", "description": "Get protection/detection rules associated with a specific CVE ID", "operationId": "getCveProtectRules", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEProtectRulesResponse"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-download": {"get": {"tags": ["Cves"], "summary": "Download IPs exploiting a CVE ID (raw)", "description": "Download the list of IPs exploiting a specific CVE ID in raw format", "operationId": "downloadCveIps", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-details": {"get": {"tags": ["Cves"], "summary": "Get IPs details exploiting a CVE ID", "description": "Get detailed information about IPs exploiting a specific CVE ID", "operationId": "getCveIpsDetails", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEIPsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips-details-stats": {"get": {"tags": ["Cves"], "summary": "Get stats about IPs exploiting a CVE ID", "description": "Get aggregated statistics about IPs exploiting a specific CVE ID", "operationId": "getCveIpsDetailsStats", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IpsDetailsStats"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations": {"post": {"tags": ["Cves"], "summary": "Subscribe an integration to a CVE ID", "description": "Subscribe an integration to receive threats related to a specific CVE ID", "operationId": "subscribeIntegrationToCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeCVEIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Subscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Cves"], "summary": "Get subscribed integrations for a CVE ID", "description": "Get the list of integrations subscribed to a specific CVE ID", "operationId": "getCveSubscribedIntegrations", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVESubscribedIntegrationsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations/{integration_name}": {"delete": {"tags": ["Cves"], "summary": "Unsubscribe an integration from a CVE ID", "description": "Unsubscribe an integration from receiving threats related to a specific CVE ID", "operationId": "unsubscribeIntegrationFromCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Unsubscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/timeline": {"get": {"tags": ["Cves"], "summary": "Get timeline data for a CVE ID", "description": "Get timeline data of occurrences for a specific CVE ID", "operationId": "getCveTimeline", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/TimelineItem"}, "title": "Response Getcvetimeline"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors": {"get": {"tags": ["Vendors"], "summary": "Get list of vendors", "description": "Get a paginated list of vendors", "operationId": "getVendors", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for vendors", "title": "Query"}, "description": "Search query for vendors"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/VendorSortBy"}, {"type": "null"}], "description": "Sort by: value, nb_cves, nb_ips, latest_rule_release", "title": "Sort By"}, "description": "Sort by: value, nb_cves, nb_ips, latest_rule_release"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: asc or desc", "default": "desc", "title": "Sort Order"}, "description": "Sort order: asc or desc"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListWithStatsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/stats": {"get": {"tags": ["Vendors"], "summary": "Get vendor statistics", "description": "Get statistics for a vendor including CVE/fingerprint counts, IP counts, and top affected products", "operationId": "getVendorStats", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/VendorStatsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/ips-download": {"get": {"tags": ["Vendors"], "summary": "Download IPs exploiting a vendor (raw)", "description": "Download the list of IPs exploiting a specific vendor in raw format", "operationId": "downloadVendorIps", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/ips-details": {"get": {"tags": ["Vendors"], "summary": "Get IP details exploiting a vendor", "description": "Get detailed information about IPs exploiting a specific vendor", "operationId": "getVendorIpsDetails", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetVendorIPsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/ips-details-stats": {"get": {"tags": ["Vendors"], "summary": "Get stats about IPs exploiting a vendor", "description": "Get aggregated statistics about IPs exploiting a specific vendor", "operationId": "getVendorIpsDetailsStats", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IpsDetailsStats"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/integrations": {"post": {"tags": ["Vendors"], "summary": "Subscribe an integration to a vendor", "description": "Subscribe an integration to receive threats related to a specific vendor", "operationId": "subscribeIntegrationToVendor", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeVendorIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Vendors"], "summary": "Get subscribed integrations for a vendor", "description": "Get the list of integrations subscribed to a specific vendor", "operationId": "getVendorSubscribedIntegrations", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetVendorSubscribedIntegrationsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}/integrations/{integration_name}": {"delete": {"tags": ["Vendors"], "summary": "Unsubscribe an integration from a vendor", "description": "Unsubscribe an integration from receiving threats related to a specific vendor", "operationId": "unsubscribeIntegrationFromVendor", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/vendors/{vendor}": {"get": {"tags": ["Vendors"], "summary": "Get vendor impact", "description": "Get CVE and fingerprint rules affecting a vendor", "operationId": "getVendorImpact", "parameters": [{"name": "vendor", "in": "path", "required": true, "schema": {"type": "string", "title": "Vendor"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products": {"get": {"tags": ["Products"], "summary": "Get list of products", "description": "Get a paginated list of products", "operationId": "getProducts", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for products", "title": "Query"}, "description": "Search query for products"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListWithStatsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/products/{product}": {"get": {"tags": ["Products"], "summary": "Get product impact", "description": "Get CVE and fingerprint rules affecting a product", "operationId": "getProductImpact", "parameters": [{"name": "product", "in": "path", "required": true, "schema": {"type": "string", "title": "Product"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags": {"get": {"tags": ["Tracker Tags"], "summary": "Get list of tags", "description": "Get a paginated list of tags", "operationId": "getTags", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for tags", "title": "Query"}, "description": "Search query for tags"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListWithStatsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tags/{tag}": {"get": {"tags": ["Tracker Tags"], "summary": "Get tag impact", "description": "Get CVE and fingerprint rules affecting a tag", "operationId": "getTagImpact", "parameters": [{"name": "tag", "in": "path", "required": true, "schema": {"type": "string", "title": "Tag"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tracker-tags": {"get": {"tags": ["Tracker Tags"], "summary": "Get list of tracker tags", "description": "Get a paginated list of tracker tags", "operationId": "getTrackerTags", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for tags", "title": "Query"}, "description": "Search query for tags"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupListWithStatsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tracker-tags/{tag}": {"get": {"tags": ["Tracker Tags"], "summary": "Get tracker tag impact", "description": "Get CVE and fingerprint rules affecting a tracker tag", "operationId": "getTrackerTagImpact", "parameters": [{"name": "tag", "in": "path", "required": true, "schema": {"type": "string", "title": "Tag"}}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/LookupImpactResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints": {"get": {"tags": ["Fingerprints"], "summary": "Get list of fingerprint rules", "description": "Get a paginated list of fingerprint rules", "operationId": "getFingerprintRules", "parameters": [{"name": "query", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Search query for fingerprint rules", "title": "Query"}, "description": "Search query for fingerprint rules"}, {"name": "sort_by", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortBy"}, {"type": "null"}], "description": "Field to sort by", "default": "rule_release_date", "title": "Sort By"}, "description": "Field to sort by"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintRulesResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-download": {"get": {"tags": ["Fingerprints"], "summary": "Download IPs exploiting a fingerprint rule (raw)", "description": "Download the list of IPs exploiting a specific fingerprint rule in raw format", "operationId": "downloadFingerprintIps", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-details": {"get": {"tags": ["Fingerprints"], "summary": "Get IP details exploiting a fingerprint rule", "description": "Get detailed information about IPs exploiting a specific fingerprint rule", "operationId": "getFingerprintIpsDetails", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintIPsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/ips-details-stats": {"get": {"tags": ["Fingerprints"], "summary": "Get stats about IPs exploiting a fingerprint rule", "description": "Get aggregated statistics about IPs exploiting a specific fingerprint rule", "operationId": "getFingerprintIpsDetailsStats", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d", "default": "14d", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h), default to 14d"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IpsDetailsStats"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations": {"post": {"tags": ["Fingerprints"], "summary": "Subscribe an integration to a fingerprint rule", "description": "Subscribe an integration to receive threats related to a specific fingerprint rule", "operationId": "subscribeIntegrationToFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeFingerprintIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Fingerprints"], "summary": "Get subscribed integrations for a fingerprint rule", "description": "Get the list of integrations subscribed to a specific fingerprint rule", "operationId": "getFingerprintSubscribedIntegrations", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFingerprintSubscribedIntegrationsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/integrations/{integration_name}": {"delete": {"tags": ["Fingerprints"], "summary": "Unsubscribe an integration from a fingerprint rule", "description": "Unsubscribe an integration from receiving threats related to a specific fingerprint rule", "operationId": "unsubscribeIntegrationFromFingerprint", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}/timeline": {"get": {"tags": ["Fingerprints"], "summary": "Get timeline data for a fingerprint rule", "description": "Get timeline data of occurrences for a specific fingerprint rule", "operationId": "getFingerprintTimeline", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}, {"name": "since_days", "in": "query", "required": false, "schema": {"$ref": "#/components/schemas/SinceOptions", "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days.", "default": 7}, "description": "Time range for the timeline data (in days). Options: 1 (1 day), 7 (1 week), 30 (1 month). Default is 7 days."}, {"name": "interval", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/IntervalOptions"}, {"type": "null"}], "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter.", "title": "Interval"}, "description": "Interval for aggregating timeline data. Options: 'hour', 'day', 'week'. Default is adapted based on 'since' parameter."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"type": "array", "items": {"$ref": "#/components/schemas/FingerprintTimelineItem"}, "title": "Response Getfingerprinttimeline"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/fingerprints/{fingerprint}": {"get": {"tags": ["Fingerprints"], "summary": "Get fingerprint rule information", "description": "Get information about a specific fingerprint rule", "operationId": "getFingerprintRule", "parameters": [{"name": "fingerprint", "in": "path", "required": true, "schema": {"type": "string", "title": "Fingerprint"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/FingerprintRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/tracker-events/exploitation-phase-change": {"get": {"tags": ["Tracker events"], "summary": "Get exploitation phase change events", "description": "Get a paginated list of exploitation phase change events across tracked CVEs", "operationId": "getExploitationPhaseChangeEvents", "parameters": [{"name": "since", "in": "query", "required": false, "schema": {"type": "string", "description": "Duration string (e.g. '30d', '24h') to filter events", "default": "30d", "title": "Since"}, "description": "Duration string (e.g. '30d', '24h') to filter events"}, {"name": "sort_order", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/GetCVEsSortOrder"}, {"type": "null"}], "description": "Sort order: ascending or descending", "default": "desc", "title": "Sort Order"}, "description": "Sort order: ascending or descending"}, {"name": "cve_id", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Filter by CVE identifier (exact match)", "title": "Cve Id"}, "description": "Filter by CVE identifier (exact match)"}, {"name": "previous_phase", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/CVEExploitationPhase"}, {"type": "null"}], "description": "Filter by previous exploitation phase name", "title": "Previous Phase"}, "description": "Filter by previous exploitation phase name"}, {"name": "new_phase", "in": "query", "required": false, "schema": {"anyOf": [{"$ref": "#/components/schemas/CVEExploitationPhase"}, {"type": "null"}], "description": "Filter by new exploitation phase name", "title": "New Phase"}, "description": "Filter by new exploitation phase name"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/ExploitationPhaseChangeEventsResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}}, "components": {"schemas": {"ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}}, "type": "object", "required": ["id"], "title": "BlocklistSubscription"}, "CVESubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "CVE ID"}}, "type": "object", "required": ["id"], "title": "CVESubscription"}, "FingerprintSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "FingerprintSubscription"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "vendors": {"items": {"$ref": "#/components/schemas/VendorSubscription"}, "type": "array", "title": "Vendors", "description": "Vendors that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "vendors", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "vendors": {"items": {"$ref": "#/components/schemas/VendorSubscription"}, "type": "array", "title": "Vendors", "description": "Vendors that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "vendors", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "fingerprints": {"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array", "title": "Fingerprints", "description": "Fingerprints that are subscribed by the integration"}, "vendors": {"items": {"$ref": "#/components/schemas/VendorSubscription"}, "type": "array", "title": "Vendors", "description": "Vendors that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "fingerprints", "vendors", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "VendorSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "VendorSubscription"}, "AdjustmentScore": {"properties": {"total": {"type": "integer", "title": "Total", "description": "Total score adjustment", "default": 0}, "recency": {"type": "integer", "title": "Recency", "description": "Recency score adjustment", "default": 0}, "low_info": {"type": "integer", "title": "Low Info", "description": "Low information score adjustment", "default": 0}}, "type": "object", "title": "AdjustmentScore"}, "AffectedComponent": {"properties": {"vendor": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Vendor", "description": "Vendor of the affected component"}, "product": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Product", "description": "Product name of the affected component"}}, "type": "object", "title": "AffectedComponent", "description": "Affected Component in a CVE"}, "AllowlistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "AllowlistSubscription"}, "AttackDetail": {"properties": {"name": {"type": "string", "title": "Name", "description": "Attack detail name"}, "label": {"type": "string", "title": "Label", "description": "Attack detail label"}, "description": {"type": "string", "title": "Description", "description": "Attack detail description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Attack detail references"}}, "type": "object", "required": ["name", "label", "description"], "title": "AttackDetail"}, "Behavior": {"properties": {"name": {"type": "string", "title": "Name", "description": "Behavior name"}, "label": {"type": "string", "title": "Label", "description": "Behavior label"}, "description": {"type": "string", "title": "Description", "description": "Behavior description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Behavior"}, "CVEEventOutput": {"properties": {"name": {"type": "string", "title": "Name"}, "date": {"type": "string", "title": "Date"}, "description": {"type": "string", "title": "Description"}, "label": {"type": "string", "title": "Label"}, "sorting_priority": {"type": "integer", "title": "Sorting Priority"}}, "type": "object", "required": ["name", "date", "description", "label", "sorting_priority"], "title": "CVEEventOutput"}, "CVEExploitationPhase": {"type": "string", "enum": ["insufficient_data", "early_exploitation", "fresh_and_popular", "targeted_exploitation", "mass_exploitation", "background_noise", "unpopular", "wearing_out", "unclassified"], "title": "CVEExploitationPhase"}, "CVEResponseBase": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase"], "title": "CVEResponseBase", "description": "GET CVE ID Response"}, "CVEsubscription": {"properties": {"id": {"type": "string", "title": "Id"}}, "type": "object", "required": ["id"], "title": "CVEsubscription"}, "CWE": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the CWE"}, "label": {"type": "string", "title": "Label", "description": "Label of the CWE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CWE"}}, "type": "object", "required": ["name", "label", "description"], "title": "CWE", "description": "CWE Information"}, "Classification": {"properties": {"name": {"type": "string", "title": "Name", "description": "Classification name"}, "label": {"type": "string", "title": "Label", "description": "Classification label"}, "description": {"type": "string", "title": "Description", "description": "Classification description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Classification"}, "Classifications": {"properties": {"false_positives": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "False Positives", "description": "False positive classifications"}, "classifications": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "Classifications", "description": "Main classifications"}}, "type": "object", "title": "Classifications"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "ExploitationPhase": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the exploitation phase"}, "label": {"type": "string", "title": "Label", "description": "Label of the exploitation phase"}, "description": {"type": "string", "title": "Description", "description": "Description of the exploitation phase"}}, "type": "object", "required": ["name", "label", "description"], "title": "ExploitationPhase"}, "ExploitationPhaseChangeEventItem": {"properties": {"cve_id": {"type": "string", "title": "Cve Id", "description": "CVE identifier"}, "name": {"type": "string", "title": "Name", "description": "Event type name"}, "date": {"type": "string", "title": "Date", "description": "Date of the phase change"}, "label": {"type": "string", "title": "Label", "description": "Human-readable event label"}, "description": {"type": "string", "title": "Description", "description": "Rendered event description"}, "previous_phase": {"type": "string", "title": "Previous Phase", "description": "Previous exploitation phase label"}, "new_phase": {"type": "string", "title": "New Phase", "description": "New exploitation phase label"}}, "type": "object", "required": ["cve_id", "name", "date", "label", "description", "previous_phase", "new_phase"], "title": "ExploitationPhaseChangeEventItem"}, "ExploitationPhaseChangeEventsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/ExploitationPhaseChangeEventItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "ExploitationPhaseChangeEventsResponsePage"}, "FacetBucket": {"properties": {"value": {"type": "string", "title": "Value", "description": "Facet value"}, "count": {"type": "integer", "minimum": 0.0, "title": "Count", "description": "Number of IPs matching this value"}}, "type": "object", "required": ["value", "count"], "title": "FacetBucket"}, "FingerprintEventOutput": {"properties": {"name": {"type": "string", "title": "Name"}, "date": {"type": "string", "title": "Date"}, "description": {"type": "string", "title": "Description"}, "label": {"type": "string", "title": "Label"}}, "type": "object", "required": ["name", "date", "description", "label"], "title": "FingerprintEventOutput"}, "FingerprintRuleResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/FingerprintEventOutput"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleResponse"}, "FingerprintRuleSummary": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "FingerprintRuleSummary"}, "FingerprintTimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "FingerprintTimelineItem"}, "GetCVEIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEIPsResponsePage"}, "GetCVEProtectRulesResponse": {"properties": {"protect_rules": {"items": {"$ref": "#/components/schemas/ProtectRule"}, "type": "array", "title": "Protect Rules", "description": "Protection/detection rules associated with the CVE"}}, "type": "object", "title": "GetCVEProtectRulesResponse", "description": "Response for the protect rules endpoint."}, "GetCVEResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEventOutput"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "GetCVEResponse"}, "GetCVESubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVESubscribedIntegrationsResponsePage"}, "GetCVEsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/CVEResponseBase"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEsResponsePage"}, "GetCVEsSortBy": {"type": "string", "enum": ["rule_release_date", "trending", "nb_ips", "name", "first_seen"], "title": "GetCVEsSortBy"}, "GetCVEsSortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "GetCVEsSortOrder"}, "GetFingerprintIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintIPsResponsePage"}, "GetFingerprintRulesResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/FingerprintRuleSummary"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintRulesResponsePage"}, "GetFingerprintSubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetFingerprintSubscribedIntegrationsResponsePage"}, "GetVendorIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetVendorIPsResponsePage"}, "GetVendorSubscribedIntegrationsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetVendorSubscribedIntegrationsResponsePage"}, "History": {"properties": {"first_seen": {"type": "string", "format": "date-time", "title": "First Seen", "description": "First seen timestamp"}, "last_seen": {"type": "string", "format": "date-time", "title": "Last Seen", "description": "Last seen timestamp"}, "full_age": {"type": "integer", "title": "Full Age", "description": "Full age in days"}, "days_age": {"type": "integer", "title": "Days Age", "description": "Days age"}}, "type": "object", "required": ["first_seen", "last_seen", "full_age", "days_age"], "title": "History"}, "IPItem": {"properties": {"ip": {"type": "string", "title": "Ip", "description": "IP address"}, "reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reputation", "description": "Reputation of the IP"}, "ip_range": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range", "description": "IP range"}, "ip_range_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range Score", "description": "IP range score"}, "ip_range_24": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24", "description": "IP range /24"}, "ip_range_24_reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24 Reputation", "description": "IP range /24 reputation"}, "ip_range_24_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range 24 Score", "description": "IP range /24 score"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number"}, "background_noise_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Background Noise Score", "description": "Background noise score"}, "background_noise": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Background Noise", "description": "Background noise level"}, "confidence": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Confidence", "description": "Confidence level"}, "location": {"anyOf": [{"$ref": "#/components/schemas/Location"}, {"type": "null"}], "description": "IP location information"}, "reverse_dns": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reverse Dns", "description": "Reverse DNS"}, "behaviors": {"items": {"$ref": "#/components/schemas/Behavior"}, "type": "array", "title": "Behaviors", "description": "List of behaviors"}, "references": {"items": {"$ref": "#/components/schemas/Reference"}, "type": "array", "title": "References", "description": "List of references"}, "history": {"anyOf": [{"$ref": "#/components/schemas/History"}, {"type": "null"}], "description": "Historical data"}, "classifications": {"anyOf": [{"$ref": "#/components/schemas/Classifications"}, {"type": "null"}], "description": "Classification data"}, "mitre_techniques": {"items": {"$ref": "#/components/schemas/MitreTechnique"}, "type": "array", "title": "Mitre Techniques", "description": "MITRE techniques"}, "cves": {"items": {"type": "string"}, "type": "array", "title": "Cves", "description": "List of CVEs"}, "attack_details": {"items": {"$ref": "#/components/schemas/AttackDetail"}, "type": "array", "title": "Attack Details", "description": "Attack details"}, "target_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Target Countries", "description": "Target countries"}, "scores": {"anyOf": [{"$ref": "#/components/schemas/Scores"}, {"type": "null"}], "description": "Scoring information"}}, "type": "object", "required": ["ip"], "title": "IPItem"}, "IntegrationResponse": {"properties": {"tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "default": []}, "organization_id": {"type": "string", "title": "Organization Id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "entity_type": {"$ref": "#/components/schemas/EntityType", "description": "Type of the integration"}, "id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "default": []}, "allowlists": {"items": {"$ref": "#/components/schemas/AllowlistSubscription"}, "type": "array", "title": "Allowlists", "default": []}, "cves": {"anyOf": [{"items": {"$ref": "#/components/schemas/CVEsubscription"}, "type": "array"}, {"type": "null"}], "title": "Cves"}, "fingerprints": {"anyOf": [{"items": {"$ref": "#/components/schemas/FingerprintSubscription"}, "type": "array"}, {"type": "null"}], "title": "Fingerprints"}, "vendors": {"anyOf": [{"items": {"$ref": "#/components/schemas/VendorSubscription"}, "type": "array"}, {"type": "null"}], "title": "Vendors"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "pull_limit": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Pull Limit", "description": "Maximum number of items to pull"}, "enable_ip_aggregation": {"type": "boolean", "title": "Enable Ip Aggregation", "description": "Whether to enable IP aggregation into ranges", "default": false}}, "type": "object", "required": ["organization_id", "entity_type", "name", "output_format"], "title": "IntegrationResponse"}, "IntervalOptions": {"type": "string", "enum": ["hour", "day", "week"], "title": "IntervalOptions"}, "IpsDetailsStats": {"properties": {"total": {"type": "integer", "minimum": 0.0, "title": "Total", "description": "Total number of matching IPs"}, "reputation": {"items": {"$ref": "#/components/schemas/FacetBucket"}, "type": "array", "title": "Reputation", "description": "IP count by reputation"}, "country": {"items": {"$ref": "#/components/schemas/FacetBucket"}, "type": "array", "title": "Country", "description": "IP count by country (top 5)"}, "as_name": {"items": {"$ref": "#/components/schemas/FacetBucket"}, "type": "array", "title": "As Name", "description": "IP count by AS name (top 5)"}, "cves": {"items": {"$ref": "#/components/schemas/FacetBucket"}, "type": "array", "title": "Cves", "description": "IP count by CVE (top 5)"}, "classifications": {"items": {"$ref": "#/components/schemas/FacetBucket"}, "type": "array", "title": "Classifications", "description": "IP count by classification (top 5)"}}, "type": "object", "required": ["total", "reputation", "country", "as_name", "cves", "classifications"], "title": "IpsDetailsStats"}, "Location": {"properties": {"country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country code"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City name"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude coordinate"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude coordinate"}}, "type": "object", "title": "Location"}, "LookupImpactCVEItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "title": {"type": "string", "title": "Title", "description": "Title of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score of the CVE"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score indicating if it's an opportunistic(0) or targeted(5) attack (between 0-5)", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score indicating the vulnerability's trendiness based on signal comparison with the previous month. Higher scores (4-5) indicate significantly more signals this month than last month's average, while lower scores (0-1) indicate declining activity (between 0-5)", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"anyOf": [{"type": "number", "maximum": 10.0, "minimum": 0.0}, {"type": "null"}], "title": "Cvss Score", "description": "CVSS score of the CVE"}, "has_public_exploit": {"type": "boolean", "title": "Has Public Exploit", "description": "Indicates if there is a public exploit for the CVE"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the associated detection rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase of the CVE"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustments applied to the CVE score based on various factors"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis of the CVE"}, "cwes": {"items": {"$ref": "#/components/schemas/CWE"}, "type": "array", "title": "Cwes", "description": "List of CWEs associated with the CVE"}, "events": {"items": {"$ref": "#/components/schemas/CVEEventOutput"}, "type": "array", "title": "Events", "description": "List of events related to the CVE"}, "type": {"type": "string", "const": "cve", "title": "Type", "description": "Resource type", "default": "cve"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "published_date", "has_public_exploit", "exploitation_phase", "references", "description", "crowdsec_analysis", "cwes"], "title": "LookupImpactCVEItem"}, "LookupImpactFingerprintItem": {"properties": {"id": {"type": "string", "title": "Id", "description": "Fingerprint rule identifier"}, "name": {"type": "string", "title": "Name", "description": "Fingerprint rule name"}, "title": {"type": "string", "title": "Title", "description": "Fingerprint rule title"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "crowdsec_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Crowdsec Score", "description": "Live Exploit Tracker score for the fingerprint rule"}, "opportunity_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Opportunity Score", "description": "Opportunity score", "default": 0}, "momentum_score": {"type": "integer", "maximum": 5.0, "minimum": 0.0, "title": "Momentum Score", "description": "Momentum score", "default": 0}, "first_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "First Seen", "description": "First seen date"}, "last_seen": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs observed"}, "rule_release_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Rule Release Date", "description": "Release date of the fingerprint rule"}, "exploitation_phase": {"$ref": "#/components/schemas/ExploitationPhase", "description": "Current exploitation phase"}, "adjustment_score": {"anyOf": [{"$ref": "#/components/schemas/AdjustmentScore"}, {"type": "null"}], "description": "Score adjustment details"}, "threat_context": {"anyOf": [{"$ref": "#/components/schemas/ThreatContext"}, {"type": "null"}], "description": "Threat context (attacker/defender countries, industries, objectives)"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the fingerprint rule"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Fingerprint rule description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Reference links for the fingerprint rule"}, "crowdsec_analysis": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Crowdsec Analysis", "description": "CrowdSec analysis for this fingerprint rule"}, "events": {"items": {"$ref": "#/components/schemas/FingerprintEventOutput"}, "type": "array", "title": "Events", "description": "List of events related to the fingerprint rule"}, "type": {"type": "string", "const": "fingerprint", "title": "Type", "description": "Resource type", "default": "fingerprint"}}, "type": "object", "required": ["id", "name", "title", "affected_components", "crowdsec_score", "nb_ips", "exploitation_phase"], "title": "LookupImpactFingerprintItem"}, "LookupImpactResponsePage": {"properties": {"items": {"items": {"oneOf": [{"$ref": "#/components/schemas/LookupImpactCVEItem"}, {"$ref": "#/components/schemas/LookupImpactFingerprintItem"}], "discriminator": {"propertyName": "type", "mapping": {"cve": "#/components/schemas/LookupImpactCVEItem", "fingerprint": "#/components/schemas/LookupImpactFingerprintItem"}}}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupImpactResponsePage"}, "LookupListItemWithStats": {"properties": {"value": {"type": "string", "title": "Value", "description": "Lookup entry value"}, "nb_cves": {"type": "integer", "minimum": 0.0, "title": "Nb Cves", "description": "Number of CVEs", "default": 0}, "nb_fingerprints": {"type": "integer", "minimum": 0.0, "title": "Nb Fingerprints", "description": "Number of fingerprint rules", "default": 0}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Total number of unique IPs targeting this entry", "default": 0}, "nb_ips_cves": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Cves", "description": "Number of IPs across CVEs", "default": 0}, "nb_ips_fingerprints": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Fingerprints", "description": "Number of IPs across fingerprint rules", "default": 0}, "latest_rule_release": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Latest Rule Release", "description": "Most recent rule release date for this entry"}}, "type": "object", "required": ["value"], "title": "LookupListItemWithStats"}, "LookupListWithStatsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/LookupListItemWithStats"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "LookupListWithStatsResponsePage"}, "MitreTechnique": {"properties": {"name": {"type": "string", "title": "Name", "description": "MITRE technique ID"}, "label": {"type": "string", "title": "Label", "description": "MITRE technique label"}, "description": {"type": "string", "title": "Description", "description": "MITRE technique description"}}, "type": "object", "required": ["name", "label", "description"], "title": "MitreTechnique"}, "ProtectRule": {"properties": {"link": {"type": "string", "title": "Link", "description": "URL to the rule source"}, "published_date": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Published Date", "description": "Date the rule was published"}, "tags": {"items": {"$ref": "#/components/schemas/ProtectRuleTag"}, "type": "array", "title": "Tags", "description": "Tags associated with the rule"}, "name": {"type": "string", "title": "Name", "description": "Rule name"}, "label": {"type": "string", "title": "Label", "description": "Human-readable rule label"}, "content": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Content", "description": "Rule content/definition"}}, "type": "object", "required": ["link", "name", "label"], "title": "ProtectRule", "description": "A protection/detection rule reference from vuln_scores."}, "ProtectRuleTag": {"properties": {"tag": {"type": "string", "title": "Tag", "description": "Tag identifier"}, "label": {"type": "string", "title": "Label", "description": "Human-readable tag label"}}, "type": "object", "required": ["tag", "label"], "title": "ProtectRuleTag", "description": "A tag on a protect rule reference."}, "Reference": {"properties": {"name": {"type": "string", "title": "Name", "description": "Reference name"}, "label": {"type": "string", "title": "Label", "description": "Reference label"}, "description": {"type": "string", "title": "Description", "description": "Reference description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Reference"}, "ScoreBreakdown": {"properties": {"aggressiveness": {"type": "integer", "title": "Aggressiveness", "description": "Aggressiveness score"}, "threat": {"type": "integer", "title": "Threat", "description": "Threat score"}, "trust": {"type": "integer", "title": "Trust", "description": "Trust score"}, "anomaly": {"type": "integer", "title": "Anomaly", "description": "Anomaly score"}, "total": {"type": "integer", "title": "Total", "description": "Total score"}}, "type": "object", "required": ["aggressiveness", "threat", "trust", "anomaly", "total"], "title": "ScoreBreakdown"}, "Scores": {"properties": {"overall": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Overall scores"}, "last_day": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last day scores"}, "last_week": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last week scores"}, "last_month": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last month scores"}}, "type": "object", "required": ["overall", "last_day", "last_week", "last_month"], "title": "Scores"}, "SinceOptions": {"type": "integer", "enum": [1, 7, 30], "title": "SinceOptions"}, "SubscribeCVEIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeCVEIntegrationRequest"}, "SubscribeFingerprintIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeFingerprintIntegrationRequest"}, "SubscribeVendorIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeVendorIntegrationRequest"}, "ThreatContext": {"properties": {"attacker_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Attacker Countries", "description": "Attacker country distribution (country code \u2192 count)"}, "defender_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Defender Countries", "description": "Defender country distribution (country code \u2192 count)"}, "industry_types": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Industry Types", "description": "Industry type distribution (type \u2192 count)"}, "industry_risk_profiles": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Industry Risk Profiles", "description": "Industry risk profile distribution (profile \u2192 count)"}, "attacker_objectives": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Attacker Objectives", "description": "Attacker objective distribution (objective \u2192 count)"}}, "type": "object", "title": "ThreatContext"}, "TimelineItem": {"properties": {"timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the timeline event"}, "count": {"type": "integer", "title": "Count", "description": "Count of occurrences at the timestamp"}}, "type": "object", "required": ["timestamp", "count"], "title": "TimelineItem"}, "TopProductItem": {"properties": {"value": {"type": "string", "title": "Value", "description": "Product name"}, "nb_ips_cves": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Cves", "description": "Number of IPs across CVEs", "default": 0}, "nb_ips_fingerprints": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Fingerprints", "description": "Number of IPs across fingerprint rules", "default": 0}}, "type": "object", "required": ["value"], "title": "TopProductItem"}, "VendorSortBy": {"type": "string", "enum": ["value", "nb_cves", "nb_ips", "latest_rule_release"], "title": "VendorSortBy"}, "VendorStatsResponse": {"properties": {"value": {"type": "string", "title": "Value", "description": "Vendor name"}, "nb_cves": {"type": "integer", "minimum": 0.0, "title": "Nb Cves", "description": "Number of CVEs", "default": 0}, "nb_fingerprints": {"type": "integer", "minimum": 0.0, "title": "Nb Fingerprints", "description": "Number of fingerprint rules", "default": 0}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Total number of unique IPs targeting this vendor", "default": 0}, "nb_ips_cves": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Cves", "description": "Number of IPs across CVEs", "default": 0}, "nb_ips_fingerprints": {"type": "integer", "minimum": 0.0, "title": "Nb Ips Fingerprints", "description": "Number of IPs across fingerprint rules", "default": 0}, "top_products": {"items": {"$ref": "#/components/schemas/TopProductItem"}, "type": "array", "title": "Top Products", "description": "Top products for this vendor sorted by total IPs descending"}}, "type": "object", "required": ["value"], "title": "VendorStatsResponse"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1", "description": "Production server"}]} \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index f3f7494..55f5ca5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "crowdsec_tracker_api" -version = "1.108.1" +version = "1.119.5" license = { text = "MIT" } authors = [ { name="crowdsec", email="info@crowdsec.net" }