api-reference/cado-api.json at main · cado-security/api-reference · GitHub

1
{"openapi":"3.1.0","info":{"title":"Cado Platform API","description":"\nThe documentation reference for the Cado platform's RESTful API. \nThe API can integrate with every part of the platform, from user management, querying timeline data, and importing evidence from the cloud.\nWe provide some <a href=\"https:\/\/github.com\/cado-security\/cado-api-examples\">example Python scripts<\/a> to help you get started.\n<br \/><br \/>\nUsing the API requires an API key, which can be <a href=\"https:\/\/docs.cadosecurity.com\/cado-response\/manage\/integrations\/api-overview\">obtained from the Cado platform<\/a>.\nThis API key needs to be used with the `Authorization` header in the Bearer format. For example: <code>Authorization: Bearer YOUR_API_KEY<\/code>.\n<br \/><br \/>\nEach API will have a few extra parameters listed in the description, these parameters describe how the API behaves and what it expects. The parameters we list are:\n<ul>\n    <li><b>Feature Lifecycle<\/b>: This indicates if the API is in <code>beta<\/code> or <code>production<\/code>. If the API is in beta, you may need to enable it in the Experiments settings inside the platform. APIs with a <code>beta<\/code> flag are considered unstable and are subject to change or removal at any point, and are not recommended for production use.<\/li>\n<\/ul>\n","version":"2.312.0","x-logo":{"altText":"Cado Security","url":"static\/logo.png"}},"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"alarm_schema":{"type":"object","required":["id","type","item_id","severity","description"],"properties":{"id":{"type":"integer","description":"The ID of the alarm"},"type":{"type":"string","description":"The type of the alarm (content or event)"},"full_path":{"type":"string","description":"Full path of the file location"},"resource":{"type":"string","description":"Evidence hostname"},"evidence_name":{"type":"string","description":"The evidence name"},"evidence_id":{"type":"integer","description":"Evidence id"},"item_id":{"type":"string","description":"The ID of the associated hash (content) or event (event)"},"source":{"type":"string","description":"Indicates what the alarm trigger was based on"},"severity":{"type":"integer","description":"The ID of the alarm"},"description":{"type":"string","description":"The description of the alarm"},"attack":{"type":"array","description":"An array of attack IDs","items":{"type":"string","description":"The ID of an attack"}},"indicator_data":{"type":"string","description":"Data used to determine indicators of compromise"},"extra":{"type":"string","description":"Additional alarm-specific data"},"first_seen":{"type":"number","description":"first time seen this alarm"},"last_seen":{"type":"number","description":"last time seen this alarm"},"dspm_type":{"type":"string","description":"Data Security Posture Management type","nullable":true,"enum":["Secrets","PII","PCI","PHI"]}}},"evidence_schema":{"type":"object","required":["id","alarms","items","display_name","log"],"properties":{"alarms":{"type":"object","description":"Summary of alarms detected in this evidence","nullable":false,"required":["malicious","suspicious"],"properties":{"malicious":{"description":"Number of malicious alarms","type":"integer"},"suspicious":{"description":"Number of suspicious alarms","type":"integer"}}},"id":{"type":"integer","description":"The ID of the evidence"},"project_id":{"type":"integer","description":"The ID of the project the evidence belongs to"},"display_name":{"type":"string","description":"The display name of the evidence"},"description":{"type":"string","description":"The description of the evidence"},"log":{"type":"string","description":"When the evidence started processing"},"details":{"type":"object","description":"Details about the evidence","properties":{"os":{"type":"string","description":"Operating system"},"hostname":{"type":"string","description":"hostname"},"disk_size":{"type":"integer","description":"Disk size of the evidence"},"disk_hash":{"type":"string","description":"Hash of the disk"},"unique_logs":{"type":"array","items":{"type":"string"},"description":"List of unique logs associated with the evidence"},"is_cado_host":{"type":"boolean","description":"Is the evidence a cado host capture"},"type":{"type":"string","description":"Type of evidence ( EEType )"},"has_network_data":{"type":"boolean","description":"If the evidence has network data"}}},"resource":{"type":"object","description":"Information about the resource the evidence was captured from","properties":{"id":{"type":"string","description":"The ID of the resource"},"type":{"type":"string","description":"The type of the resource"},"account_id":{"type":"string","description":"The ID of the account the resource is from"},"account_type":{"type":"string","description":"The type of the account the resource is from"},"roles":{"type":"array","items":{"type":"string"},"description":"The roles associated with the resource"},"parent_id":{"type":"string","description":"The resource ID of the parent resource"}}},"preservation":{"type":"object","properties":{"encase":{"type":"string","description":"The path to the Encase file"},"raw":{"type":"string","description":"The path to the preservation file"}}},"items":{"type":"integer","description":"The number of evidence items within an evidence"},"processing_ran":{"type":"boolean","description":"Whether the processing pipeline has run"},"last_processed":{"type":"number","description":"Unix timestamp of when the evidence was last processed"},"processed_ami":{"type":"string","description":"AMI of the platform at the time the evidence was last processed"},"processed_platform_version":{"type":"string","description":"Version of the platform at the time the evidence was last processed"}}},"note_schema":{"type":"object","required":["alarms","items","display_name","log"],"properties":{"id":{"description":"Id of the note.","type":"integer"},"evidence_id":{"description":"Id of the evidence associated with the note.","type":"integer"},"event_id":{"description":"The timeline event id of the note.","type":"string"},"user_id":{"description":"The user id of the note creator.","type":"integer"},"created":{"description":"Timestamp of the note creation.","type":"number"},"note":{"$ref":"#\/components\/schemas\/note_data"}}},"note_data":{"oneOf":[{"type":"object","required":["type"],"properties":{"type":{"description":"Type of the note.","type":"string","default":"star","enum":["star"]}}},{"type":"object","required":["type","text"],"properties":{"type":{"description":"Type of the note.","type":"string","default":"comment","enum":["comment"]},"text":{"description":"The text of the comment.","type":"string"}}}]},"notification_level":{"type":"string","enum":["Info","Warning","Error"],"description":"The level of the notification to get i.e Info, Warning, Error"},"settings_schema":{"type":"object","properties":{"preservation":{"type":"object","required":["custom_bucket_enabled","file_content_mode"],"properties":{"custom_bucket_enabled":{"type":"boolean","description":"Whether or not to preserve in a custom bucket, as well as the default Cado bucket","default":false},"custom_bucket":{"type":"string","description":"The name of the custom bucket where evidence will be stored if custom evidence preservation is enabled."},"account_name":{"type":"string","description":"The name of the account where evidence will be stored. Only included if deployed on Azure."},"file_content_mode":{"type":"string","default":"all","enum":["all","alarmed","none"],"description":"Which mode of file preservation"}}},"archive_investigations":{"type":"object","required":["archiving_enabled","threshold_days"],"properties":{"archiving_enabled":{"type":"boolean","description":"Whether or not to archive investigations after <threshold_days> days","default":false},"threshold_days":{"type":"integer","default":90,"description":"The age of an investigation in days at which point it gets archived"}}},"worker":{"type":"object","properties":{"local":{"type":"boolean","description":"Enable or disable local worker."},"max":{"type":"integer","description":"Maxium number of worker VMs to deploy."},"instance":{"type":"string","description":"Instance type to use for worker VMs."},"shutdown_wait":{"type":"integer","description":"Time (in seconds) to wait after a worker becomes idle before shutting it down."}}},"minimum_role_deployment":{"type":"boolean","description":"Confirm scoped up instance role."},"bucket":{"type":"string","description":"The primary bucket\/container Cado will use for Host acquisition, health checks, and evidence preservation."},"azure_storage_account":{"type":"string","description":"The storage account in which the container for Host acquisition, health checks, and evidence preservation resides"},"setup_complete":{"type":"boolean","description":"Whether the initial setup has been completed."},"private_gcp_api_endpoint":{"type":"string","description":"Private GCP API Endpoint."},"debug_logs_endpoint_enabled":{"type":"boolean","description":"Enable Log Access for Upgrade Issues."},"telemetry_enabled":{"type":"boolean","description":"Enable Telemetry."},"cado_host":{"oneOf":[{"type":"object","properties":{"skip_ssl_verify":{"type":"boolean"}}}]},"enable_extra_debug":{"type":"boolean","description":"Enable profiler and debug during extraction and processing"},"ee":{"oneOf":[{"type":"object","required":["preset"],"properties":{"preset":{"description":"Extraction engine settings preset.","type":"string","default":"fast","enum":["light","fast","full"]}}}]},"sso_provider":{"type":"object","properties":{"oauth":{"oneOf":[{"oauth":null,"properties":{"microsoft":{"$ref":"#\/components\/schemas\/oauth_schema"},"okta":{"$ref":"#\/components\/schemas\/oauth_schema"}}}]},"saml":{"oneOf":[{"saml":null,"properties":{"okta":{"$ref":"#\/components\/schemas\/saml_schema"},"ping":{"$ref":"#\/components\/schemas\/saml_schema"}}}]}}},"feature_flag":{"properties":{"private_workers":{"type":"boolean"},"automated_response":{"type":"boolean"}}},"proxy":{"required":["url"],"properties":{"url":{"description":"Proxy URL for outbound connections","type":"string"},"cert_url":{"description":"Location of proxy certificate","type":"string"},"whitelist":{"description":"Domains or IP addresses that the proxy should not be used for (one per line)","type":"string"}}},"siem":{"required":["integration"],"properties":{"integration":{"type":"boolean","description":"Enable or disable SIEM integration."},"s3_bucket":{"type":"string","description":"S3 bucket to output SIEM integration data to"},"s3_folder":{"description":"Folder within S3 bucket to output SIEM integration data to","type":"string"}}},"tag":{"description":"Tag to be applied to resources created by Cado","required":["key","value"],"properties":{"key":{"type":"string"},"value":{"type":"string"}}},"detections":{"description":"Detection settings","properties":{"gcp_bucket_tags":{"type":"object","description":"A GCP bucket must have this label to be eligible for acquisition","required":["tag_key","tag_value"],"properties":{"tag_key":{"type":"string","description":"The label key a GCP bucket must have"},"tag_value":{"type":"string","description":"The label value a GCP bucket must have"}}},"host_options":{"type":"object","description":"Cado Host options to use for the import.","properties":{"windows":{"$ref":"#\/components\/schemas\/host_options"},"mac":{"$ref":"#\/components\/schemas\/host_options"},"linux":{"$ref":"#\/components\/schemas\/host_options"}}},"detection_darktrace_aia_full_disk_enabled":{"type":"boolean","description":"Enable or disable full disk captures from Darktrace AIA incident events, if disabled triage captures will be performed."},"detection_group_enabled":{"type":"boolean","description":"Enable or disable allowing group access to all investigations created by a Detection Rule"},"detection_group_id":{"type":"integer","description":"The ID of the Group to add to investigations created by a Detection Rule"},"filter":{"oneOf":[{"type":"object","description":"Hostname Detections filter","properties":{"hostname":{"type":"object","description":"Hostname Detections include filter","properties":{"include":{"type":"array","items":{"type":"string"}},"exclude":{"type":"array","items":{"type":"string"}}}}}}]}}},"enable":{"description":"Enable or disable settings","type":"object","properties":{"custom_yara":{"type":"boolean","description":"Enable or disable custom Yara rules"},"default_yara":{"type":"boolean","description":"Enable or disable default Yara rules"},"custom_iocs":{"type":"boolean","description":"Enable or disable custom IOCs"}}},"virus_total_api_key":{"type":"string","description":"Virus Total API Key"},"features":{"type":"array","description":"List of features","items":{"oneOf":[{"type":"object","required":["name","enabled"],"description":"Minimum required body for a PATCH request","properties":{"name":{"type":"string","description":"Name of the feature"},"enabled":{"type":"boolean","description":"Should this feature be enabled?"}}},{"type":"object","required":["name","description","enabled","stage"],"description":"Expected body for a GET response","properties":{"name":{"type":"string","description":"Name of the feature"},"display_name":{"type":"string","description":"Display name of the feature (if different)"},"description":{"type":"string","description":"Description of the feature"},"stage":{"type":"string","enum":["alpha","beta","poc"],"description":"The development stage of this feature"},"enabled":{"type":"boolean","description":"Should this feature be enabled?"},"unsupported_clouds":{"type":"array","items":{"type":"string","enum":["aws","azure","gcp","k8s"]},"description":"List of unsupported clouds"}}}]}},"log_export":{"type":"object","required":["enabled_logs"],"properties":{"enabled":{"type":"boolean","description":"Whether to enable the feature"},"host":{"type":"string","description":"The hostname of the syslog server"},"port":{"type":"integer","default":514,"description":"The destination port of the syslog server."},"protocol":{"type":"string","description":"The protocol to use when sending syslog events.","enum":["tcp","udp"],"default":"tcp"},"tls_enabled":{"type":"boolean","description":"Whether to use TLS when connecting to the server."},"tls_verify_enabled":{"type":"boolean","description":"Whether to verify the certificate of the syslog server."},"enabled_logs":{"type":"object","description":"The types of logs that are enabled","properties":{"application":{"type":"boolean","description":"General logs produced by the FAI application","default":false},"audit":{"type":"boolean","description":"Audit events produced by the FAI application","default":false},"system":{"type":"boolean","description":"System logs from the machine that FAI is running on","default":false}}}}},"azure_credentials":{"type":"object","required":["client_secret"],"properties":{"client_id":{"type":"string","description":"Azure Service Principal Client ID"},"tenant_id":{"type":"string","description":"Azure Tenant ID"},"client_secret":{"type":"string","description":"Azure Service Principal Client Secret"}}}}},"oauth_schema":{"type":"object","required":["client_id","tenant_id","admin_group","enabled","client_secret"],"properties":{"client_id":{"type":"string"},"tenant_id":{"type":"string"},"enabled":{"type":"boolean","default":false},"client_secret":{"type":"string"},"admin_group":{"type":"string"}}},"saml_schema":{"type":"object","required":["idp_entity_id","idp_sso_url","idp_x509cert","sp_acs_url","sp_entity_id","admin_group","enabled"],"properties":{"idp_entity_id":{"type":"string"},"idp_sso_url":{"type":"string"},"idp_x509cert":{"type":"string"},"sp_entity_id":{"type":"string"},"sp_acs_url":{"type":"string"},"admin_group":{"type":"string"},"enabled":{"type":"boolean","default":false}}},"user_schema":{"type":"object","required":["id","rbac_role","username","display_name","login_type"],"properties":{"id":{"type":"integer"},"rbac_role":{"type":"string","enum":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst","Darktrace"]},"created_timestamp":{"type":"number"},"username":{"type":"string"},"login_type":{"type":"integer"},"last_login_timestamp":{"type":"number","description":"last login time, as ms since epoch"},"display_name":{"type":"string"},"groups_count":{"type":"integer","description":"The number of groups assigned to the user."},"temp_password":{"type":"string","description":"only included if admin resets another user's password"}}},"pagination":{"type":"object","description":"Pagination information","required":["type","total_records","current_page","total_pages"],"properties":{"type":{"type":"string","enum":["page"],"default":"page","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"page\"."},"total_records":{"type":"integer","description":"An integer representing the total amount of data we're paging."},"current_page":{"type":"integer","description":"An integer representing the current page of data (we use this to work out next and previous pages). NOTE: this is 1-indexed (i.e. it starts at 1)."},"total_pages":{"type":"integer","description":"An integer representing the total number of pages."},"per_page":{"type":"integer","description":"An integer representing the number of records per page."}}},"host_options":{"type":"object","description":"Cado Host options to use for the import.","properties":{"collection_type":{"type":"string","enum":["balanced","custom"],"default":"balanced","description":"Specifies if the collection is balanced (default) or customised."},"light_mode":{"type":"boolean","default":false,"description":"Whether to use light mode, which acquires files with a size < 10MB."},"skip_scan":{"type":"boolean","default":false,"description":"Whether to skip the file scanning feature, which searches for additional files based on signatures."},"skip_ssl_verification":{"type":"boolean","default":false,"description":"Whether to skip SSL verification. This is not safe."},"additional_files_only":{"type":"boolean","default":false,"description":"Whether to only acquire the specified files in additional_files. Only available with the 'custom' collection type."},"groups":{"type":"array","description":"A list of Cado Host groups. Only available with the 'custom' collection type.","items":{"type":"string"}},"additional_files":{"type":"array","description":"A list of additional files to acquire.","items":{"type":"string"}}}}},"responses":{"default":{"description":"A response indicating an error has occurred.","content":{"application\/json":{"schema":{"type":"object","required":["status","message","code"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"error\".","enum":["error"],"default":"error"},"message":{"type":"string","description":"The error message returned by the API. In some cases, the message will contain a link to documentation for further troubleshooting."},"code":{"type":"string","description":"An error code that can be given to Cado support for further troubleshooting."},"data":{"type":"object","description":"Any supporting data returned by the API that can help with further troubleshooting."}}}}}}}},"paths":{"\/api\/v3\/auth\/keys":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"List all keys","description":"Get all API keys that aren't revoked.","tags":["Authentication"],"security":[{"bearerAuth":[]}],"parameters":[],"responses":{"200":{"description":"Return `tokens` list","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["tokens"],"properties":{"tokens":{"type":"array","items":{"type":"object","required":["id","user_id","public_key","key_name","key_role"],"properties":{"id":{"type":"integer"},"user_id":{"type":"integer"},"public_key":{"type":"string"},"key_name":{"type":"string","description":"Descriptive name for the API key"},"key_role":{"type":"string","description":"RBAC role for the API key"},"last_used_timestamp":{"type":"number"}}}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Create new API Key","description":"API key is a type of access token that does not expire.","tags":["Authentication"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["key_role"],"properties":{"key_name":{"type":"string","description":"Optional descriptive name for the API key. Defaults to the public key if not provided."},"key_role":{"type":"string","description":"RBAC role for the API key."}}}}}},"responses":{"200":{"description":"Returns the public and secret keys","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["secret_key","id","public_key","key_name","key_role"],"properties":{"secret_key":{"type":"string"},"id":{"type":"integer"},"public_key":{"type":"string"},"key_name":{"type":"string"},"key_role":{"type":"string"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"delete":{"summary":"Revoke key","description":"Mark the given API Key as revoked in the database.","tags":["Authentication"],"security":[{"bearerAuth":[]}],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["id"],"properties":{"id":{"type":"integer","description":"ID of an API Key"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status"],"type":"object"}}},"description":"Revoked message"}}}},"\/api\/v3\/accounts":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Retrieve Accounts","description":"Retrieve all the accounts added to the platform.","parameters":[{"name":"account_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by account name."},{"name":"type","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"]}},"description":"Filter by account type. Multiple types can be specified."},{"name":"account_check_result","in":"query","required":false,"schema":{"type":"string","enum":["success","failure","cancelled","no_checks"]},"description":"Filter by recent Account Check result."},{"name":"group_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by roles assigned to the group."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of cloud credentials to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many cloud credentials per page."}],"tags":["Accounts"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully got account credentials.","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","description":"A list of accounts.","items":{"type":"object","required":["id","account_name","type","account_check_id"],"properties":{"id":{"type":"integer","description":"The unique ID of the account."},"account_name":{"type":"string","description":"The account name"},"type":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"],"description":"The account type"},"public_identifier":{"type":"string","description":"The public identifier for the account."},"account_check_id":{"type":"integer","nullable":true,"description":"The Account Check ID associated with the account (if applicable)."},"account_last_used":{"type":"string","nullable":true,"description":"The last time the account was used, in human readable form."}}}}}}}}}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Add Accounts","description":"Add an account to the platform.","tags":["Accounts"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","account_type"],"properties":{"account_name":{"type":"string","description":"The alias for the account credentials being added. This must be unique."},"account_type":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"],"description":"The account service provider for the saved credentials."},"default_creds":{"type":"boolean","description":"Whether to use the same identity as the Cado Platform. This is only applicable for GCP and Azure deployments, and credentials must not be passed if this is set."},"credential_data":{"type":"object","description":"The account credentials to be added.","oneOf":[{"type":"object","title":"Aws Role ARN","description":"An object containing the AWS role. This should be in an ARN format.","required":["role"],"properties":{"role":{"type":"string","example":"arn:aws:iam::12345678910:role\/myRole","description":"An AWS role to be added to the platform."}}},{"type":"object","title":"Aws Keys","description":"An object containing key-based credentials.","required":["access_key","secret_key"],"properties":{"access_key":{"type":"string","description":"The access key for the key-based credentials."},"secret_key":{"type":"string","description":"The secret key for the key-based credentials."}}},{"type":"object","title":"GCP Service Account","description":"An object containing the GCP Service Account credentials.","required":["project_id","type","client_id","auth_uri","client_email","private_key","private_key_id","auth_provider_x509_cert_url","client_x509_cert_url","token_uri"],"properties":{"project_id":{"type":"string","description":"The GCP Project ID for the GCP Service Account credentials."},"type":{"type":"string","description":"The type of the GCP Service Account credentials."},"client_id":{"type":"string","description":"The client ID for the GCP Service Account credentials."},"client_email":{"type":"string","description":"The client email for the GCP Service Account credentials."},"auth_uri":{"type":"string","description":"The auth URI for the GCP Service Account credentials."},"token_uri":{"type":"string","description":"The token URI for the GCP Service Account credentials."},"private_key":{"type":"string","description":"The private key for the GCP Service Account credentials."},"private_key_id":{"type":"string","description":"The private key ID for the GCP Service Account credentials."},"auth_provider_x509_cert_url":{"type":"string","description":"The auth provider x509 certificate URL for the GCP Service Account credentials."},"client_x509_cert_url":{"type":"string","description":"The client x509 certificate URL for the GCP Service Account credentials."},"universe_domain":{"type":"string","description":"The universe domain for the GCP Service Account credentials."}}},{"type":"object","title":"GCP Workload Identity Federation (WIF)","description":"An object containing the GCP Workload Identity Federation (WIF) credentials.","required":["type","audience","subject_token_type","service_account_impersonation_url","token_url","credential_source"],"properties":{"universe_domain":{"type":"string","description":"The universe domain of the GCP Workload Identity Federation (WIF) credentials."},"type":{"type":"string","description":"The type of the GCP Workload Identity Federation (WIF) credentials."},"audience":{"type":"string","description":"The audience for the GCP Workload Identity Federation (WIF) credentials."},"subject_token_type":{"type":"string","description":"The subject for the GCP Workload Identity Federation (WIF) credentials."},"service_account_impersonation_url":{"type":"string","description":"The service account impersonation URL for the GCP Workload Identity Federation (WIF) credentials."},"token_url":{"type":"string","description":"The token URL for the GCP Workload Identity Federation (WIF) credentials."},"credential_source":{"type":"object","description":"The credential source for the GCP Workload Identity Federation (WIF) credentials."}}},{"type":"object","title":"Azure Service Principal (Client Secret)","description":"An object containing the Azure Service Principal credentials.","required":["client_id","client_secret","tenant_id"],"properties":{"client_id":{"type":"string","description":"Client ID of the Azure Credentials."},"client_secret":{"type":"string","description":"Client Secret of the Azure Credentials."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure Credentials."}}},{"type":"object","title":"Azure Service Principal (Certificate)","description":"An object containing the Azure Service Principal credentials.","required":["client_id","tenant_id","certificate_data"],"properties":{"client_id":{"type":"string","description":"Client ID of the Azure Credentials."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure Credentials."},"certificate_data":{"type":"string","description":"The certificate data (in PEM or PKCS12 format) for the Azure Service Principal credentials, base64 encoded."},"password":{"type":"string","description":"The password for the certificate."}}},{"type":"object","title":"SentinelOne XDR","description":"An object containing SentinelOne XDR credentials.","required":["endpoint","token"],"properties":{"endpoint":{"type":"string","description":"The configured endpoint URL for SentinelOne XDR."},"token":{"type":"string","description":"The API token"}}},{"type":"object","title":"CrowdStrike XDR","description":"An object containing CrowdStrike XDR credentials.","required":["endpoint","client_id","client_secret"],"properties":{"endpoint":{"type":"string","description":"The configured endpoint URL for CrowdStrike."},"client_id":{"type":"string","description":"The client ID for CrowdStrike."},"client_secret":{"type":"string","description":"The client secret for CrowdStrike."}}},{"type":"object","title":"Darktrace XDR","description":"An object containing Darktrace XDR credentials.","required":["client_id","client_secret"],"properties":{"client_id":{"type":"string","description":"The client ID for Darktrace."},"client_secret":{"type":"string","description":"The client secret for Darktrace."}}},{"type":"object","title":"Defender XDR","description":"An object containing Defender XDR credentials.","required":["endpoint","client_id","client_secret","tenant_id"],"properties":{"endpoint":{"type":"string","description":"The configured endpoint URL for Defender."},"client_id":{"type":"string","description":"The client ID for Defender."},"client_secret":{"type":"string","description":"The client secret for Defender."},"tenant_id":{"type":"string","description":"The tenant ID for Defender."}}},{"type":"object","title":"Microsoft SaaS","required":["organization","tenant_id","client_id","client_secret"],"properties":{"organization":{"type":"string","description":"The Microsoft SaaS organization."},"tenant_id":{"type":"string","description":"The tenant ID for Microsoft SaaS."},"client_id":{"type":"string","description":"The client ID for Microsoft SaaS."},"client_secret":{"type":"string","description":"The client secret for Microsoft SaaS."}}},{"type":"object","title":"Google Workspace","description":"An object containing Google Workspace credentials. These should be copied directly from the console.","required":["impersonation_email","credentials"],"properties":{"impersonation_email":{"type":"string"},"credentials":{"type":"object"}}}]}}}}}},"responses":{"201":{"description":"Successfully added account credentials.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned containing the account_name of the created account.","schema":null,"required":["account_name"],"properties":{"account_name":{"type":"string","description":"the account_name of the created account."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/accounts\/{account_name}":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Get an Account","description":"Get details about an Account.","parameters":[{"name":"account_name","in":"path","required":true,"schema":{"type":"string"},"description":"The name of the account to retrieve."}],"tags":["Accounts"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully got account credentials.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["id","account_name","type"],"properties":{"id":{"type":"integer","description":"The unique ID of the account."},"account_name":{"type":"string","description":"The account name"},"type":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"],"description":"The account type"},"public_identifier":{"type":"string","description":"The public identifier for the account."},"account_issues":{"type":"array","nullable":true,"description":"A list of issues with accounts found by the account check","items":{"type":"object","required":["service","issue","issue_type"],"properties":{"service":{"type":"string","description":"The service the issue relates to"},"issue":{"type":"string","description":"The issue found by the account check"},"issue_type":{"type":"string","description":"The type of issue found by the account check"}}}},"account_last_used":{"type":"string","nullable":true,"description":"The last time the account was used, in human readable form."}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Delete Account","description":"Deletes an account from the platform.","parameters":[{"name":"account_name","in":"path","required":true,"schema":{"type":"string"},"description":"The name of the account to delete."}],"tags":["Accounts"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted account credentials.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}}},"\/api\/v3\/accounts\/discovery\/aws":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"externalDocs":{"description":"AWS Organizations Feature Documentation","url":"https:\/\/docs.cadosecurity.com\/cado\/deploy\/cross\/aws-organizations"},"summary":"Kick off an AWS Organization Account Discovery","description":"Kick off an account discovery for AWS using AWS Organizations","tags":["Accounts"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["organization_account_name","iam_role_name"],"properties":{"organization_account_name":{"type":"string","description":"The name of the account that is assumed to list accounts in an organization. This must have the orgs:ListAccounts permissions and added to the Cado platform."},"iam_role_name":{"type":"string","pattern":"\/arn:aws:iam::\/i","description":"The name of the IAM role the platform will try to assume in discovered accounts. This is not the full ARN."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully kick off an AWS Organization Account Discovery","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"},"data":{"type":"object","description":"The data containing the new account discovery pipeline.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The numerical ID assigned to the pipeline."}}}}}}}}}}},"\/api\/v3\/accounts\/check":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Trigger an Account Check","description":"Trigger an Account Check","tags":["Accounts"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["account_name"],"properties":{"account_name":{"type":"string","description":"The Account name to run a check against"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response containing the pipeline ID of the Account Check","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The pipeline ID of the Account Check pipeline"}}}}}}}}}}},"\/api\/v3\/import\/url":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Import evidence from a URL","description":"Import evidence from a given URL via a standard download.","tags":["Import from URL"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["url","project_id"],"properties":{"project_id":{"type":"integer","minimum":1,"description":"The ID of the project to import the evidence into."},"url":{"type":"string","pattern":"^(?!mailto:)(?:(?:http|https|ftp):\/\/)(?:\\\\S+(?::\\\\S*)?@)?(?:(?:(?:[1-9]\\\\d?|1\\\\d\\\\d|2[01]\\\\d|22[0-3])(?:\\\\.(?:1?\\\\d{1,2}|2[0-4]\\\\d|25[0-5])){2}(?:\\\\.(?:[0-9]\\\\d?|1\\\\d\\\\d|2[0-4]\\\\d|25[0-4]))|(?:(?:[a-z\\\\u00a1-\\\\uffff0-9]+-?)*[a-z\\\\u00a1-\\\\uffff0-9]+)(?:\\\\.(?:[a-z\\\\u00a1-\\\\uffff0-9]+-?)*[a-z\\\\u00a1-\\\\uffff0-9]+)*(?:\\\\.(?:[a-z\\\\u00a1-\\\\uffff]{2,})))|localhost)(?::\\\\d{2,5})?(?:(\/|\\\\?|#)[^\\\\s]*)?$","description":"The URL of the evidence to import."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"https:\/\/cado-security.github.io\/api-reference\/#tag\/Pipelines\/paths\/~1api~1v3~1pipelines~1{id}\/get\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned by the API.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the pipeline that was created to process the evidence."}}}}}}}}}}},"\/api\/v3\/alarms":{"get":{"description":"List alarms visible to the current user","parameters":[{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by investigation id."},{"name":"evidence_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by evidence id."},{"name":"alarm_type","in":"query","required":false,"schema":{"type":"string","enum":["content","event"]},"description":"Filter by alarm type."},{"name":"alarm_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by alarm name."},{"name":"alarm_severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"integer"}},"description":"Filter by alarm severity"},{"name":"resource","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by resource."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page or results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id"],"default":"-id"},"description":"The way in which to order evidences."},{"name":"latest_results","in":"query","required":false,"schema":{"type":"boolean"},"description":"Filter to show only the latest scan results."},{"name":"dspm_type","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Secrets","PII","PCI","PHI"]}},"description":"Filter by data Security Posture Management type"}],"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"data":{"type":"array","items":{"required":["id","type","item_id","severity","description"],"$ref":"#\/components\/schemas\/alarm_schema"}},"pagination":{"$ref":"#\/components\/schemas\/pagination","required":["total_records","current_page","total_pages","type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A list of alarm objects."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List alarms","tags":["Alarms"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"},"post":{"description":"Bulk add alarms to timeline.","requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["investigation_id","alarm_severity"],"description":"Payload for bulk adding alarms","properties":{"investigation_id":{"type":"integer","description":"The investigation ID to add alarms form"},"alarm_severity":{"type":"integer","description":"The type of alarm to associate with the events"},"include_timeline_query":{"type":"string","description":"Timeline query to filter timeline events"},"include_event_ids":{"type":"array","description":"A selection of event IDs to bulk add alarms for","items":{"type":"string","description":"The ID of an event"}},"exclude_event_ids":{"type":"array","description":"A selection of event IDs to ignore bulk adding alarms for","items":{"type":"string","description":"The ID of an event"}},"include_event_dates":{"type":"array","description":"A selection of event dates for which to bulk add alarms","items":{"type":"number","description":"A date on which an event occurred"}},"exclude_event_dates":{"type":"array","description":"A selection of event dates for which to ignore bulk adding alarms","items":{"type":"number","description":"A date on which an event occurred"}}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"alarm_ids":{"type":"array","items":{"type":"integer"},"description":"The IDs of the added alarm(s)."}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}},"description":"Response containing the IDs of the successfully added alarm(s)."},"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"alarm_ids":{"type":"array","items":{"type":"integer"},"description":"Empty array as no new alarms resources have been added."}}},"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}},"description":"Alarms already exist on provided event IDs."}},"security":[{"bearerAuth":[]}],"summary":"Add alarms","tags":["Alarms"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"},"delete":{"description":"Bulk remove alarms from timeline.","requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["investigation_id"],"description":"Payload for bulk removing alarms","properties":{"investigation_id":{"type":"integer","description":"The investigation ID to remove alarms form"},"include_timeline_query":{"type":"string","description":"Timeline query to filter timeline events"},"include_event_ids":{"type":"array","description":"A selection of event IDs to bulk remove alarms for","items":{"type":"string","description":"The ID of an event"}},"exclude_event_ids":{"type":"array","description":"A selection of event IDs to ignore bulk removing alarms for","items":{"type":"string","description":"The ID of an event"}},"include_event_dates":{"type":"array","description":"A selection of event dates for which to bulk remove alarms","items":{"type":"number","description":"A date on which an event occurred"}},"exclude_event_dates":{"type":"array","description":"A selection of event dates for which to ignore bulk removing alarms","items":{"type":"number","description":"A date on which an event occurred"}}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted alarms.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}},"security":[{"bearerAuth":[]}],"summary":"Remove alarms","tags":["Alarms"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/alarms\/summary":{"get":{"description":"Summary of the alarms in the investigation","parameters":[{"name":"investigation_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by investigation id."},{"name":"evidence_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by evidence id."},{"name":"alarm_severity","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by alarm severity"}],"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"total":{"type":"integer"},"breakdown":{"type":"array","items":{"properties":{"description":{"type":"string"},"content_alarm_count":{"type":"integer"},"event_alarm_count":{"type":"integer"},"total_count":{"type":"integer"},"severity":{"type":"integer"},"attack":{"type":"array","items":{"type":"string"}}}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A list of alarm objects."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Summary alarm","tags":["Alarms"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/alarms\/overview":{"get":{"description":"List alarm overviews per investigation","parameters":[{"name":"investigation_ids","in":"query","required":true,"schema":{"type":"array","items":{"type":"integer"}},"description":"Filter by investigation ids."}],"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"data":{"type":"array","items":{"type":"object","nullable":false,"required":["investigation_id","malicious","suspicious"],"properties":{"investigation_id":{"type":"integer"},"malicious":{"type":"integer"},"suspicious":{"type":"integer"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination","required":["total_records","current_page","total_pages","type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A list of alarm overview objects."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List alarm overviews","tags":["Alarms"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/alarms\/{id}":{"get":{"description":"Get an alarm by ID","parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the alarm you want to get."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"required":["id","type","item_id","severity","description"],"$ref":"#\/components\/schemas\/alarm_schema"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data"],"type":"object"}}},"description":"Successful alarm retrieved."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get a single alarm","tags":["Alarms"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/alarms\/export":{"get":{"description":"Export all alarms from evidence","parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"description":"return the exported alarms","content":{"application\/zip":{"schema":{"type":"string","format":"binary"}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Export all alarms from evidence","tags":["Alarms"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/audit-log\/download":{"get":{"x-Feature Lifecycle":"beta","x-Admin Only":"yes","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Audit Logs","description":"Download audit logs as JSON.","tags":["Audit Logs"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"user_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Only return entries for this user_id"},{"name":"start_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"start timestamp (s)"},{"name":"end_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"end timestamp (s)"},{"name":"username_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only returns usernames matching this (SQL-like syntax) pattern"},{"name":"route_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return routes matching this (SQL-like syntax) pattern"},{"name":"event_filter","in":"query","required":false,"schema":{"type":"string"},"description":"The audit log event type"},{"name":"resource_category_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return resource category matching this (SQL-like syntax) pattern"},{"name":"platform_version_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return platform version matching this (SQL-like syntax) pattern"},{"name":"page","in":"query","required":false,"schema":{"type":"integer"},"description":"Page number"},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer"},"description":"Number of entries per page"},{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Investigation id of investigation"},{"name":"rbac_role_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return entries for this rbac role"}],"responses":{"200":{"description":"Successfully downloaded a copy of the audit logs","content":{"application\/zip":{"schema":{"type":"string","format":"binary","required":["data","status"],"properties":{"data":{"type":"string","format":"binary","description":"The audit logs in JSON format"},"status":{"default":"success","enum":["success"],"description":"success"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/audit-log":{"get":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Audit Logs","description":"Query audit data.","tags":["Audit Logs"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"user_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Only return entries for this user_id"},{"name":"start_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"start timestamp (s)"},{"name":"end_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"end timestamp (s)"},{"name":"username_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only returns usernames matching this (SQL-like syntax) pattern"},{"name":"route_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return routes matching this (SQL-like syntax) pattern"},{"name":"event_filter","in":"query","required":false,"schema":{"type":"string"},"description":"The audit log event type"},{"name":"resource_category_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return resource category matching this (SQL-like syntax) pattern"},{"name":"platform_version_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return platform version matching this (SQL-like syntax) pattern"},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"Page number"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"Number of entries per page"},{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Investigation id of investigation"},{"name":"rbac_role_filter","in":"query","required":false,"schema":{"type":"string"},"description":"Only return entries for this API key role"}],"responses":{"200":{"description":"Returns the audit logs","content":{"application\/json":{"schema":{"type":"object","required":["data","status","pagination"],"properties":{"status":{"type":"string","enum":["success"],"description":"success","default":"success"},"pagination":{"type":"object","properties":{"current_page":{"description":"The current page number","type":"integer"},"total_pages":{"description":"The total number of pages","type":"integer"},"total_records":{"description":"The total number of records","type":"integer"},"per_page":{"description":"The number of records per page","type":"integer"},"type":{"default":"page","description":"The type of the pagination","enum":["page"],"type":"string"}},"required":["total_records","current_page","total_pages","type"]},"data":{"type":"array","items":{"type":"object","required":["id","username","user_id","timestamp","duration","event_type","resource_category","description","response","source","verb","route","request_body","url_args","files","platform_version","project_id","project_name"],"properties":{"project_name":{"type":"string","nullable":true},"project_id":{"type":"integer","nullable":true},"id":{"type":"integer"},"username":{"type":"string","nullable":true},"user_id":{"type":"integer","nullable":true},"timestamp":{"type":"number"},"duration":{"type":"integer","nullable":true},"event_type":{"type":"string"},"resource_category":{"type":"string"},"description":{"type":"string"},"response":{"type":"string"},"source":{"type":"string"},"verb":{"type":"string"},"route":{"type":"string"},"request_body":{"type":"object","nullable":true},"url_args":{"type":"object","nullable":true},"view_args":{"type":"object","nullable":true},"files":{"type":"array","nullable":true,"items":{"type":"object","properties":{"filename":{"type":"string"},"content_type":{"type":"string"},"content_length":{"type":"integer","nullable":true}}}},"platform_version":{"type":"string"},"rbac_role":{"type":"string","nullable":true}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/auth":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Generate access tokens","description":"Generates Fresh-Access-Token using username and password and a Refresh-Token for later use.","tags":["Authentication"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"username":{"type":"string","description":"Name for user"},"password":{"type":"string","description":"Must be 8 or more characters"},"tenant_id":{"type":"string","description":"An optional tenant_id"}},"required":["username","password"]}}}},"responses":{"200":{"description":"Fresh and Refresh tokens were created","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["token","refresh_token","force_change_password","eula_agreed","user","id"],"properties":{"token":{"type":"string"},"refresh_token":{"type":"string"},"force_change_password":{"type":"boolean"},"eula_agreed":{"type":"boolean"},"id":{"type":"string"},"user":{"type":"object","required":["id","username","login_type","display_name"],"properties":{"id":{"type":"integer"},"created":{"type":"string"},"username":{"type":"string"},"login_type":{"type":"integer"},"display_name":{"type":"string"}}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Renews access tokens","description":"Renews Access-Token using username","tags":["Authentication"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Returns the access_token","content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["access_token"],"properties":{"access_token":{"type":"string","description":"Renewed access token"}}},"status":{"type":"string","enum":["success"],"default":"success","description":"status of request"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"delete":{"summary":"Logout","description":"Logs user out and revokes a Refresh Token to prevent it from generating new access tokens.","security":[{"bearerAuth":[]}],"tags":["Authentication"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","responses":{"200":{"description":"User was logged out","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/auth\/whoami":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Retrieve the identity of the currently signed in user","description":"Information about the current user","tags":["Authentication"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully got user information","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["username","display_name","id","changed_password","eula_agreed","permissions","rbac_role"],"description":"The data object containing the user information","properties":{"username":{"type":"string","description":"The username of the user"},"id":{"type":"integer","description":"The id of the user"},"display_name":{"type":"string","description":"The display name of the user"},"changed_password":{"type":"boolean","description":"Does the user need to change their password"},"eula_agreed":{"type":"boolean","description":"Has the user agreed to the EULA"},"permissions":{"type":"object","description":"The permissions possibly available to the user","properties":{"actions_invoke":{"default":false,"type":"boolean"},"actions_read":{"default":false,"type":"boolean"},"actions_write":{"default":false,"type":"boolean"},"alarms_read":{"default":false,"type":"boolean"},"alarms_write":{"default":false,"type":"boolean"},"api_keys_create":{"default":false,"type":"boolean"},"api_keys_read":{"default":false,"type":"boolean"},"api_keys_revoke":{"default":false,"type":"boolean"},"audit_log_read":{"default":false,"type":"boolean"},"audit_log_history_read":{"default":false,"type":"boolean"},"audit_log_download":{"default":false,"type":"boolean"},"auth_read":{"default":false,"type":"boolean"},"automations_read":{"default":false,"type":"boolean"},"automations_write":{"default":false,"type":"boolean"},"cloud_accounts_admin":{"default":false,"type":"boolean"},"cloud_accounts_read":{"default":false,"type":"boolean"},"cloud_accounts_write":{"default":false,"type":"boolean"},"detection_rules_read":{"default":false,"type":"boolean"},"detection_rules_write":{"default":false,"type":"boolean"},"detections_create_investigation":{"default":false,"type":"boolean"},"detections_export":{"default":false,"type":"boolean"},"detections_read":{"default":false,"type":"boolean"},"download_evidence":{"default":false,"type":"boolean"},"environments_read":{"default":false,"type":"boolean"},"environments_write":{"default":false,"type":"boolean"},"eula_sign":{"default":false,"type":"boolean"},"internal_cado_host_multipart":{"default":false,"type":"boolean"},"groups_admin":{"default":false,"type":"boolean"},"groups_read":{"default":false,"type":"boolean"},"groups_write":{"default":false,"type":"boolean"},"import_data_full":{"default":false,"type":"boolean"},"import_data_triage":{"default":false,"type":"boolean"},"license_read":{"default":false,"type":"boolean"},"license_write":{"default":false,"type":"boolean"},"metrics_read":{"default":false,"type":"boolean"},"notifications_read":{"default":false,"type":"boolean"},"notifications_update":{"default":false,"type":"boolean"},"notifications_write":{"default":false,"type":"boolean"},"pipelines_abort":{"default":false,"type":"boolean"},"pipelines_abort_all":{"default":false,"type":"boolean"},"pipelines_admin":{"default":false,"type":"boolean"},"pipelines_logs":{"default":false,"type":"boolean"},"pipelines_read":{"default":false,"type":"boolean"},"pipelines_rerun":{"default":false,"type":"boolean"},"platform_status_read":{"default":false,"type":"boolean"},"prometheus_export":{"default":false,"type":"boolean"},"projects_admin":{"default":false,"type":"boolean"},"projects_create":{"default":false,"type":"boolean"},"projects_delete":{"default":false,"type":"boolean"},"projects_update":{"default":false,"type":"boolean"},"projects_read":{"default":false,"type":"boolean"},"projects_write":{"default":false,"type":"boolean"},"projects_export":{"default":false,"type":"boolean"},"remote_actions_invoke":{"default":false,"type":"boolean"},"roles_read":{"default":false,"type":"boolean"},"saved_queries_read":{"default":false,"type":"boolean"},"saved_queries_write":{"default":false,"type":"boolean"},"scheduled_scan_read":{"default":false,"type":"boolean"},"scheduled_scan_write":{"default":false,"type":"boolean"},"settings_auth_read":{"default":false,"type":"boolean"},"settings_auth_write":{"default":false,"type":"boolean"},"settings_read":{"default":false,"type":"boolean"},"settings_scripts_read":{"default":false,"type":"boolean"},"settings_scripts_write":{"default":false,"type":"boolean"},"settings_write":{"default":false,"type":"boolean"},"settings_processing_access":{"default":false,"type":"boolean"},"settings_intelligence_access":{"default":false,"type":"boolean"},"settings_advanced_access":{"default":false,"type":"boolean"},"settings_experiments_access":{"default":false,"type":"boolean"},"settings_preservation_access":{"default":false,"type":"boolean"},"settings_archive_investigations_access":{"default":false,"type":"boolean"},"settings_sso_access":{"default":false,"type":"boolean"},"settings_siem_access":{"default":false,"type":"boolean"},"settings_detections_access":{"default":false,"type":"boolean"},"settings_workers_access":{"default":false,"type":"boolean"},"system_logs":{"default":false,"type":"boolean"},"system_read":{"default":false,"type":"boolean"},"system_write":{"default":false,"type":"boolean"},"support_read":{"default":false,"type":"boolean"},"support_write":{"default":false,"type":"boolean"},"users_admin":{"default":false,"type":"boolean"},"users_create":{"default":false,"type":"boolean"},"users_list":{"default":false,"type":"boolean"},"users_read":{"default":false,"type":"boolean"},"users_write":{"default":false,"type":"boolean"},"webhook_read":{"default":false,"type":"boolean"},"webhook_write":{"default":false,"type":"boolean"},"workers_read":{"default":false,"type":"boolean"},"workers_write":{"default":false,"type":"boolean"},"timeline_read":{"default":false,"type":"boolean"},"timeline_basic_read":{"default":false,"type":"boolean"},"timeline_write":{"default":false,"type":"boolean"},"triage_accounts_write":{"default":false,"type":"boolean"},"files_read":{"default":false,"type":"boolean"},"files_directory_read":{"default":false,"type":"boolean"}}},"rbac_role":{"type":"string","description":"The role of the user"}}}}}}}}}}},"\/api\/v3\/import\/cado-host":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Generate a Cado Host deployment script","description":"Generate a Cado Host deployment script with customizable options","tags":["Import using Cado Host"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["project_id","deployment","os","downloadable","command_options"],"properties":{"deployment":{"type":"string","description":"The deployment mode for Cado Host, auto will download and cleanup, manual assumes Cado Host is already on the endpoint.","enum":["auto","manual"],"default":"auto"},"os":{"type":"string","description":"The operating system of the endpoint you are deploying Cado Host to.","enum":["windows","macos","linux","kubernetes"],"default":"linux"},"downloadable":{"type":"boolean","description":"Whether to download the command as a stand-alone script."},"command_options":{"type":"object","description":"A list of customisable command line options to pass to the Cado Host deployment script","required":[],"properties":{"as_super":{"type":"boolean","description":"Add sudo to the command, does not apply to Windows."},"additional_files":{"type":"array","description":"List of additional file paths to acquire","items":{"type":"string"}},"light_mode":{"type":"boolean","description":"Whether to use light mode which collects files less than 10MB"},"max_mode":{"type":"boolean","description":"Whether to use max mode which collects a larger set of files, more likely to fail upload to cloud storage due to size"},"enable_memory":{"type":"boolean","description":"Whether to enable process memory acquisition using Cado varc"},"extended_memory":{"type":"boolean","description":"Whether to enable extended memory acquisition using Cado varc"},"verbose":{"type":"boolean","description":"Whether to enable verbose logging"},"no_clean":{"type":"boolean","description":"Whether to disable cleanup of the Cado Host deployment script"},"filename":{"type":"string","description":"The name of the zip file created by Cado Host"},"pod_name":{"type":"string","description":"The name of the Kubernetes pod to target with the Cado Host deployment script"},"pod_namespace":{"type":"string","description":"The namespace of the Kubernetes pod to target with the Cado Host deployment script"},"target_container":{"type":"string","description":"The name of the Kubernetes container to target with the Cado Host deployment script"},"drive_letter":{"type":"string","description":"The drive letter to use for the Cado Host deployment script on Windows"},"custom_container":{"type":"string","description":"The custom container image to optionally use for the debug acquisition container"},"is_non_root":{"type":"boolean","description":"Use a non-root user to acquire data from Kubernetes"},"skip_scan":{"type":"boolean","description":"Skip scanning for extra files using signatures."},"groups":{"type":"array","description":"An array of supported Cado Host capture groups. The supported groups will depend on the operating system of the command being generated.","example":["program_execution","processes"],"items":{"type":"string"}},"skip_ssl_verification":{"type":"boolean","description":"Whether to skip SSL verification for the Cado Host deployment script"}}},"project_id":{"type":"integer","description":"The ID of the project to import related evidences into."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Generated Cado Host deployment script","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["command"],"properties":{"project_id":{"type":"integer","description":"The ID of the project used to create the Cado Host deployment command"},"command":{"type":"string","description":"The generated Cado Host deployment command"},"presigned_data":{"type":"string","description":"Encoded presigned Cloud Storage data for the generated Cado Host deployment command"},"cloud_storage_info":{"type":"object","required":["path"],"description":"Information about the Cloud Storage settings used to create the presigned data","properties":{"bucket":{"type":"string","description":"The name of the Cloud Storage bucket (AWS S3 or GCP Storage)"},"storage_account":{"type":"string","description":"The name of the storage account (Azure Storage)"},"container":{"type":"string","description":"The name of the storage container (Azure Storage)"},"path":{"type":"string","description":"The path to the file in the Cloud Storage bucket or container"}}}}}}}}}}}},"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Get a Cado Host download link","description":"Get a Cado Host download link for the specified operating system","tags":["Import using Cado Host"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"os","in":"query","required":true,"description":"The operating system of the endpoint","schema":{"type":"string","enum":["windows","macos","linux","kubernetes"]}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Generated Cado Host deployment script","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["link"],"properties":{"link":{"type":"string","description":"The Cado Host download link"}}}}}}}}}}},"\/api\/v3\/import\/cloudgrep":{"get":{"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","summary":"List objects in an aws bucket that match a set of filters","description":"List objects in an aws bucket that match a set of filters","security":[{"bearerAuth":[]}],"tags":["Cloudgrep"],"parameters":[{"name":"bucket_name","in":"query","required":true,"description":"The bucket to search in","schema":{"type":"string"}},{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The account to use to perform the Search"},{"name":"investigation_id","in":"query","required":true,"description":"The investigation id to import into","schema":{"type":"integer"}},{"name":"filename","in":"query","required":false,"description":"Filenames to match against","schema":{"type":"string"}},{"name":"modified_before","description":"The UNIX timestamp before which files were modified","in":"query","required":false,"schema":{"type":"integer"}},{"name":"modified_after","description":"The UNIX timestamp after which files were modified","in":"query","required":false,"schema":{"type":"integer"}},{"name":"prefixes","in":"query","required":false,"description":"The prefixes to search under. If not provided, the search will be performed at the root level","schema":{"type":"array","items":{"type":"string"}}}],"responses":{"200":{"description":"The search results","content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"required":["total_files","total_file_size"],"type":"object","properties":{"total_files":{"type":"integer","description":"The total number of files found"},"total_file_size":{"type":"integer","description":"The total size of all files found in bytes"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","summary":"Search for files in an aws bucket that match a set of filters using a query","description":"Search for files in an aws bucket that match a set of filters using a query","security":[{"bearerAuth":[]}],"tags":["Cloudgrep"],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["bucket_name","account_name","query","investigation_id"],"properties":{"bucket_name":{"type":"string","description":"The bucket to search in"},"account_name":{"type":"string","description":"The account to use to perform the search"},"investigation_id":{"description":"The investigation id to import into","type":"integer"},"query":{"type":"array","description":"The query to search for in the files","items":{"type":"string"}},"filename":{"type":"string","description":"Filenames to match against"},"modified_before":{"type":"integer","description":"The UNIX timestamp before which files were modified"},"modified_after":{"type":"integer","description":"The UNIX timestamp after which files were modified"},"prefixes":{"type":"array","description":"The prefixes to search under. If not provided, the search will be performed at the root level","items":{"type":"string"}}}}}}},"responses":{"200":{"description":"The search results","content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["search_results"],"properties":{"search_results":{"type":"array","items":{"type":"object","required":["filename","total_matches","matched_lines"],"properties":{"filename":{"type":"string","description":"The name of the file"},"total_matches":{"type":"integer","description":"The total number of matches found in the file"},"matched_lines":{"type":"array","items":{"type":"string"}}}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/detections\/rules":{"post":{"summary":"Create a new Detection Rule","description":"Create a Detection Rule which can detect matched events and respond depending on the rule configuration.","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Detections"],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","description","alert_type"],"properties":{"name":{"type":"string","description":"The name of the Detection Rule being created."},"description":{"type":"string","description":"A brief description of the Detection Rule being created."},"alert_type":{"type":"string","description":"The alert type for the Detection Rule to match against.","default":"GuardDuty","enum":["GuardDuty","Defender","CrowdStrike","Wiz"]},"severity":{"type":"array","description":"The severities to match against.","items":{"type":"string","default":"medium","enum":["critical","high","medium","low"]}},"asset_type":{"type":"string","description":"The asset to match against GuardDuty Rules.","enum":["ec2"]},"accounts":{"type":"array","description":"An updated list of account names to be associated with the Detection Rule.","items":{"type":"string"}},"threat_purposes":{"type":"array","description":"A list of threat purposes to match against GuardDuty Rules.","items":{"type":"string","default":"UnauthorizedAccess","enum":["Backdoor","Behavior","CredentialAccess","Cryptocurrency","DefenseEvasion","Discovery","Execution","Exfiltration","Impact","InitialAccess","Pentest","Persistence","Policy","PrivilegeEscalation","Recon","Stealth","Trojan","UnauthorizedAccess"]}},"attack_techniques":{"type":"array","description":"A list of attack techniques to match Defender alerts against.","items":{"type":"string"}},"tag_key":{"type":"string","description":"The tag key used to search for resources created by Wiz."},"tag_value":{"type":"string","description":"The tag value used to search for resources created by Wiz."},"trigger_ebs_snapshot":{"type":"boolean","description":"Whether or not to acquire the full disk via EBS snapshot, only available for GuardDuty"},"ignore_sample_findings":{"type":"boolean","description":"Whether or not to ignore sample findings for the detection rule. If false, acquisition will fail as sample alerts do not reference real AWS resources."}}}}}},"responses":{"200":{"description":"The resource ID of the Detection Rule created.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned containing the resource ID of the Detection Rule created.","schema":null,"required":["detection_rule_id"],"properties":{"detection_rule_id":{"type":"integer","description":"The resource ID of the Detection Rule created."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"get":{"summary":"Get all detection rules","description":"Retrieve all detection rules available to a user","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Detections"],"parameters":[{"name":"name","in":"query","required":false,"schema":{"type":"string"}},{"name":"asset_type","in":"query","required":false,"schema":{"type":"string","enum":["ec2"]}},{"name":"account_name","in":"query","required":false,"schema":{"type":"string"}},{"name":"alert_type","in":"query","required":false,"schema":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz"]}},{"name":"enabled","in":"query","required":false,"schema":{"type":"boolean"}},{"name":"id","in":"query","required":false,"schema":{"type":"integer"}},{"name":"severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}}},{"name":"attack_techniques","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","maxLength":10}}},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection rule results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":50},"description":"How many detection rule results per page."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["id","name","description","alert_type","enabled","created","last_modified","accounts"],"properties":{"id":{"type":"integer","description":"unique id of a Detection Rule"},"name":{"type":"string","description":"name of the Detection Rule"},"description":{"type":"string","description":"description of the Detection Rule"},"last_modified":{"type":"number","description":"date of last modification of the Detection Rule"},"created":{"type":"number","description":"date the Detection Rule was created"},"alert_type":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz"],"description":"type of alert that will help determine the response","example":"GuardDuty"},"severity":{"type":"array","items":{"type":"string","enum":["low","medium","high","critical"]},"example":["medium"],"description":"the level of severity"},"enabled":{"type":"boolean","description":"bool to signify if a Detection Rule is enabled or not"},"asset_type":{"type":"string","enum":["ec2"]},"accounts":{"type":"array","items":{"type":"object","required":["id","account_name","type","account_check_id"],"properties":{"id":{"type":"integer","description":"The unique ID of the account."},"account_name":{"type":"string","description":"The account name"},"type":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"],"description":"The account type"},"public_identifier":{"type":"string","description":"The public identifier for the account."},"account_check_id":{"type":"integer","nullable":true,"description":"The Account Check ID associated with the account (if applicable)."},"account_last_used":{"type":"string","nullable":true,"description":"The last time the account was used, in human readable form."}}}},"threat_purposes":{"type":"array","items":{"type":"string","enum":["Backdoor","Behavior","CredentialAccess","Cryptocurrency","DefenseEvasion","Discovery","Execution","Exfiltration","Impact","InitialAccess","Pentest","Persistence","Policy","PrivilegeEscalation","Recon","Stealth","Trojan","UnauthorizedAccess"]}},"attack_techniques":{"type":"array","description":"A list of attack techniques to match Defender alerts against.","items":{"type":"string"}},"tag_key":{"type":"string","description":"The tag key used to search for resources created by Wiz."},"tag_value":{"type":"string","description":"The tag value used to search for resources created by Wiz."},"trigger_ebs_snapshot":{"type":"boolean","description":"Whether or not to acquire the full disk via EBS snapshot, only available for GuardDuty"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of detection group items"},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/detections\/rules\/info":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Get a list of detection rule types","description":"Returns a list of detection rule types.","security":[{"bearerAuth":[]}],"tags":["Detections"],"parameters":[{"name":"alert_type","in":"query","required":true,"schema":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz"]},"description":"Filter by alert type."}],"responses":{"200":{"description":"Detection rule types","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"default":"success","description":"The status of the response. In this context, the value will be \"success\".","enum":["success"],"type":"string"},"data":{"type":"object","properties":{"severity_options":{"type":"array","description":"available severity options for detection rules","items":{"type":"string","enum":["high","medium","critical","low"]}},"threat_purposes":{"type":"array","description":"available threat purposes for GuardDuty detection rules","items":{"type":"string","enum":["Backdoor","Behavior","CredentialAccess","Cryptocurrency","DefenseEvasion","Discovery","Execution","Exfiltration","Impact","InitialAccess","Pentest","Persistence","Policy","PrivilegeEscalation","Recon","Stealth","Trojan","UnauthorizedAccess"]}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/detections\/rules\/{detection_rule_id}":{"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Delete a Detection Rule","description":"Delete a Detection Rule corresponding to the provided Detection Rule ID.","tags":["Detections"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"detection_rule_id","in":"path","required":true,"description":"ID of the Detection Rule to delete.","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted Detection Rule.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Update a Detection Rule","description":"Update a Detection Rule.","tags":["Detections"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"detection_rule_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the Detection Rule to be modified."}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"The updated name of the Detection Rule."},"description":{"type":"string","description":"The updated description of the Detection Rule."},"enabled":{"type":"boolean","description":"bool to signify if a Detection Rule is enabled or not"},"severity":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]},"description":"An updated list of severities to match against."},"threat_purposes":{"type":"array","description":"An updated list of threat purposes to match against GuardDuty Rules.","items":{"type":"string","default":"UnauthorizedAccess","enum":["Backdoor","Behavior","CredentialAccess","Cryptocurrency","DefenseEvasion","Discovery","Execution","Exfiltration","Impact","InitialAccess","Pentest","Persistence","Policy","PrivilegeEscalation","Recon","Stealth","Trojan","UnauthorizedAccess"]}},"asset_type":{"type":"string","description":"The updated asset to match against GuardDuty Rules.","enum":["ec2"]},"accounts":{"type":"array","description":"An updated list of account names to be associated with the Detection Rule.","items":{"type":"string"}},"attack_techniques":{"type":"array","description":"An updated list of attack techniques to match Defender alerts against.","items":{"type":"string"}},"tag_key":{"type":"string","description":"The updated tag key used to search for resources created by Wiz."},"tag_value":{"type":"string","description":"The updated tag value used to search for resources created by Wiz."},"trigger_ebs_snapshot":{"type":"boolean","description":"Whether or not to acquire the full disk via EBS snapshot, only available for GuardDuty"},"ignore_sample_findings":{"type":"boolean","description":"Whether or not to ignore sample findings for the detection rule. If false, acquisition will fail as sample alerts do not reference real AWS resources."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Details of the updated Detection Rule.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["id","name","description","alert_type","enabled","created","last_modified"],"properties":{"id":{"type":"integer","description":"Unique ID of the updated Detection Rule."},"name":{"type":"string","description":"Name of the updated Detection Rule."},"description":{"type":"string","description":"Description of the updated Detection Rule."},"last_modified":{"type":"number","description":"Unix Timestamp of last modification of the Detection Rule."},"created":{"type":"number","description":"Unix Timestamp of when the Detection Rule was created."},"alert_type":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz"],"description":"Type of alert that will help determine the response.","example":"GuardDuty"},"severity":{"type":"array","items":{"type":"string","enum":["low","medium","high","critical"]},"example":["medium"],"description":"the level of severity"},"enabled":{"type":"boolean","description":"Boolean to signify if the updated Detection Rule is enabled or not."},"asset_type":{"type":"string","enum":["ec2"]},"accounts":{"type":"array","items":{"type":"object","required":["id","account_name","type","account_check_id"],"properties":{"id":{"type":"integer","description":"The unique ID of the account."},"account_name":{"type":"string","description":"The account name"},"type":{"type":"string","enum":["aws","gcp","azure","crowdstrike","sentinelone","defender","microsoft_saas","google_workspace","darktrace"],"description":"The account type"},"public_identifier":{"type":"string","description":"The public identifier for the account."},"account_check_id":{"type":"integer","nullable":true,"description":"The Account Check ID associated with the account (if applicable)."},"account_last_used":{"type":"string","nullable":true,"description":"The last time the account was used, in human readable form."}}}},"threat_purposes":{"type":"array","items":{"type":"string","enum":["Backdoor","Behavior","CredentialAccess","Cryptocurrency","DefenseEvasion","Discovery","Execution","Exfiltration","Impact","InitialAccess","Pentest","Persistence","Policy","PrivilegeEscalation","Recon","Stealth","Trojan","UnauthorizedAccess"]}},"attack_techniques":{"type":"array","description":"A list of attack techniques to match Defender alerts against.","items":{"type":"string"}},"tag_key":{"type":"string","description":"The tag key used to search for resources created by Wiz."},"tag_value":{"type":"string","description":"The tag value used to search for resources created by Wiz."},"trigger_ebs_snapshot":{"type":"boolean","description":"Whether or not to acquire the full disk via EBS snapshot, only available for GuardDuty"}}}}}}}}}}},"\/api\/v3\/detections":{"get":{"summary":"Get detections","description":"List all detections visible to the current user","parameters":[{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by investigation\/project id."},{"name":"name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by detection name."},{"name":"resource_id","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"Filter by detection resource ids."},{"name":"severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection severity."},{"name":"impact","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection impact."},{"name":"status","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]}},"description":"Filter by project status."},{"name":"source","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz","Darktrace"]}},"description":"Filter by detection source."},{"name":"detection_type","in":"query","required":false,"schema":{"type":"string","default":"alert","enum":["alert","incident","all"]},"description":"Filter by detection type."},{"name":"updated_start_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"Filter by the updated timestamp (s) greater than or equal this time"},{"name":"updated_end_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"Filter by the updated timestamp (s) less this time"},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many detection results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id","created_datetime","-created_datetime","updated_datetime","-updated_datetime","source","-source","resource_id","-resource_id","severity","-severity"],"default":"severity"},"description":"The way in which to order detection results."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["id","name","finding_id","investigation_id","investigation","created_datetime","updated_datetime","severity","source","raw_event","status"],"properties":{"id":{"type":"integer","description":"ID of the detection"},"name":{"type":"string","description":"Name of the detection"},"description":{"type":"string","description":"Description of the detection"},"finding_id":{"type":"string","description":"Unique identifier for the detection finding"},"investigation_id":{"type":"integer","description":"ID of the detection investigation (project)"},"investigation":{"type":"string","description":"Name of the detection investigation (project)"},"created_datetime":{"type":"number","description":"First timestamp of the detection"},"updated_datetime":{"type":"number","description":"Most recent timestamp of the detection"},"severity":{"type":"string","description":"Severity of the detection"},"source":{"type":"string","description":"Source of the detection"},"impact":{"type":"string","description":"Impact of the detection"},"resource_data":{"type":"array","items":{"type":"object","properties":{"resource_id":{"type":"string","description":"Name of the resource for the detection"},"full_resource_id":{"type":"string","description":"Full name of the resource for the detection"}}},"description":"Resource ID list of the detection"},"mitre":{"type":"array","items":{"type":"string","description":"A mitre attack"},"description":"An array of mitre attacks of the detection"},"raw_event":{"type":"string","description":"Raw data associated with the detection"},"primary_artifact":{"type":"string","description":"Primary artifact of the detection"},"incident_id":{"type":"string","description":"ID of the incident associated with the detection"},"detection_url":{"type":"string","description":"URL of the incident event"},"status":{"type":"string","description":"Status of the detection investigation (project)"},"event_id":{"type":"string","description":"Event ID from the timeline"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of detections"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Detections"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/detections\/counts":{"get":{"summary":"Get detection counts based on grouping","description":"List all detection counts visible to the current user","parameters":[{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by investigation\/project id."},{"name":"name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by detection name."},{"name":"resource_id","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by detection resource id."},{"name":"severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection severity."},{"name":"impact","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection impact."},{"name":"status","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]}},"description":"Filter by project status."},{"name":"source","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["GuardDuty","Defender","CrowdStrike","Wiz","Darktrace"]}},"description":"Filter by detection source."},{"name":"detection_type","in":"query","required":false,"schema":{"type":"string","default":"alert","enum":["alert","incident"]},"description":"Filter by detection type."},{"name":"group_by","in":"query","required":true,"schema":{"type":"string","enum":["investigation_id","name","resource_id","severity","impact","source"]},"description":"Which field to group by."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection count results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many detection count results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["grouped_field","-grouped_field","count","-count"],"default":"count"},"description":"The way in which to order detection count results."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["grouped_field_item","count"],"properties":{"grouped_field_item":{"type":"string","description":"Detection field that has been grouped."},"count":{"type":"integer","description":"Number of occurrences of this field."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of detection counts by grouped field items."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Detections"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/detections\/groups":{"get":{"summary":"Get detection groups","description":"List all detection groups visible to the current user","parameters":[{"name":"investigation","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by investigation\/project name."},{"name":"resource_id","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"Filter by detection resource id."},{"name":"name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by detection name."},{"name":"severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection severity."},{"name":"impact","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low"]}},"description":"Filter by detection impact."},{"name":"status","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]}},"description":"Filter by project status."},{"name":"source","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"Filter by detection source."},{"name":"detection_type","in":"query","required":false,"schema":{"type":"string","default":"alert","enum":["alert","incident"]},"description":"Filter by detection type."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":25},"description":"How many detection results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["created_datetime","-created_datetime","updated_datetime","-updated_datetime","source","-source","resource_id","-resource_id","severity","-severity"],"default":"severity"},"description":"The way in which to order detection results."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["investigation_id","investigation","severity","source","impact","status","created_datetime","updated_datetime","detection_count"],"properties":{"investigation_id":{"type":"integer","description":"ID of the investigation (project)"},"investigation":{"type":"string","description":"Name of the investigation (project)"},"severity":{"type":"string","description":"Highest severity of the detection group"},"source":{"type":"array","items":{"type":"string","description":"A detection source"},"description":"An array of sources of the detection group"},"impact":{"type":"string","description":"Highest impact of the detection group"},"status":{"type":"string","description":"Status of the detection group investigation (project)"},"created_datetime":{"type":"number","description":"First timestamp of the detection group"},"updated_datetime":{"type":"number","description":"Most recent timestamp of the detection group"},"detection_count":{"type":"integer","description":"Number of detections in the group"},"detection_name":{"type":"string","description":"Name of the single detection in the group"},"primary_artifact_count":{"type":"integer","description":"Number of primary artifacts in the group"},"incident_id":{"type":"string","description":"ID of the incident associated with the group"},"detection_url":{"type":"string","description":"URL of the incident"},"resource_data":{"type":"array","items":{"type":"object","properties":{"resource_id":{"type":"string","description":"Name of the resource for the detection"},"full_resource_id":{"type":"string","description":"Full name of the resource for the detection"}}},"description":"Name of the resource for the detection group"},"mitre":{"type":"array","items":{"type":"string","description":"A mitre attack"},"description":"An array of mitre attacks of the detection"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of detection groups, grouped by investigation\/project"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Detections"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/detections\/resources":{"get":{"summary":"Get detection resource details","description":"Get all of the details for the detection","parameters":[{"name":"resource_id","in":"query","required":true,"schema":{"type":"array","items":{"type":"string","description":"ID of the resource"}},"description":"Filter by resource id."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id","created_datetime","-created_datetime","updated_datetime","-updated_datetime","source","-source","resource_id","-resource_id","severity","-severity"],"default":"severity"},"description":"The way in which to order detection results."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection results to return."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","properties":{"resource_id":{"type":"string","description":"ID of the resource"},"resource_name":{"type":"string","description":"Name of the resource for the detection group"},"resource_type":{"type":"string","description":"Type of the resource for the detection"},"cloud_account_id":{"type":"string","description":"AWS account id extracted from guard duty"},"os_platform":{"type":"string","description":"Os platform associated with the group resource"},"os_processor":{"type":"string","description":"OS processor associated with the group resource"},"os_version":{"type":"string","description":"OS version associated with the group resource"},"ip_address":{"type":"string","description":"IP address associated with the group resource"},"external_ip_address":{"type":"string","description":"IP address associated with the group resource"},"priority":{"type":"string","description":"Priority data associated with the group resource"},"group":{"type":"string","description":"Group data associated with the group resource"},"risk_score":{"type":"string","description":"Risk score data associated with the group resource"},"exposure_level":{"type":"string","description":"Exposure level data associated with the group resource"},"entra_id_device_id":{"type":"string","description":"Device ID data associated with the group resource"},"device_id":{"type":"string","description":"Device ID of the resource for the detection"},"full_resource_id":{"type":"string","description":"Unique identifier cloud resources"},"tags":{"type":"array","items":{"type":"string","description":"A tag associated with the group resource"},"description":"Tags associated with the group resource"},"resource_updated_datetime":{"type":"number","description":"Timestamp of the most recent evidence\/resource acqusition time"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"Details for the detection resource"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Detections"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/detections\/artifacts":{"get":{"summary":"Get detection artifacts","description":"List all detection artifacts visible to the current user","parameters":[{"name":"investigation_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by investigation\/project id."},{"name":"detection_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by detection id."},{"name":"artifact_type","in":"query","required":true,"schema":{"type":"string","enum":["file","hash","process","user","ip_local","ip_remote","domain"]},"description":"Filter by detection artifact type."},{"name":"detection_type","in":"query","required":false,"schema":{"type":"string","default":"alert","enum":["alert","incident"]}},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of detection results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":50},"description":"How many detection results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id","value","-value"],"default":"id"},"description":"The way in which to order detection artifact results."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["id","type","value"],"properties":{"id":{"type":"integer","description":"ID of the detection artifact"},"type":{"type":"string","description":"Type of the detection artifact"},"value":{"type":"string","description":"Value of the detection artifact"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of detection artifacts"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Detections"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/detections\/import":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Trigger an automated investigation from a detection","description":"Manually trigger an automated investigation from a detection from a supported detection source.","tags":["Detections"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["detections"],"properties":{"detections":{"type":"array","description":"A list of detections from a supported detection source to investigate.","items":{"type":"object"}},"skip_acquisition":{"type":"boolean","description":"Skip acquisition of the detections","default":false}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Details of the created pipeline and project.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned by the API of the created pipeline and project.","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the pipeline that was created."}}}}}}}}}}},"\/api\/v3\/detections\/export":{"get":{"description":"Export detections in csv file","summary":"Export detections in csv file","tags":["Detections"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"parameters":[{"name":"project_id","in":"query","required":false,"schema":{"type":"integer"},"description":"filter result by project id"},{"name":"from_date","in":"query","required":false,"schema":{"type":"number"},"description":"Only include detections after this timestamp."},{"name":"to_date","in":"query","required":false,"schema":{"type":"number"},"description":"Only include detections before this timestamp."},{"name":"detection_type","in":"query","required":false,"schema":{"type":"string","default":"alert","enum":["alert","incident"]},"description":"Filter by detection type."}],"responses":{"200":{"content":{"text\/csv":{"schema":{"type":"string"}}},"description":"Return csv file to be downloaded"},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/detections\/assets\/{detection_id}":{"get":{"description":"Gets the asset attached to a detection","summary":"Gets the asset attached to a detection","tags":["Detections"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"parameters":[{"name":"detection_id","in":"path","required":true,"description":"the detection id","schema":{"type":"integer"}}],"responses":{"200":{"description":"The asset associated with a detection","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The asset associated with a detection","required":["asset_id","first_seen","last_seen","acquisition_type","acquisitions"],"properties":{"asset_id":{"type":"string","description":"asset id"},"first_seen":{"type":"number","description":"timestamp of first sighting"},"acquisition_type":{"type":"string","description":"type of acquisition performed","enum":["full","triage"]},"last_seen":{"type":"number","description":"timestamp of most recent sighting"},"acquisitions":{"type":"array","description":"the acquisitions performed for an asset","items":{"type":"object","required":["created","acquired","evidence_id"],"properties":{"created":{"type":"number","description":"timestamp of acquisition"},"acquired":{"type":"boolean","description":"if the acquisition was successful"},"reason":{"type":"string","description":"reason for failed acquisition"},"evidence_id":{"type":"integer","description":"the acquisition evidence id"},"pipeline_id":{"type":"integer","description":"the acquisition pipeline id"}}}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/evidences":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"List evidences","description":"List evidences visible to the current user","tags":["Evidence"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"project_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."},{"name":"display_name","description":"Filter by display_name","in":"query","required":false,"schema":{"type":"string"}},{"name":"os","description":"Filter by os","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}}},{"name":"hostname","description":"Filter by hostname","in":"query","required":false,"schema":{"type":"string"}},{"name":"capture_type","description":"Filter by full or a triage capture","in":"query","required":false,"schema":{"type":"string"}},{"name":"account_type","description":"Filter by account_type","in":"query","schema":{"type":"array","items":{"type":"string"}}},{"name":"resource_type","description":"Filter by resource_type","in":"query","schema":{"type":"array","items":{"type":"string"}}},{"name":"is_compromised","description":"Filter is malicious alarms is greater than 0","in":"query","schema":{"type":"boolean"}},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id","display_name","-display_name"],"default":"-id"},"description":"The way in which to order evidences."},{"name":"evidence_type","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"Types of evidence to return."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A list of evidence objects.","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","$ref":"#\/components\/schemas\/evidence_schema"}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}}}}},"\/api\/v3\/evidences\/{evidence_id}":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Update an evidence","description":"Update evidence metadata","tags":["Evidence"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the evidence you want to update."}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","description":"The evidence object to update. Currently only hostname and description can be updated.","properties":{"hostname":{"type":"string","description":"The new hostname of the evidence."},"description":{"type":"string","description":"The new description of the evidence."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated an evidence.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","properties":{"evidence_id":{"type":"integer","description":"The ID of the updated evidence."}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Delete an evidence","description":"Delete all evidence data from elasticsearch","tags":["Evidence"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the evidence you want to delete."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully delete an evidence.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}},"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get a singular evidence","description":"Get an evidence by ID","tags":["Evidence"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the evidence you want to get."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successful evidence retrieved.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","$ref":"#\/components\/schemas\/evidence_schema"}}}}}}}}},"\/api\/v3\/evidences\/process":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Process an evidence","description":"Process an evidence","tags":["Evidence"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["evidence_id"],"properties":{"evidence_id":{"type":"integer","description":"ID of the evidence you want to process."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Successfully triggered a processing pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The ID of the pipeline that was triggered to process the evidence","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the pipeline that was triggered to process the evidence"}}}}}}}}}}},"\/api\/v3\/evidences\/re-export":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Re run the siem export","description":"Re run the siem export","tags":["Evidence"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["evidence_id"],"properties":{"evidence_id":{"type":"integer","description":"ID of the evidence you want to process."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Successfully triggered a re run export","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The ID of the pipeline that was triggered to process the evidence","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the pipeline that was triggered to process the evidence"}}}}}}}}}}},"\/api\/v3\/evidences\/{evidence_id}\/generate-url":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Generate a pre-signed URL for an evidence item download","description":"Generate a pre-signed URL for an evidence item download","tags":["Evidence"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the evidence you want to get."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"pre-signed URL for an evidence item","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["url"],"properties":{"url":{"type":"string"}}}}}}}}}}},"\/api\/v3\/files\/browse":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Filter files","description":"Get a list of files that match the given filters.","tags":["Files"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"path","in":"query","required":false,"schema":{"type":"string"},"description":"file system path"},{"name":"name","in":"query","required":false,"schema":{"type":"string"},"description":"file system name"},{"name":"severity","in":"query","required":false,"schema":{"type":"integer"},"description":"severity of alarms"},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page or results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of files matching the given filters","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","required":["name","path","type","is_deleted"],"properties":{"name":{"type":"string","description":"Name of the file\/folder"},"path":{"type":"string","description":"Full path of the file\/folder"},"type":{"type":"string","enum":["file","folder"],"description":"File or folder"},"last_modified":{"type":"number","description":"Modified timestamp"},"created":{"type":"number","description":"Created timestamp"},"accessed":{"type":"number","description":"Accessed timestamp"},"is_deleted":{"type":"boolean","description":"Whether this file is deleted"},"severity":{"type":"integer","description":"Highest severity alarm in this file if type is file, or in any contained file if directory"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}}}}},"\/api\/v3\/files\/file":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get information about a file","description":"Get information about a single file by a given path.","tags":["Files"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"path","in":"query","required":true,"schema":{"type":"string"},"description":"file system path"}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Retrieved file information","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["downloadable","sha256","indicators"],"properties":{"downloadable":{"type":"boolean","description":"Whether this files is available to download"},"last_modified":{"type":"number","description":"Modified timestamp"},"created":{"type":"number","description":"Created timestamp"},"accessed":{"type":"number","description":"Accessed timestamp"},"is_deleted":{"type":"boolean","description":"Whether this file is deleted"},"sha256":{"type":"string","description":"The sha256 of the file"},"strings":{"type":"string","description":"The strings extracted from file"},"file_size":{"type":"integer","description":"The size of the file in bytes"},"indicators":{"type":"array","items":{"type":"object","required":["source","severity","description"],"properties":{"source":{"type":"string","enum":["alarm","strings"],"description":"Where this indicator came from"},"severity":{"type":"integer"},"description":{"type":"string","description":"A description of what this indicator represents"},"match":{"type":"string","description":"The exact text matched by this indicator"}}}},"table":{"type":"object","description":"Tabular representation the file content","required":["columns","rows"],"properties":{"columns":{"type":"array","items":{"type":"string"}},"rows":{"type":"array","items":{"required":["data","children"],"properties":{"data":{"type":"array","items":{"type":"string"}},"children":{"type":"array","items":{"type":"object"}}}}}}},"virustotal":{"type":"array","description":"VirusTotal results","items":{"type":"object","required":["scan","result"],"properties":{"scan":{"type":"string"},"result":{"type":"string"}}}},"ai_description":{"type":"string","description":"Cado AI description of file content (beta)"},"binary_capabilities":{"type":"string","description":"CAPA binary file analysis"}}}}}}}}}}},"\/api\/v3\/files\/file\/download":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Download a file","description":"Download full file content.","tags":["Files"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"path","in":"query","required":true,"schema":{"type":"string"},"description":"file system path"},{"name":"encryption_password","in":"query","required":false,"schema":{"type":"string"},"description":"password to create encrypted zip of file"}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Full file content","content":{"application\/zip":{"schema":{"type":"string","format":"binary"}}}}}}},"\/api\/v3\/files\/directory":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get information about a directory","description":"Get information about a directory. This will return a list of files and directories in the specified directory.","tags":["Files"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"path","in":"query","required":true,"schema":{"type":"string"},"description":"file system path"},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page or results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Retrieved directory listing","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","required":["name","path","type","is_deleted"],"properties":{"name":{"type":"string","description":"Name of the file\/folder"},"path":{"type":"string","description":"Full path of the file\/folder"},"type":{"type":"string","enum":["file","folder"],"description":"File or folder"},"last_modified":{"type":"number","description":"Modified timestamp"},"created":{"type":"number","description":"Created timestamp"},"accessed":{"type":"number","description":"Accessed timestamp"},"is_deleted":{"type":"boolean","description":"Whether this file is deleted"},"severity":{"type":"integer","description":"Highest severity alarm in this file if type is file, or in any contained file if directory"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}}}}},"\/api\/v3\/files\/export":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Export the list of files\/directories","description":"Returns a list of the files\/directories of the path specified","tags":["Files"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"evidence_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"path","in":"query","required":true,"schema":{"type":"string"},"description":"file system path"}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Returns csv file of the list of files\/directories","content":{"text\/csv":{"schema":{"type":"string"}}}}}}},"\/api\/v3\/import\/gcp\/resource-manager\/projects":{"get":{"summary":"Browse a list of GCP Projects","description":"Browse a list of GCP Projects that you have access to.","parameters":[{"name":"account_name","in":"query","required":false,"schema":{"type":"string"},"description":"The account for your GCP credentials."},{"name":"gcp_project_name","in":"query","required":false,"schema":{"type":"string"},"description":"The name of the GCP Project."},{"name":"gcp_project_id","in":"query","required":false,"schema":{"type":"string"},"description":"The ID of the GCP Project."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GCP Project","required":["gcp_project_id","gcp_project_name"],"properties":{"gcp_project_id":{"type":"string","description":"The ID of the GCP Project"},"gcp_project_name":{"type":"string","description":"The display name of the GCP Project"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from GCP"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/groups":{"get":{"summary":"Get a list of groups","description":"Get a list of groups added to the Cado platform.","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Groups"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by group name."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully retrieved a list of groups.","content":{"application\/json":{"schema":{"type":"objects","required":["status","data","pagination"],"properties":{"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"description":"A list of groups.","type":"array","items":{"type":"object","required":["id","name","user_count","account_count"],"properties":{"id":{"type":"integer","description":"The ID of the group."},"name":{"type":"string","description":"The name of the group"},"sso_group_name":{"type":"string","description":"The name of the group that manages these users in the SSO system."},"user_count":{"type":"integer","description":"The number of users assigned to the group."},"account_count":{"type":"integer","description":"The number of accounts assigned to the group."},"include_future_accounts":{"type":"boolean","description":"Does the group have permission to include future accounts"}}}}}}}}}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Create new group","description":"Create a new RBAC group in the platform.","tags":["Groups"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","users","accounts"],"properties":{"name":{"type":"string","description":"The name of the group."},"sso_group_name":{"type":"string","description":"The name of the group in the SSO system."},"users":{"type":"array","description":"A list of usernames to be added to the group.","items":{"type":"string"}},"accounts":{"type":"array","description":"A list of accounts to be added to the group.","items":{"type":"string"}},"add_all_current_accounts":{"type":"boolean","description":"Set to true to automatically assign all current accounts to this group."},"include_future_accounts":{"type":"boolean","description":"Set to true to automatically assign all future accounts to this group."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Returns group object","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Returns the user object","required":["id","name"],"properties":{"id":{"type":"integer"},"name":{"type":"string"}}}}}}}}}}},"\/api\/v3\/groups\/{id}":{"delete":{"description":"Delete a group","security":[{"bearerAuth":[]}],"summary":"Delete a group","tags":["Groups"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta","parameters":[{"description":"Group id","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status"],"type":"object"}}},"description":""}}},"patch":{"description":"Update group details","security":[{"bearerAuth":[]}],"summary":"Update group details","tags":["Groups"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta","parameters":[{"description":"Group id","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":[],"properties":{"name":{"type":"string","description":"The name of the group."},"sso_group_name":{"type":"string","description":"The name of the associated group in the SSO system."},"users":{"type":"array","description":"A list of usernames to be added to the group.","items":{"type":"string"}},"accounts":{"type":"array","description":"A list of accounts to be added to the group.","items":{"type":"string"}},"add_all_current_accounts":{"type":"boolean","description":"Set to true to automatically assign all current accounts to this group."},"include_future_accounts":{"type":"boolean","description":"Set to true to automatically assign all future accounts to this group."}}}}},"required":true},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Group details","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","required":[],"properties":{"name":{"type":"string","description":"The name of the group."},"sso_group_name":{"type":"string","description":"The name of the associated group in the SSO system."}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}}},"\/api\/v3\/import\/azure\/disk":{"get":{"summary":"Browse a list of Azure Disks under a specific Subscription","description":"Browse a list of Azure Disks under a specific Subscription. Not all disks may be managed by a Virtual Machine.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use to browse Azure Disks."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The Azure Subscription which contains the disks."},{"name":"disk_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter disks by the disk name."},{"name":"resource_group","in":"query","required":false,"schema":{"type":"string"},"description":"Filter disks by Resource Group."},{"name":"managed_by","in":"query","required":false,"schema":{"type":"string"},"description":"Filter disks by the managed Virtual Machine."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of Azure Disks","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An Azure Disk","required":["disk_name","resource_group","location","disk_size"],"properties":{"disk_name":{"type":"string","description":"The name of the disk."},"resource_group":{"type":"string","description":"The Resource Group the disk resides within."},"location":{"type":"string","description":"The location of the disk."},"disk_size":{"type":"integer","description":"The size of the disk in GB."},"managed_by":{"type":"string","description":"The Virtual Machine which manages this disk (if applicable)."},"os":{"type":"string","enum":["Windows","Linux"],"description":"The operating system of the disk."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"summary":"Start an import of an Azure Disk within a specific Resource Group and Subscription","description":"Start an import of an Azure Disk within a specific Resource Group and Subscription. A processing pipeline will be returned that details the status of the processing.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","investigation_id","disk_name","subscription_id","resource_group","acquire_with_host"],"properties":{"account_name":{"type":"string","description":"The alias of the credentials to use."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the instance into."},"disk_name":{"type":"string","description":"The name of the disk to acquire."},"subscription_id":{"type":"string","description":"The ID of the subscription the disk exists within."},"resource_group":{"type":"string","description":"The Resource Group the disk exists within."},"acquisition_resource_group":{"type":"string","description":"The resource group you wish to snapshot the disk into. Useful for a scoped-down permissions model."},"acquire_with_host":{"type":"boolean","description":"Whether to acquire the disk using Cado Host. Only supported with disks managed by Virtual Machines."},"fast_scan":{"type":"boolean","description":"Whether to perform a scan only import pipeline."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"An array of pipeline triggering statuses are returned indicating if the pipeline was successfully kicked off or otherwise.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the pipeline created."}}}}}}}}}}},"\/api\/v3\/import\/azure\/virtual-machine":{"get":{"summary":"Browse a list of Azure Virtual Machines under a specific Subscription","description":"Browse a list of Azure Virtual Machines under a specific Subscription","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use to browse Azure Virtual Machines."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The Azure Subscription which contains the Virtual Machines."},{"name":"vm_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter Virtual Machines by name."},{"name":"tags","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"An array of key\/value pairs, seperated by a ':' character, can be provided multiple times for different tags"},{"name":"resource_group","in":"query","required":true,"schema":{"type":"string"},"description":"The Azure Resource Group which contains the Virtual Machines."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of Azure Virtual Machines","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An Azure Virtual Machines","required":["name","location","disks","tags"],"properties":{"name":{"type":"string","description":"The name of the Virtual Machine."},"location":{"type":"string","description":"The location of the Virtual Machine."},"tags":{"type":"array","items":{"type":"object","description":"A key value pair","required":["key","value"],"properties":{"key":{"type":"string","description":"The name of the tag"},"value":{"type":"string","description":"The value of the tag"}}}},"disks":{"type":"array","items":{"type":"object","description":"A list of Azure Disks","required":["name","disk_size"],"properties":{"name":{"type":"string","description":"The name of the disk"},"disk_size":{"type":"integer","description":"The size of the disk in GB."}}}},"operating_system":{"type":"string","enum":["windows","linux"],"description":"The operating system of the disk."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"summary":"Start an import of an Azure Virtual Machine within a specific Resource Group and Subscription","description":"Start an import of an Azure Virtual Machine within a specific Resource Group and Subscription. An array of processing pipeline IDs will be returned that details the status of the processing.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","investigation_id","vm_name","subscription_id","resource_group","acquire_with_host"],"properties":{"account_name":{"type":"string","description":"The alias of the credentials to use."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the instance into."},"vm_name":{"type":"string","description":"The name of the Virtual Machine to acquire."},"subscription_id":{"type":"string","description":"The ID of the subscription the Virtual Machine exists within."},"resource_group":{"type":"string","description":"The Resource Group the Virtual Machine exists within."},"acquisition_resource_group":{"type":"string","description":"The resource group you wish to snapshot the Virtual Machine into. Useful for a scoped-down permissions model."},"acquire_with_host":{"type":"boolean","description":"Whether to acquire the Virtual Machine using Cado Host."},"host_options":{"$ref":"#\/components\/schemas\/host_options"},"scan":{"type":"boolean","description":"Whether to perform a scan only import."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"An array of pipeline IDs are returned corresponding to the acquisition of multiple resources.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_ids"],"properties":{"pipeline_ids":{"type":"array","items":{"type":"object","required":["id"],"properties":{"id":{"type":"integer"}}}}}}}}}}}}}},"\/api\/v3\/import\/ctf":{"post":{"summary":"Import aws_compromise to the server and start processing it as new evidence","description":"Import aws_compromise to the server and start processing it as new evidence","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"tags":["Import CTF"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["project_id"],"properties":{"project_id":{"type":"integer","description":"The ID of the Cado project that you want to import the data into."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer"}}}}}}}}}}},"\/api\/v3\/import\/azure\/aks":{"post":{"summary":"Start an import of an AKS resource within a Azure Subscription and Resource Group","description":"Start an import of an AKS resource within a Azure Subscription and Resource Group. A processing pipeline will be returned that details the status of the processing","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","subscription_id","resource_group","cluster_name","pod_name","pod_namespace","container_name","resource_group","investigation_id","host_options"],"properties":{"account_name":{"type":"string","description":"The Account added to the Cado Platform to use."},"subscription_id":{"type":"string","description":"The ID of the Azure Subscription the chosen cluster resides within."},"resource_group":{"type":"string","description":"The resource group the cluster resides in."},"cluster_name":{"type":"string","description":"The name of the AKS cluster."},"pod_name":{"type":"string","description":"The chosen pod within the cluster."},"pod_namespace":{"type":"string","description":"The namespace of the chosen pod."},"container_name":{"type":"string","description":"The name of the chosen container."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the AKS resource into."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}}}}},"\/api\/v3\/import\/azure\/aks\/clusters":{"get":{"summary":"Browse a list of Azure Kubernetes Service clusters","description":"Browse a list of Azure Kubernetes Service clusters within a specific Azure Subscription.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing clusters."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The ID of the subscription which contains clusters."},{"name":"resource_group","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the resource group which contains clusters."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of AKS clusters","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An AKS cluster","required":["cluster_name"],"properties":{"cluster_name":{"type":"string","description":"The name of the AKS cluster."},"is_private":{"type":"boolean","description":"Whether the AKS cluster is private."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/azure\/aks\/pods":{"get":{"summary":"Browse a list of Azure Kubernetes Service pods","description":"Browse a list of Azure Kubernetes Service pods within a cluster within a specific Azure Subscription and Resource Group.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing pods within a cluster."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The ID of the subscription which contains clusters."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The AKS cluster that contains pods."},{"name":"resource_group","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the resource group which contains the chosen cluster."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of AKS pods.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An AKS pod.","required":["pod_name","pod_namespace"],"properties":{"pod_name":{"type":"string","description":"The name of the AKS pod."},"pod_namespace":{"type":"string","description":"The namespace of the AKS pod."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/azure\/aks\/containers":{"get":{"summary":"Browse a list of Azure Kubernetes Service containers","description":"Browse a list of Azure Kubernetes Service containers within a specific pod and namespace within a cluster.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from Azure"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing containers within a pod within a cluster."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The ID of the subscription which contains the chosen cluster and pod."},{"name":"resource_group","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the resource group which contains the chosen cluster."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The AKS cluster that contains the chosen pod."},{"name":"pod_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the chosen pod."},{"name":"pod_namespace","in":"query","required":true,"schema":{"type":"string"},"description":"The namespace of the chosen pod."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of containers within a specified pod.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An AKS container.","required":["container_name","container_image"],"properties":{"container_name":{"type":"string","description":"The name of the container."},"container_image":{"type":"string","description":"The image used by the container."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/azure\/management\/subscriptions":{"get":{"summary":"Browse a list of Azure subscriptions","description":"Browse a list of Azure subscriptions in a single Azure account.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure account containing subscription resources."},{"name":"subscription_name","in":"query","required":false,"schema":{"type":"string"},"description":"The name to filter the Azure subscription by."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An Azure subscription","required":["name","id"],"properties":{"name":{"type":"string","description":"The name of the Azure subscription."},"id":{"type":"string","description":"The GUID of the Azure subscription."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from Azure"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/azure\/management\/resource-groups":{"get":{"summary":"Browse a list of Azure Resource Groups","description":"Browse a list of Azure Resource Groups in a single Azure subscription.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure account containing resources."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GUID of the subscription containing resources."},{"name":"resource_group_name","in":"query","required":false,"schema":{"type":"string"},"description":"The name to filter the Azure Resource Group by."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An Azure Resource Group","required":["name"],"properties":{"name":{"type":"string","description":"The name of the Azure Resource Group."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from Azure"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/azure\/storage\/accounts":{"get":{"summary":"Browse a list of Azure Storage Accounts","description":"Browse a list of Azure Storage Accounts in a single Azure account.","parameters":[{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GUID of the subscription containing resources."},{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure account containing subscription resources."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"description":"A list of Azure Storage Account names","type":"array","items":{"type":"string"}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from Azure"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/azure\/storage\/containers":{"get":{"summary":"Browse a list of Azure Storage Containers","description":"Browse a list of Azure Storage Containers in a single Azure subscription.","parameters":[{"name":"storage_account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure Storage Account containing resources."},{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure account containing subscription resources."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GUID of the subscription containing resources."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"description":"A list of Azure Storage Container names","type":"array","items":{"type":"string"}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from Azure"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/azure\/storage\/blobs":{"get":{"summary":"Browse a list of Azure Storage blob objects","description":"Browse a list of Azure Storage blob objects in a single Azure subscription.","parameters":[{"name":"storage_account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure Storage Account containing resources."},{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure account containing subscription resources."},{"name":"container_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the Azure Storage Continaer containing resources."},{"name":"subscription_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GUID of the subscription containing resources."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"description":"A list of Azure Storage blob names","type":"array","items":{"type":"string"}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from Azure"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"},"post":{"summary":"Import an Azure Storage blob object","description":"Start an import of an Azure Storage blob object into the specified project. A processing pipeline will be returned that details the status of the processing.","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"tags":["Import from Azure"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","container_name","subscription_id","blob_name","storage_account_name","investigation_id"],"properties":{"storage_account_name":{"type":"string","description":"The name of the Azure Storage Account containing resources."},"account_name":{"type":"string","description":"The name of the Azure account containing subscription resources."},"container_name":{"type":"string","description":"The name of the Azure Storage Continaer containing resources."},"subscription_id":{"type":"string","description":"The GUID of the subscription containing resources."},"blob_name":{"type":"string","description":"The name of the Azure Storage blob object to import."},"investigation_id":{"type":"integer","description":"The ID of the project to import the blob object into."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_ids"],"properties":{"pipeline_ids":{"type":"array","items":{"type":"object","required":["id"],"properties":{"id":{"type":"integer"}}}}}}}}}}}}}},"\/api\/v3\/import\/aws\/ec2":{"get":{"summary":"Browse a list of EC2 instances","description":"Browse a list of EC2 instances inside a specific AWS region and account.","parameters":[{"name":"cloud_id","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen AWS account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"region","in":"query","required":true,"schema":{"type":"string"},"description":"The AWS region to browse EC2 instances in."},{"name":"instance_id","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"The instance ID of the EC2 instances to browse."},{"name":"instance_name","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"The name of the instances to browse."},{"name":"state","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"The state of the instances pending | running | shutting-down | terminated | stopping | stopped to browse."},{"name":"ip_address","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"The Public IP address of the instances to browse."},{"name":"os","in":"query","required":false,"schema":{"type":"string"}},{"name":"tags","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"An array of key\/value pairs, seperated by a ':' character, can be provided multiple times for different tags"},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An EC2 instance","required":["instance_name","instance_id","state","instance_type","availability_zone","importable","volumes"],"properties":{"instance_name":{"type":"string","description":"The name of the EC2 instance."},"instance_id":{"type":"string","description":"The ID of the EC2 instance."},"state":{"type":"string","description":"The state of the EC2 instance."},"instance_type":{"type":"string","description":"The type of the EC2 instance."},"ip_address":{"type":"string","description":"The Public IP address of the EC2 instance."},"availability_zone":{"type":"string","description":"The availability zone of the EC2 instance."},"importable":{"type":"boolean","description":"A boolean indicating whether the EC2 instance can be imported. You cannot import Cado platform instances or their workers."},"os":{"type":"string","description":"The operating system for the EC2 instance."},"tags":{"description":"An array of tag metadata associated with the EC2 instance.","type":"array","items":{"type":"object","required":["key","value"],"properties":{"key":{"type":"string"},"value":{"type":"string"}}}},"volumes":{"description":"An array of volume information for volumes attached to the EC2 instance.","type":"array","items":{"type":"object","required":["volume_id","size"],"properties":{"volume_id":{"type":"string","description":"The ID of the attached volume."},"size":{"type":"integer","description":"The size of the attached volume in GB"}}}}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from AWS"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"},"post":{"summary":"Start an import of an EC2 instance into a specified project","description":"Start an import of an EC2 into the specified project. A processing pipeline will be returned that details the status of the processing.","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["instance_id","region","project_id"],"properties":{"instance_id":{"type":"string","description":"Unique string for instance. Can be retrieve from the GET method."},"cloud_id":{"type":"string","description":"The AWS credentials alias to perform the import."},"token":{"type":"string","description":"The AWS STS token that can be used for the import."},"region":{"type":"string","description":"AWS region id."},"project_id":{"type":"integer","description":"The ID of the Cado project that you want to import the data into."},"acquire_with_host":{"type":"boolean","description":"Acquire with Cado Host over SSM instead of the EC2 EBS API."},"use_ssm_port_forwarding":{"type":"boolean","description":"Use SSM port forwarding to send Cado Host to the instance."},"convert_image":{"type":"boolean","description":"Enable convert image to encase files."},"skip_processing":{"type":"boolean","description":"Acquire the resource without performing any processing, allowing processing to happen at a later time."},"ssm_port_forwarding_port":{"type":"integer","description":"The port to use for SSM port forwarding to allow Cado Host to connect to the instance."},"fast_scan":{"type":"boolean","description":"Whether to perform a scan only import pipeline."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_ids"],"properties":{"pipeline_ids":{"type":"array","items":{"type":"object","required":["id"],"properties":{"id":{"type":"integer"}}}}}}}}}}}}}},"\/api\/v3\/import\/aws\/ecs":{"post":{"summary":"Start an import of a ECS resource within an AWS account","description":"Start an import of a ECS resource within an AWS account. A processing pipeline will be returned that details the status of the processing","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["cluster_name","task_name","container_name","investigation_id","host_options"],"properties":{"account_name":{"type":"string","description":"The Account added to the Cado Platform to use."},"token":{"type":"string","description":"The AWS STS token that can be used for the import."},"region":{"type":"string","description":"The AWS region the cluster resides in."},"cluster_name":{"type":"string","description":"The name of the ECS cluster."},"task_name":{"type":"string","description":"The name of the ECS cluster."},"container_name":{"type":"string","description":"The name of the chosen container."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the ECS resource into."},"file_name":{"type":"string","description":"The name of the archive to be produced by Cado Host as part of this capture."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}}}}},"\/api\/v3\/import\/aws\/ecs\/clusters":{"get":{"summary":"Browse a list of ECS clusters in a given AWS account and region","description":"Get a list of ECS clusters and any additional pagination information.","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"account_name","in":"query","schema":{"type":"string"},"description":"Alias of the chosen AWS account to browse.  See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"token","in":"query","schema":{"type":"string"},"description":"The AWS STS token that can be used for the import."},{"name":"region","in":"query","required":true,"schema":{"type":"string"},"description":"Region of the chosen AWS account to browse."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of ECS clusters in a given account and region.","content":{"application\/json":{"schema":{"required":["data","status","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["cluster_name"],"properties":{"cluster_name":{"description":"Name of the ECS cluster.","type":"string"}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}}},"\/api\/v3\/import\/aws\/ecs\/tasks":{"get":{"summary":"Browse a list of ECS taks in a given AWS account, region and cluster","description":"Get a list of ECS tasks and any additional pagination information.","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"account_name","in":"query","schema":{"type":"string"},"description":"Alias of the chosen AWS account to browse.  See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"token","in":"query","schema":{"type":"string"},"description":"TODO"},{"name":"region","in":"query","required":true,"schema":{"type":"string"},"description":"Region of the chosen AWS account to browse."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"Cluster of the chosen AWS account to browse."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of ECS containers in a given account, region, cluster and task.","content":{"application\/json":{"schema":{"required":["data","pagination","status"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["task_name","importable"],"properties":{"task_name":{"description":"Name of the ECS task.","type":"string"},"importable":{"description":"Is enableExecuteCommand enabled on the task.","type":"boolean"}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}}},"\/api\/v3\/import\/aws\/ecs\/containers":{"get":{"summary":"Browse a list of ECS containers in a given AWS account, region and cluster","description":"Get a list of ECS containers and any additional pagination information.","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"account_name","in":"query","schema":{"type":"string"},"description":"Alias of the chosen AWS account to browse.  See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"token","in":"query","schema":{"type":"string"},"description":"TODO"},{"name":"region","in":"query","required":true,"schema":{"type":"string"},"description":"Region of the chosen AWS account to browse."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"Cluster of the chosen AWS account to browse"},{"name":"task_name","in":"query","required":true,"schema":{"type":"string"},"description":"Task of the chosen AWS account to browse"}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of ECS containers in a given account, region, cluster and task.","content":{"application\/json":{"schema":{"required":["data","status"],"type":"object","properties":{"data":{"required":["containers"],"type":"object","properties":{"containers":{"type":"array","items":{"type":"object","required":["container_name","is_online"],"properties":{"container_name":{"description":"Name of the ECS container.","type":"string"},"is_online":{"description":"Is the ECS container online.","type":"boolean"}}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}}},"\/api\/v3\/import\/aws\/eks":{"post":{"summary":"Start an import of a EKS resource within an AWS account","description":"Start an import of a EKS resource within an AWS account. A processing pipeline will be returned that details the status of the processing","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","cluster_name","pod_name","pod_namespace","container_name","cluster_region","investigation_id","host_options"],"properties":{"account_name":{"type":"string","description":"The Account added to the Cado Platform to use."},"cluster_name":{"type":"string","description":"The name of the EKS cluster."},"pod_name":{"type":"string","description":"The chosen pod within the cluster."},"pod_namespace":{"type":"string","description":"The namespace of the chosen pod."},"container_name":{"type":"string","description":"The name of the chosen container."},"cluster_region":{"type":"string","description":"The AWS region the cluster resides in."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the EKS resource into."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}}}}},"\/api\/v3\/import\/aws\/eks\/clusters":{"get":{"summary":"Browse a list of Elastic Kubernetes Service clusters","description":"Browse a list of Elastic Kubernetes Service clusters.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from AWS"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing clusters"},{"name":"cluster_region","in":"query","required":true,"schema":{"type":"string"},"description":"The region to search for EKS clusters within."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of EKS clusters","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An EKS cluster","required":["cluster_name","is_private"],"properties":{"cluster_name":{"type":"string","description":"The name of the EKS cluster."},"is_private":{"type":"boolean","description":"Whether the EKS cluster is private."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/aws\/eks\/pods":{"get":{"summary":"Browse a list of Elastic Kubernetes Service pods","description":"Browse a list of Elastic Kubernetes Service pods within a given cluster.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from AWS"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing pods within a cluster."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The EKS cluster that contains pods."},{"name":"cluster_region","in":"query","required":true,"schema":{"type":"string"},"description":"The region of the EKS cluster that contains pods."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of EKS pods.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An EKS pod.","required":["pod_name","pod_namespace"],"properties":{"pod_name":{"type":"string","description":"The name of the EKS pod."},"pod_namespace":{"type":"string","description":"The namespace of the EKS pod."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/aws\/eks\/containers":{"get":{"summary":"Browse a list of Elastic Kubernetes Service containers","description":"Browse a list of Elastic Kubernetes Service containers within a specific pod and namespace within a cluster.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from AWS"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing containers within a pod within a cluster."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The EKS cluster that contains the chosen pod."},{"name":"cluster_region","in":"query","required":true,"schema":{"type":"string"},"description":"The AWS region of the EKS cluster that contains your chosen pod."},{"name":"pod_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the chosen pod."},{"name":"pod_namespace","in":"query","required":true,"schema":{"type":"string"},"description":"The namespace of the chosen pod."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of containers within a specified pod.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An EKS container.","required":["container_name","container_image"],"properties":{"container_name":{"type":"string","description":"The name of the container."},"container_image":{"type":"string","description":"The image used by the container."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/entra":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Import a set of Microsoft Entra ID logs","description":"Import a set of Microsoft Entra ID Audit and Sign-in logs.","tags":["Import from Microsoft Entra ID"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["start_time","end_time","credentials","investigation_id"],"properties":{"start_time":{"description":"The start time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"end_time":{"description":"The end time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"credentials":{"description":"The credentials to use to authenticate with the Microsoft Entra ID API.","type":"string"},"user_ids":{"description":"A list of user IDs to import logs for. If not provided, logs for all users will be imported.","type":"array","items":{"type":"string"}},"investigation_id":{"description":"The ID of associated Cado investigation where logs will be imported into.","type":"integer"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"https:\/\/cado-security.github.io\/api-reference\/#tag\/Pipelines\/paths\/~1api~1v3~1pipelines~1{id}\/get\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data containing the new processing pipeline.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the import pipeline created."}}}}}}}}}}},"\/api\/v3\/import\/gcp\/gce":{"get":{"summary":"Browse a list of Google Compute Engine instances","description":"Browse a list of Google Compute Engine instances in a specific GCP project and region.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"parameters":[{"name":"gcp_project","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP Project ID that contains instances"},{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing instances"},{"name":"instance_name","in":"query","required":false,"schema":{"type":"string"},"description":"Name of GCE Instance to search for"},{"name":"instance_id","in":"query","required":false,"schema":{"type":"string"},"description":"ID of GCE Instance to search for"},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"},{"name":"state","in":"query","required":false,"description":"The state of instances to filter by","schema":{"type":"string","enum":["PROVISIONING","STAGING","RUNNING","STOPPING","SUSPENDING","SUSPENDED","REPAIRING","TERMINATED"]}},{"name":"label","in":"query","required":false,"schema":{"type":"array","items":{"type":"string"}},"description":"A colon delimited key-value pair to filter labels on."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of GCE Instances","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GCE Instance","required":["instance_id","instance_name","state","instance_type","region_zone","labels","disks"],"properties":{"instance_id":{"type":"string","description":"The ID of the GCE instance"},"instance_name":{"type":"string","description":"The name of the GCE instance"},"state":{"type":"string","description":"The state of the GCE instance"},"instance_type":{"type":"string","description":"The type of GCE instance"},"region_zone":{"type":"string","description":"The zone of the GCE instance"},"labels":{"type":"array","items":{"type":"object","required":["key","value"],"properties":{"key":{"type":"string"},"value":{"type":"string"}}}},"disks":{"type":"array","description":"A list of the disks attached to the GCE instance","items":{"type":"object","required":["name","size"],"properties":{"name":{"type":"string","description":"The name of the disk attached to the GCE instance"},"size":{"type":"integer","description":"The size of the disk in GB"}}}}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"summary":"Start an import of an instance from GCE into a specific project","description":"Start an import of an instance from GCE into a specific project. A processing pipeline will be returned that details the status of the processing.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["instance_name","gcs_bucket","instance_project","gcs_project","zone","account_name","investigation_id"],"properties":{"instance_name":{"type":"string","description":"The name of the instance to acquire"},"gcs_bucket":{"type":"string","description":"The name of the GCP storage to export to","example":"bucket-1"},"instance_project":{"type":"string","description":"The project id the instance resides within","example":"projectId-1"},"gcs_project":{"type":"string","description":"The project id the bucket to import into resides within","example":"projectId-2"},"zone":{"type":"string","description":"the gcp zone that the instance resides in","example":"us-central1-a"},"account_name":{"type":"string","description":"The alias of the credentials to use","example":"gcp-project-1-credentials"},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the instance into."},"fast_scan":{"type":"boolean","description":"Whether to perform a scan only import pipeline."},"use_acquisition_service_account":{"type":"boolean","default":false,"description":"Whether to use the service account used for the acquisition instead of the Compute Engine default service account."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_ids"],"properties":{"pipeline_ids":{"type":"array","items":{"type":"object","required":["id"],"properties":{"id":{"type":"integer"}}}}}}}}}}}}}},"\/api\/v3\/import\/gcp\/gcs\/buckets":{"get":{"summary":"Browse a list of GCS buckets","description":"Browse a list of GCS buckets inside a specific GCP account.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen GCP account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the account name for a specific GCP account."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page of items to retrieve."},{"name":"gcp_project","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP project ID to filter by."},{"name":"bucket_prefix","in":"query","required":false,"schema":{"type":"string"},"description":"Filter buckets by a chosen prefix"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GCS bucket","required":["name","location"],"properties":{"name":{"type":"string","description":"The name of the GCS bucket."},"location":{"type":"string","description":"The GCP location\/zone of the GCS bucket."},"labels":{"type":"object","description":"The labels of the GCS bucket."},"storage_class":{"type":"string","description":"The storage class of the GCS bucket."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from GCP"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/gcp\/gcs\/objects":{"get":{"summary":"Browse a list of GCS bucket objects","description":"Browse a list of GCS bucket objects inside a specific GCP account.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen GCP account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the account_name for a specific GCP account."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page of items to retrieve."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The maximum amount of results to be given per query. The query returns anywhere between MAX\/2 and MAX results due to how the GCS API operates. If left blank, the default will be 10."},{"name":"bucket_name","in":"query","required":true,"description":"The bucket to get contents from","schema":{"type":"string"}},{"name":"prefix","in":"query","required":false,"description":"The prefix to filter the objects by. Must end in a \"\/\"","schema":{"type":"string"}},{"name":"gcp_project","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP project ID to filter by."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An GCS bucket object","required":["name","type","last_modified","size","storage_class"],"properties":{"name":{"type":"string","description":"The filename of the GCS object"},"last_modified":{"type":"number","description":"The timestamp of the last modification of the GCS object"},"size":{"type":"integer","description":"The size of the GCS object in bytes"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from GCP"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/gcp\/gcs":{"post":{"summary":"Create GCS bucket acquire task","description":"Create a new task to acquiring new evidence from GCS bucket. Can acquire the entire GCS bucket or a specific file.","tags":["Import from GCP"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["bucket","project_id","account_name","gcp_project","prefix"],"properties":{"project_id":{"type":"integer","description":"The project id to import the evidence into."},"bucket":{"type":"string","description":"The name of the bucket to acquire from."},"gcp_project":{"type":"string","description":"The project id the bucket resides within"},"file_names":{"type":"array","items":{"type":"string"},"description":"The name of the file to acquire. If left blank, the entire bucket will be acquired."},"prefix":{"type":"string","description":"The prefix to filter the objects by. Must end in a \"\/\""},"account_name":{"type":"string","description":"The GCP credentials alias that belongs to the account you want to retrieve buckets from."}}}}}},"responses":{"200":{"description":"Task created","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_ids"],"properties":{"pipeline_ids":{"type":"array","items":{"type":"object","required":["id"],"properties":{"id":{"type":"integer"}}}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/gcp\/gke":{"post":{"summary":"Start an import of a GKE resource within a GCP project","description":"Start an import of a GKE resource within a GCP project. A processing pipeline will be returned that details the status of the processing","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","gcp_project_id","cluster_name","pod_name","pod_namespace","container_name","cluster_zone","investigation_id","host_options"],"properties":{"account_name":{"type":"string","description":"The Account added to the Cado Platform to use."},"gcp_project_id":{"type":"string","description":"The ID of the GCP Project the chosen cluster resides within."},"cluster_name":{"type":"string","description":"The name of the GKE cluster."},"pod_name":{"type":"string","description":"The chosen pod within the cluster."},"pod_namespace":{"type":"string","description":"The namespace of the chosen pod."},"container_name":{"type":"string","description":"The name of the chosen container."},"cluster_zone":{"type":"string","description":"The GCP zone the cluster resides in."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import the GKE resource into."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}}}}},"\/api\/v3\/import\/gcp\/gke\/clusters":{"get":{"summary":"Browse a list of Google Kubernetes Engine clusters","description":"Browse a list of Google Kubernetes Engine clusters in a specific GCP project.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing clusters"},{"name":"gcp_project_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP Project ID that contains clusters"},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return"},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page"}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of GKE clusters","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GKE cluster","required":["cluster_name","is_private","zone"],"properties":{"cluster_name":{"type":"string","description":"The name of the GKE cluster."},"zone":{"type":"string","description":"The zone the GKE cluster resides within."},"is_private":{"type":"boolean","description":"Whether the GKE cluster is private."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/gcp\/gke\/pods":{"get":{"summary":"Browse a list of Google Kubernetes Engine pods","description":"Browse a list of Google Kubernetes Engine pods in a cluster within a specific GCP project.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing pods within a cluster."},{"name":"gcp_project_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP Project ID that contains the cluster containing the pods."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP cluster that contains pods."},{"name":"cluster_zone","in":"query","required":true,"schema":{"type":"string"},"description":"The zone of the GKE cluster that contains pods."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of GKE pods.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GKE pod.","required":["pod_name","pod_namespace"],"properties":{"pod_name":{"type":"string","description":"The name of the GKE pod."},"pod_namespace":{"type":"string","description":"The namespace of the GKE pod."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/gcp\/gke\/containers":{"get":{"summary":"Browse a list of Google Kubernetes Engine containers","description":"Browse a list of Google Kubernetes Engine containers within a specific pod and namespace within a cluster.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from GCP"],"parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The Account added to Cado to use when browsing containers within a pod within a cluster."},{"name":"gcp_project_id","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP Project ID that contains the chosen cluster and pod."},{"name":"cluster_name","in":"query","required":true,"schema":{"type":"string"},"description":"The GCP cluster that contains the chosen pod."},{"name":"cluster_zone","in":"query","required":true,"schema":{"type":"string"},"description":"The zone of the GKE cluster that contains your chosen pod."},{"name":"pod_name","in":"query","required":true,"schema":{"type":"string"},"description":"The name of the chosen pod."},{"name":"pod_namespace","in":"query","required":true,"schema":{"type":"string"},"description":"The namespace of the chosen pod."},{"name":"page","in":"query","required":true,"schema":{"type":"integer"},"description":"The page number to return."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of items to return per page."}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"List of containers within a specified pod.","content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A GKE container.","required":["container_name","container_image"],"properties":{"container_name":{"type":"string","description":"The name of the container."},"container_image":{"type":"string","description":"The image used by the container."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/google-workspace":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Import a set of Google Workspace activity logs","description":"Import a set of Google Workspace activity logs for a given time range.","tags":["Import from Google Workspace"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["start_time","end_time","account_name","investigation_id"],"properties":{"start_time":{"description":"The start time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"end_time":{"description":"The end time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"account_name":{"description":"The account name to use to authenticate with the Google Workspace API.","type":"string"},"user_ids":{"description":"A list of user IDs to import logs for. If not provided, logs for all users will be imported.","type":"array","items":{"type":"string"}},"application_names":{"description":"A list of Google Workspace applications to import logs for. If not provided, logs for all applications will be imported.","type":"array","items":{"type":"string","enum":["access_transparency","admin","calendar","chat","drive","gcp","gplus","groups","groups_enterprise","jamboard","login","meet","mobile","rules","saml","token","user_accounts","context_aware_access","chrome","data_studio","keep","vault"]}},"investigation_id":{"description":"The ID of associated Cado investigation where logs will be imported into.","type":"integer"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"https:\/\/cado-security.github.io\/api-reference\/#tag\/Pipelines\/paths\/~1api~1v3~1pipelines~1{id}\/get\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data containing the new processing pipeline.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the import pipeline created."}}}}}}}}}}},"\/api\/v3\/import\/aws\/lambda":{"get":{"summary":"Browse a list of Lambda functions","description":"Browse a list of Lambda functions inside a specific AWS region and account.","parameters":[{"name":"cloud_id","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen AWS account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"region","in":"query","required":true,"schema":{"type":"string"},"description":"The AWS region to browse Lambda functions in."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An Lambda function","required":["name","last_modified","package_type"],"properties":{"name":{"type":"string","description":"The name of the Lambda function."},"last_modified":{"type":"number","description":"The date and time the Lambda function was last modified."},"package_type":{"type":"string","description":"The package type of the Lambda function."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from AWS"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Start an import of an Lambda function into a specified project","description":"Start an import of a running Lambda container into the specified project. A processing pipeline will be returned that details the status of the processing.","tags":["Import from AWS"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["function","region","project_id"],"properties":{"function":{"type":"string","description":"The name of the Lambda function you wish to import."},"cloud_id":{"type":"string","description":"The alias of the chosen AWS account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},"region":{"type":"string","description":"The AWS region where the Lambda is located."},"project_id":{"type":"integer","description":"The ID of the Cado project that you want to import the data into."},"token":{"type":"string","description":"The AWS STS token that can be used for the import."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"https:\/\/cado-security.github.io\/api-reference\/#tag\/Pipelines\/paths\/~1api~1v3~1pipelines~1{id}\/get\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data containing the new processing pipeline.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The numerical ID assigned to the pipeline."}}}}}}}}}}},"\/api\/v3\/import\/aws\/s3\/buckets":{"get":{"summary":"Browse a list of S3 buckets","description":"Browse a list of S3 buckets inside a specific AWS account.","parameters":[{"name":"cloud_id","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen AWS account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"prefix","in":"query","required":false,"schema":{"type":"string"},"description":"The string that the bucket name should start with"},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The amount of items to be given per page. If left blank, the default will be 10."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An S3 bucket","required":["name","creation_date"],"properties":{"name":{"type":"string","description":"The name of the S3 bucket."},"creation_date":{"type":"number","description":"The date and time the S3 bucket was created."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from AWS"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/aws\/s3\/objects":{"get":{"summary":"Browse a list of S3 bucket objects","description":"Browse a list of S3 bucket objects inside a specific AWS account.","parameters":[{"name":"cloud_id","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen AWS account to browse. See the <a href=\"#\">Clouds API<\/a> documentation for more info on obtaining the cloud_id for a specific AWS account."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next page given by the response of the previous\/current page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"The maximum amount of results to be given per query. The query returns anywhere between MAX\/2 and MAX results due to how the S3 API operates. If left blank, the default will be 10."},{"name":"bucket_name","in":"query","required":true,"description":"The bucket to get contents from","schema":{"type":"string"}},{"name":"delimiter","in":"query","required":false,"description":"The delimeter used to separate paths in the file name. Defaults to \"\/\"","schema":{"type":"string"}},{"name":"prefix","in":"query","required":false,"description":"The prefix to filter the objects by. Must end in a \"\/\"","schema":{"type":"string"}}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"An S3 bucket object","oneOf":[{"type":"object","description":"A file object in S3","required":["name","type","last_modified","size","storage_class"],"properties":{"type":{"type":"string","enum":["FILE"],"default":"FILE"},"name":{"type":"string","example":"auth.log","description":"The filename of the S3 object"},"last_modified":{"type":"number","example":7959334942000,"description":"The timestamp of the last modification of the S3 object"},"size":{"type":"number","example":804756,"description":"The size of the S3 object in bytes"},"storage_class":{"type":"string","example":"STANDARD","description":"The storage class of the S3 object"}}},{"type":"object","description":"An object representing a folder in S3","required":["name","type"],"properties":{"type":{"type":"string","enum":["FOLDER"],"default":"FOLDER"},"name":{"type":"string","example":"auth.log","description":"The name of the folder"}}}]}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from AWS"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/aws\/s3":{"post":{"summary":"Create S3 bucket acquire task","description":"Create a new task to acquiring new evidence from S3 bucket. Can acquire the entire s3 bucket or a specific file.","tags":["Import from AWS"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["bucket","project_id"],"properties":{"project_id":{"type":"integer"},"bucket":{"type":"string","example":"jf-bucket-1234"},"file_name":{"type":"array","items":{"type":"string"}},"prefix":{"type":"string","example":"directory_1\/"},"cloud_id":{"type":"string","description":"The AWS credentials alias that belongs to the account you want to retrieve buckets from."},"token":{"type":"string","description":"The AWS JIT token to use for the acquisition"}}}}}},"responses":{"200":{"description":"Task created","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/microsoft365\/ual":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Import a set of Microsoft 365 Unified Audit Logs","description":"Import a set of Microsoft 365 Unified Audit Logs.","tags":["Import from Microsoft 365"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["start_time","end_time","credentials","project_id"],"properties":{"start_time":{"description":"The start time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"end_time":{"description":"The end time of the logs to import. This should be in Unix Epoch format.","type":"integer"},"credentials":{"description":"The credentials to use to authenticate with the Microsoft 365 API.","type":"string"},"workload":{"description":"The Microsoft 365 workload to import logs from.","type":"string","default":"all","enum":["exchange","sharepoint","aad","onedrive","defender","all"]},"user_ids":{"description":"A list of user IDs to import logs for. If not provided, logs for all users will be imported.","type":"array","items":{"type":"string"}},"ip_addresses":{"description":"A list of IP addresses to import logs for. If not provided, logs for all IP addresses will be imported.","type":"array","items":{"type":"string"}},"project_id":{"description":"The ID of associated Cado project logs will be imported into.","type":"integer"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"https:\/\/cado-security.github.io\/api-reference\/#tag\/Pipelines\/paths\/~1api~1v3~1pipelines~1{id}\/get\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data containing the new processing pipeline.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the import pipeline created."}}}}}}}}}}},"\/api\/v3\/import\/xdr\/crowdstrike":{"get":{"summary":"Browse a list of devices for a given CrowdStrike account","description":"Browse a list of devices for a given CrowdStrike account. Supports filtering for hostname and operating system.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen XDR CrowdStrike credentials to use."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next set of devices."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of devices to return."},{"name":"os","in":"query","required":false,"schema":{"type":"string"},"description":"Operating system of the device to search for."},{"name":"hostname","in":"query","required":false,"schema":{"type":"string"},"description":"The hostname of the device to search for."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","description":"A list of CrowdStrike devices.","items":{"type":"object","description":"A CrowdStrike device.","required":["device_id","hostname","ip_address","operating_system","is_online"],"properties":{"device_id":{"type":"string","description":"The ID of the device."},"hostname":{"type":"string","description":"The hostname of the device."},"ip_address":{"type":"string","description":"The IP of the device."},"operating_system":{"type":"string","description":"The Operating System of the device."},"is_online":{"type":"boolean","description":"Whether the device is online. This will determine if we can currently acquire the device."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from XDR"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/import\/xdr\/sentinelone":{"get":{"security":[{"bearerAuth":[]}],"tags":["Import from XDR"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","summary":"Browse a list of devices for a given SentinelOne account","description":"Browse a list of devices for a given SentinelOne account. Supports filtering for hostname and operating system.","parameters":[{"name":"account_name","in":"query","required":true,"schema":{"type":"string"},"description":"The alias of the chosen XDR SentinelOne credentials to use."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next set of devices."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of devices to return."},{"name":"os","in":"query","required":false,"schema":{"type":"string"},"description":"Operating system of the device to search for."},{"name":"hostname","in":"query","required":false,"schema":{"type":"string"},"description":"The hostname of the device to search for."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","description":"A list of SentinelOne devices.","items":{"type":"object","description":"A SentinelOne device.","required":["device_id","hostname","ip_address","operating_system","is_online"],"properties":{"device_id":{"type":"string","description":"The ID of the device."},"hostname":{"type":"string","description":"The hostname of the device."},"ip_address":{"type":"string","description":"The IP of the device."},"operating_system":{"type":"string","description":"The Operating System of the device."},"is_online":{"type":"boolean","description":"Whether the device is online. This will determine if we can currently acquire the device."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be cursor."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be success.","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/xdr\/defender":{"get":{"summary":"Browse a list of devices for a given Defender account","description":"Browse a list of devices for a given Defender account. Supports filtering for hostname and operating system.","tags":["Import from XDR"],"security":[{"bearerAuth":[]}],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"account_name","in":"query","description":"Account name associated with Defender","required":true,"schema":{"type":"string"}},{"name":"os","in":"query","required":false,"schema":{"type":"string"},"description":"Operating system of the device to search for."},{"name":"hostname","in":"query","required":false,"schema":{"type":"string"},"description":"The hostname of the device to search for."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next set of devices."},{"name":"per_page","in":"query","description":"How many results per page","required":true,"schema":{"type":"integer"}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A list of Defender endpoints.","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","description":"A list of Defender devices.","items":{"type":"object","description":"A Defender device.","required":["device_id","hostname","ip_address","operating_system","is_online"],"properties":{"device_id":{"type":"string","description":"The ID of the device."},"hostname":{"type":"string","description":"The hostname of the device."},"ip_address":{"type":"string","description":"The IP of the device."},"operating_system":{"type":"string","description":"The Operating System of the device."},"is_online":{"type":"boolean","description":"Whether the device is online. This will determine if we can currently acquire the device."}}}},"pagination":{"type":"object","required":["type"],"properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"status":{"default":"success","description":"The status of the response, in this context, the value will be success.","enum":["success"],"type":"string"}}}}}}}}}},"\/api\/v3\/import\/xdr\/csensor":{"get":{"summary":"Browse a list of Darktrace Endpoint devices","description":"Browse a list Darktrace Endpoint devices. Supports filtering for hostname and operating system.","parameters":[{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next set of devices."},{"name":"per_page","in":"query","required":true,"schema":{"type":"integer"},"description":"The number of devices to return."},{"name":"os","in":"query","required":false,"schema":{"type":"string"},"description":"Operating system of the device to search for."},{"name":"hostname","in":"query","required":false,"schema":{"type":"string"},"description":"The hostname of the device to search for."},{"name":"selected_appliance","in":"query","required":true,"schema":{"type":"string"},"description":"Appliance used to filter for certain devices"}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","description":"A list of Darktrace Endpoint devices.","items":{"type":"object","description":"A Darktrace Endpoint device.","required":["device_id","hostname","ip_address","operating_system","is_online"],"properties":{"device_id":{"type":"string","description":"The ID of the device."},"hostname":{"type":"string","description":"The hostname of the device."},"ip_address":{"type":"string","description":"The IP of the device."},"operating_system":{"type":"string","description":"The Operating System of the device."},"is_online":{"type":"boolean","description":"Whether the device is online. This will determine if we can currently acquire the device."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import from XDR"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"},"post":{"summary":"Start an import of a csensor Device into a specified investigation","description":"Start an import of an csensor Device into a specified investigation. A processing pipeline will be returned that details the status of the processing.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from XDR"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["device_id","investigation_id","appliance_name"],"properties":{"investigation_id":{"type":"integer","description":"The ID of the investigation to import into."},"device_id":{"type":"string","description":"The ID of the csensor device."},"appliance_name":{"type":"string","description":"The name of the csensor appliance."}}}}}},"responses":{"200":{"description":"A new pipeline ID is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/xdr\/csensor\/appliances":{"get":{"summary":"Darktrace csensor appliances","description":"Get a list Darktrace csensor appliances","parameters":[{"name":"per_page","in":"query","required":false,"schema":{"type":"integer"},"description":"The number of appliances to return."},{"name":"page","in":"query","required":false,"schema":{"type":"integer"},"description":"The page number"},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the next set of appliances."}],"security":[{"bearerAuth":[]}],"tags":["Import from XDR"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","responses":{"200":{"description":"","content":{"application\/json":{"schema":{"required":["data","status","pagination"],"type":"object","properties":{"data":{"type":"array","description":"A list of Darktrace csensor appliances.","items":{"type":"object","required":["product_id","access_id","url","name","deployment_id"],"properties":{"product_id":{"type":"string","description":"A uniques identifier of a product","example":"854jjf8-84848-44fb-886e-19945748ef"},"access_id":{"type":"string","description":"A unique access identifier","example":"Tyfu764isd84j-csensor-instance"},"url":{"type":"string","description":"A url for the product","example":"https:\/\/abc1234567.euw2.saas.darktrace.com\/csensor"},"name":{"type":"string","description":"The name of the product","example":"csensor-euw1-573838-02"},"deployment_id":{"type":"integer","description":"The unique id of the deployment_id","example":1838338},"tunnel_state":{"type":"string","description":"A representing state of current connection state","example":"UP"},"internet_enabled":{"type":"boolean","description":"A boolean value representing if the device has internet access","example":true}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success.","enum":["success"],"type":"string"},"pagination":{"type":"object","required":["type"],"properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be `cursor`."},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"per_page":{"type":"integer","description":"The amount of items to be given per page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/xdr":{"post":{"summary":"Start an import of an XDR Device into a specified investigation","description":"Start an import of an XDR Device into a specified investigation. A processing pipeline will be returned that details the status of the processing.","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta","tags":["Import from XDR"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["account_name","device_id","investigation_id","host_options"],"properties":{"account_name":{"type":"string","description":"The XDR Account to use."},"investigation_id":{"type":"integer","description":"The ID of the investigation to import into."},"device_id":{"type":"string","description":"The ID of the XDR device."},"host_options":{"$ref":"#\/components\/schemas\/host_options"}}}}}},"responses":{"200":{"description":"A new pipeline ID is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The ID of the created pipeline."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/import\/local\/pre-signed":{"post":{"x-Feature Lifecycle":"beta","summary":"Generate pre-signed URLs for local file uploads","description":"Generate one or more pre-signed URLs for uploading files directly from the browser. Each file must be under 5GB. A maximum of 10 files can be requested at once.","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["project_id","file_names"],"properties":{"project_id":{"type":"integer","minimum":1,"description":"The ID of the project to associate the uploaded files with."},"file_names":{"type":"array","items":{"type":"string"},"minItems":1,"maxItems":10,"description":"List of original file names to generate upload URLs for."}}}}}},"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","default":"success","description":"The status of the response."},"data":{"type":"object","required":["project_id","urls"],"properties":{"project_id":{"type":"integer","description":"The project ID the upload URLs are associated with."},"urls":{"type":"array","items":{"type":"object","required":["url"],"properties":{"url":{"type":"string","description":"A pre-signed URL to upload a file to via HTTP PUT."}}}}}}}}}},"description":"List of pre-signed bucket links for the client to upload files to"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Import Local Files"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"]}},"\/api\/v3\/import\/test":{"post":{"summary":"A small import test drive","description":"Import test disk image file to the server from app and start processing it as new evidence (creating new task).","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"tags":["Import CTF"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["project_id"],"properties":{"project_id":{"type":"integer","description":"The ID of the Cado project that you want to import the data into."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer"}}}}}}}}}}},"\/api\/v3\/indicators":{"get":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Detected iocs in the project","description":"Get all detected IOCs within a project.","tags":["Indicators"],"parameters":[{"name":"investigation_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"evidence_id","in":"query","required":false,"schema":{"type":"integer"}},{"name":"filter","in":"query","required":false,"schema":{"type":"string"},"description":"filter for matched or extracted"}],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"return list of task ids of the new tasks created","content":{"application\/json":{"schema":{"required":["data","status"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["detected_iocs","indicators"],"properties":{"detected_iocs":{"type":"array","items":{"type":"object","required":["project_id","evidence_id","type","evidence_name","description","indicator"],"properties":{"project_id":{"type":"integer"},"evidence_id":{"type":"integer"},"type":{"type":"string"},"evidence_name":{"type":"string"},"description":{"type":"string"},"indicator":{"type":"string"}}}},"indicators":{"type":"array","items":{"type":"string"}}}}}}}}}}}},"\/api\/v3\/indicators\/export":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Export the detected indicators","description":"Export the detected indicators either json or misp","tags":["Indicators"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"investigation_id","in":"query","required":true,"schema":{"type":"integer"}},{"name":"evidence_id","in":"query","required":false,"schema":{"type":"integer"}},{"name":"filter","in":"query","required":true,"schema":{"type":"string","enum":["matched","extracted"]},"description":"filter for matched or extracted"},{"name":"type","in":"query","required":true,"schema":{"type":"string","enum":["csv","misp"]},"description":"filter for json or misp"}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"return the exported indicators file","content":{"application\/zip":{"schema":{"type":"string","format":"binary"}}}}}}},"\/api\/v3\/intelligence":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Get intelligence settings","description":"Get intelligence settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"yara","in":"query","required":false,"description":"Get Yara rules","schema":{"type":"boolean","example":true}},{"name":"ioc","in":"query","required":false,"description":"Get IOC's","schema":{"type":"boolean","example":true}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response returning requested settings intelligence values.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"},"data":{"type":"object","required":["yara","ioc"],"properties":{"yara":{"type":"object","required":["custom_data","default_data"],"properties":{"custom_data":{"type":"string","description":"Custom Yara rules"},"default_data":{"type":"string","description":"Default Yara rules"}}},"ioc":{"type":"object","required":["custom_data"],"properties":{"custom_data":{"type":"object","properties":{"user_input":{"type":"string"}}}},"description":"Custom IOCs"}}}}}}}}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Create intelligence setting","description":"Add a new intelligence setting.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"multipart\/form-data":{"schema":{"type":"object","required":["file"],"properties":{"file":{"type":"string","format":"binary","description":"The indicator file to upload."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["file_id"],"description":"The data returned by the API.","properties":{"file_id":{"description":"cleaned file name.","type":"string"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the indicator file was successfully uploaded."}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Update intelligence settings","description":"Update intelligence settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","properties":{"yara":{"type":"string","description":"Custom yara rules","example":"rule indicator_match { strings: $strings condition: any of them }"},"ioc":{"type":"string","description":"Custom ioc rules"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["message"],"description":"The data returned by the API.","properties":{"message":{"description":"Message indicating the indicator file was successfully update.","type":"string"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the indicator file was successfully update."}}}},"\/api\/v3\/intelligence\/{indicator_key}":{"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Delete intelligence settings","description":"Delete intelligence settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"indicator_key","in":"path","required":true,"description":"The unique identifier of the indicator file to delete.","schema":{"type":"string","example":123456}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the indicator file was successfully deleted."}}}},"\/api\/v3\/license":{"get":{"description":"Get the license information for the current instance of Cado.","parameters":[],"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","description":"The license data for the current instance of Cado.","required":["license"],"properties":{"license":{"type":"object","required":["customer_id","dev_license","issue_date","level","expiry_date","signature"],"description":"The license data, if it exists.","properties":{"customer_id":{"type":"string","description":"A unique identifier for the customer."},"dev_license":{"type":"boolean","description":"A boolean value indicating if the license is a development license."},"issue_date":{"type":"string","description":"The date the license was issued."},"level":{"type":"string","description":"The license level","enum":["FULL","TRIAGE_ONLY","RESTRICTED"]},"expiry_date":{"type":"string","description":"The date the license will expire."},"signature":{"type":"string","description":"The unique signature of the license."}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the license data was successfully retrieved."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get license","tags":["Licenses"],"x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"},"delete":{"description":"Delete the license for the current instance of Cado.","parameters":[],"responses":{"200":{"description":"Successfully deleted the license.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Delete license","tags":["Licenses"],"x-Admin Only":"yes","x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/license\/upload":{"post":{"description":"Upload a license file to the current instance of Cado.","requestBody":{"content":{"multipart\/form-data":{"schema":{"type":"object","required":["file"],"properties":{"file":{"type":"string","format":"binary","description":"The license file to upload."}}}}}},"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["message","file_id"],"description":"The data returned by the API.","properties":{"file_id":{"description":"The unique identifier of the uploaded license file.","type":"string"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the license was successfully uploaded."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Upload license","tags":["Licenses"],"x-Admin Only":"yes","x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/settings\/log-export-test":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Test log export connectivity","description":"Send a test syslog event to validate log export settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["host","port","protocol"],"properties":{"host":{"type":"string","description":"The hostname of the syslog server"},"port":{"type":"integer","default":514,"description":"The destination port of the syslog server."},"protocol":{"type":"string","description":"The protocol to use when sending syslog events.","enum":["tcp","udp"],"default":"tcp"},"tls_enabled":{"type":"boolean","description":"Whether to use TLS when connecting to the server."},"tls_verify_enabled":{"type":"boolean","description":"Whether to verify the certificate of the syslog server."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Test event sent successfully.","content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response.","enum":["success"],"default":"success"},"data":{"type":"object","additionalProperties":false,"required":["id","message"],"properties":{"id":{"type":"string","format":"uuid","description":"Unique identifier for the test event."},"message":{"type":"string","description":"A message indicating the test result."}}}}}}}}}}},"\/api\/v3\/metrics":{"get":{"description":"Get a list of metrics for the cado platform","parameters":[],"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["user_count","projects_count","evidence_pieces_processed","disk_volume_processed_total","disk_processed_this_month","collections_this_month","collections_total"],"description":"The metrics data returned by the API.","properties":{"user_count":{"type":"integer","description":"The total number of users in the system from when license was issued."},"projects_count":{"type":"integer","description":"The total number of projects in the system from when license was issued."},"evidence_pieces_processed":{"type":"integer","description":"The total number of evidence pieces processed from when license was issued."},"disk_volume_processed_total":{"type":"integer","description":"The total volume of disk processed from when license was issued.."},"disk_processed_this_month":{"type":"integer","description":"The total volume of disk processed from when license was issued."},"collections_this_month":{"type":"integer","description":"The total number of collections processed from when license was issued."},"collections_total":{"type":"integer","description":"The total number of collections processed from when license was issued."}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}},"description":"A response indicating the metrics data was successfully retrieved."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get metrics","tags":["Metrics"],"x-Required Roles":["Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/notes":{"post":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Create a note","description":"Create a note which can either be the starred status of a timeline event or the comment associated with a timeline event.","tags":["Notes"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["investigation_id","note"],"properties":{"investigation_id":{"description":"ID of the investigation associated with the note.","type":"integer"},"include_timeline_query":{"type":"string","description":"Timeline query to filter timeline events"},"include_event_ids":{"type":"array","description":"A selection of event IDs to bulk creating notes","items":{"type":"string","description":"The ID of an event"}},"exclude_event_ids":{"type":"array","description":"A selection of event IDs to ignore bulk creating notes for","items":{"type":"string","description":"The ID of an event"}},"include_event_dates":{"type":"array","description":"A selection of event dates for which to bulk creating notes","items":{"type":"number","description":"A date on which an event occurred"}},"exclude_event_dates":{"type":"array","description":"A selection of event dates for which to ignore bulk creating notes","items":{"type":"number","description":"A date on which an event occurred"}},"note":{"$ref":"#\/components\/schemas\/note_data"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Successfully created a note.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","properties":{"event_ids":{"type":"array","items":{"type":"string"},"description":"The IDs of the event(s) with new notes."}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Bulk remove notes","description":"Bulk remove notes which can either be the starred status of a timeline event or the comment associated with a timeline event.","tags":["Notes"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["investigation_id","note"],"description":"Payload for bulk modifying notes","properties":{"investigation_id":{"description":"ID of the investigation associated with the note.","type":"integer"},"note":{"$ref":"#\/components\/schemas\/note_data"},"include_timeline_query":{"type":"string","description":"Timeline query to filter timeline events"},"include_event_ids":{"type":"array","description":"A selection of event IDs to bulk modify notes","items":{"type":"string","description":"The ID of an event"}},"exclude_event_ids":{"type":"array","description":"A selection of event IDs to ignore bulk modifying notes for","items":{"type":"string","description":"The ID of an event"}},"include_event_dates":{"type":"array","description":"A selection of event dates for which to bulk modify notes","items":{"type":"number","description":"A date on which an event occurred"}},"exclude_event_dates":{"type":"array","description":"A selection of event dates for which to ignore bulk modifying notes","items":{"type":"number","description":"A date on which an event occurred"}}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated notes.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}}},"\/api\/v3\/notes\/{note_id}":{"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Delete a note","description":"Delete a note which can either be the starred status of a timeline event or the comment associated with a timeline event.","tags":["Notes"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"note_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the note you want to delete."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted a note.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst"],"summary":"Update a note","description":"Update the text of a comment note","tags":["Notes"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"note_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the note you want to update."}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","description":"The note object to update. Only text can be updated.","required":["text"],"properties":{"text":{"type":"string","description":"The new text of the comment."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated a note.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"$ref":"#\/components\/schemas\/note_schema"}}}}}}}}},"\/api\/v3\/notifications\/{notification_id}":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Update a notification to be read or unread","description":"Update a notification to be read or unread.","tags":["Notifications"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"notification_id","in":"path","required":true,"description":"Id of the notification to update","schema":{"type":"integer","example":1}}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["is_viewed"],"properties":{"is_viewed":{"type":"boolean","description":"Whether a notification has been viewed or not"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated notification","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["id","message","level","notification_type","is_viewed","created"],"properties":{"id":{"type":"integer","description":"The unique id of the notification model instance"},"is_viewed":{"type":"boolean","description":"Whether the notification has been viewed or not"},"message":{"type":"string","description":"The message of the notification"},"created":{"type":"number","description":"Creation time as a Unix timestamp"},"level":{"type":"string","$ref":"#\/components\/schemas\/notification_level"},"project_id":{"type":"integer","description":"The unique id of the project"},"evidence_id":{"type":"integer","description":"The unique id of the evidence instance"},"notification_type":{"type":"string","enum":["System","Acquisition","Processing","Authentication","Other"],"description":"The type of notification"}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Delete a notification","description":"Delete a notification.","tags":["Notifications"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"notification_id","in":"path","required":true,"description":"Id of the notification to delete","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted notification","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}},"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get a notification","description":"Get a notification information.","tags":["Notifications"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"notification_id","in":"path","required":true,"description":"Id of the notification to retrieve","schema":{"type":"integer","example":1}}],"responses":{"200":{"description":"Retrieved notification information","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["id","message","level","notification_type","is_viewed","created"],"properties":{"id":{"type":"integer","description":"The unique id of the notification model instance"},"is_viewed":{"type":"boolean","description":"Whether the notification has been viewed or not"},"message":{"type":"string","description":"The message of the notification"},"created":{"type":"number","description":"Creation time as a Unix timestamp"},"level":{"type":"string","$ref":"#\/components\/schemas\/notification_level"},"project_id":{"type":"integer","description":"The unique id of the project"},"evidence_id":{"type":"integer","description":"The unique id of the evidence instance"},"notification_type":{"type":"string","enum":["System","Acquisition","Processing","Authentication","Other"],"description":"The type of notification"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/notifications":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get a list of notifications","description":"Get a notification information.","tags":["Notifications"],"parameters":[{"name":"project_id","in":"query","required":false,"description":"The unique id of the project to get notifications for","schema":{"type":"integer"}},{"name":"evidence_id","in":"query","required":false,"description":"The unique id of the evidence item to get notifications for","schema":{"type":"integer"}},{"name":"is_viewed","in":"query","required":false,"description":"Whether to get viewed or not viewed notifications","schema":{"type":"boolean"}},{"name":"from_date","in":"query","required":false,"description":"The start date to get notifications from","schema":{"type":"integer"}},{"name":"to_date","in":"query","required":false,"description":"The end date to get notifications","schema":{"type":"integer"}},{"name":"page","in":"query","required":true,"description":"The page number to get notifications for","schema":{"type":"integer"}},{"name":"per_page","in":"query","required":true,"description":"The number of notifications to get per page","schema":{"type":"integer"}},{"name":"notification_type","in":"query","required":false,"description":"The type of notification to get i.e System, Acquisition etc","schema":{"type":"string"}},{"name":"level","in":"query","required":false,"description":"The level of the notification to get i.e Info, Warning, Error","schema":{"type":"string","enum":["Info","Warning","Error"]}},{"name":"include_deleted","in":"query","required":false,"description":"Whether to get notifications that are associated with a project that has been deleted","schema":{"type":"boolean"}}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Retrieved a list of notifications","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","required":["id","message","level","notification_type","is_viewed","created"],"properties":{"id":{"type":"integer","description":"The unique id of the notification model instance"},"is_viewed":{"type":"boolean","description":"Whether the notification has been viewed or not"},"message":{"type":"string","description":"The message of the notification"},"created":{"type":"number","description":"Creation time as a Unix timestamp"},"level":{"type":"string","$ref":"#\/components\/schemas\/notification_level"},"project_id":{"type":"integer","description":"The unique id of the project"},"evidence_id":{"type":"integer","description":"The unique id of the evidence instance"},"project_name":{"type":"string","description":"The name of the project"},"evidence_name":{"type":"string","description":"The name of the evidence"},"notification_type":{"type":"string","enum":["System","Acquisition","Processing","Authentication","Other"],"description":"The type of notification"}}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Update notifications viewed status","description":"Update all notifications that are unread to viewed","tags":["Notifications"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","properties":{"is_viewed":{"type":"boolean","description":"Whether a notification has been viewed or not"},"clear_all":{"type":"boolean","description":"Whether a notification has been viewed or not"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated notifications to viewed","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["message"],"properties":{"message":{"type":"string","description":"The message indicating the notifications have been updated"},"notifications_updated":{"type":"integer","description":"The number of notifications updated"},"notifications_deleted":{"type":"integer","description":"The number of notifications deleted"}},"oneOf":[{"required":["notifications_updated"]},{"required":["notifications_deleted"]}]}}}}}}}}},"\/api\/v3\/pipelines":{"get":{"description":"List pipelines visible to the current user.","parameters":[{"name":"page","in":"query","description":"Which page of results to return, ordered by created desc","required":false,"schema":{"type":"integer","default":1}},{"name":"per_page","in":"query","description":"How many results per page, ordered by created desc.","required":false,"schema":{"type":"integer","default":10}},{"name":"project_id","in":"query","description":"Filter by project id","required":false,"schema":{"type":"integer"}},{"name":"evidence_id","in":"query","description":"Filter by evidence id","required":false,"schema":{"type":"integer"}},{"name":"evidence_name","in":"query","description":"Filter by evidence name","required":false,"schema":{"type":"string"}},{"name":"investigation_name","in":"query","description":"Filter by investigation name","required":false,"schema":{"type":"string"}},{"name":"user_id","in":"query","description":"Filter by triggering user ID","required":false,"schema":{"type":"integer"}},{"name":"type","in":"query","description":"Filter by pipeline type","required":false,"schema":{"type":"string","enum":["processing","acquisition","healthcheck","investigation_kicker","accountdiscovery","analysis","remote_action","deletion","archiving","scanning"]}},{"name":"triggering_pipeline_id","in":"query","description":"Filter by triggering pipeline id","required":false,"schema":{"type":"integer"}},{"name":"order_by","in":"query","description":"Order by field, default created desc.","schema":{"type":"string","enum":["project_name","-project_name","evidence_name","-evidence_name","created","-created","user_name","-user_name"]}},{"name":"pipeline_status","in":"query","description":"Filter by the pipeline status","schema":{"type":"string","enum":["complete","failed","cancelled","in_progress","queued"]}}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["aborted","can_be_terminated","created","kick_off","name","pipeline","summary","terminated","status","subtasks"],"properties":{"aborted":{"type":"boolean","description":"Has the pipeline been aborted?"},"can_be_terminated":{"type":"boolean","description":"Can the pipeline be terminated?"},"created":{"type":"number","description":"Creation timestamp (ms since epoch)"},"evidence":{"type":"object","nullable":true,"required":["id","name"],"description":"Details of the evidence the pipeline relates to","properties":{"id":{"type":"integer","description":"Evidence ID the pipeline relates to"},"name":{"type":"string","description":"Evidence name the pipeline relates to"}}},"kick_off":{"type":"array","description":"Details of the alert that kicked off the pipeline","items":{"type":"string"}},"name":{"type":"string","description":"Pipeline name"},"pipeline":{"type":"object","required":["id","type"],"description":"Details of the pipeline","properties":{"id":{"type":"integer","description":"Pipeline ID"},"type":{"type":"string","description":"Type of pipeline","enum":["processing","acquisition","healthcheck","inventory","investigation_kicker","accountdiscovery","analysis","remote_action","deletion","archiving","scanning"]}}},"project":{"type":"object","required":["id","name"],"description":"Details of the project the pipeline relates to","properties":{"id":{"type":"integer","description":"Project ID the pipeline relates to"},"name":{"type":"string","description":"Project name the pipeline relates to"}}},"summary":{"description":"Summary of subtask states for the pipeline","type":"object","required":["total","success","failure","pending","cancelled","running"],"properties":{"total":{"type":"integer"},"success":{"type":"integer"},"failure":{"type":"integer"},"pending":{"type":"integer"},"cancelled":{"type":"integer"},"running":{"type":"integer"}}},"status":{"type":"string","description":"Status of pipeline","enum":["complete","failed","in_progress","queued","cancelled"]},"terminated":{"type":"boolean","description":"Has the pipeline been terminated?"},"triggering_pipeline_id":{"type":"integer","description":"Triggering pipeline ID"},"user":{"type":"object","required":["id","name"],"description":"Details of the user who created the pipeline","properties":{"id":{"type":"integer","description":"User ID of the pipeline creator"},"name":{"type":"string","description":"User name of the pipeline creator"}}},"subtasks":{"type":"array","description":"Details of the subtasks for the pipeline","items":{"type":"object","required":["name","state"],"properties":{"state":{"type":"string","description":"Overall State of the grouped subtasks","enum":["PENDING","RUNNING","SUCCESS","FAILURE","CANCELLED"]},"name":{"type":"string","description":"name identifier of tasks with same name i.e grouped name"}}}}}}},"pagination":{"type":"object","description":"Pagination information","properties":{"current_page":{"description":"The current page number","type":"integer"},"total_pages":{"description":"The total number of pages","type":"integer"},"total_records":{"description":"The total number of records","type":"integer"},"per_page":{"description":"The number of records per page","type":"integer"},"type":{"default":"page","description":"The type of the pagination","enum":["page"],"type":"string"}},"required":["total_records","current_page","total_pages","type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of pipelines"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List pipelines","tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/pipelines\/{id}":{"get":{"description":"Get a pipeline by ID.","parameters":[{"description":"Pipeline ID to retrieve.","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"object","required":["aborted","can_be_terminated","created","kick_off","name","pipeline","subtasks","summary","status","terminated"],"properties":{"aborted":{"type":"boolean","description":"Has the pipeline been aborted?"},"can_be_terminated":{"type":"boolean","description":"Can the pipeline be terminated?"},"created":{"type":"number","description":"Creation timestamp (ms since epoch)"},"evidence":{"type":"object","required":["id","name"],"nullable":true,"description":"Details of the evidence the pipeline relates to","properties":{"id":{"type":"integer","description":"Evidence ID the pipeline relates to"},"name":{"type":"string","description":"Evidence name the pipeline relates to"}}},"kick_off":{"type":"array","description":"Details of the alert that kicked off the pipeline","items":{"type":"string"}},"name":{"type":"string","description":"Pipeline name"},"pipeline":{"type":"object","required":["id","type"],"description":"Details of the pipeline","properties":{"id":{"type":"integer","description":"Pipeline ID"},"type":{"type":"string","description":"Type of pipeline","enum":["processing","acquisition","healthcheck","inventory","investigation_kicker","accountdiscovery","analysis","remote_action","deletion","archiving","scanning"]}}},"project":{"type":"object","required":["id","name"],"description":"Details of the project the pipeline relates to","properties":{"id":{"type":"integer","description":"Project ID the pipeline relates to"},"name":{"type":"string","description":"Project name the pipeline relates to"}}},"subtasks":{"type":"array","description":"Details of the subtasks for the pipeline","items":{"type":"object","required":["execution_duration","finish_time","name","name_key","notification_level","progress_text","start_time","state"],"properties":{"execution_duration":{"type":"integer","description":"Execution duration in seconds"},"finish_time":{"type":"number","description":"Finish time (ms since epoch)"},"name":{"type":"string","description":"Subtask name"},"name_key":{"type":"string","description":"Subtask name key"},"notification_level":{"type":"string","description":"Notification level"},"progress_text":{"type":"array","items":{"type":"string"},"description":"Progress text"},"start_time":{"type":"number","description":"Start time (ms since epoch)"},"state":{"type":"string","description":"State of the subtask","enum":["PENDING","RUNNING","SUCCESS","FAILURE","CANCELLED"]},"total_stages":{"type":"integer","nullable":true,"description":"Total stages"}}}},"summary":{"type":"object","required":["total","success","failure","pending","cancelled","running"],"properties":{"total":{"type":"integer"},"success":{"type":"integer"},"failure":{"type":"integer"},"pending":{"type":"integer"},"cancelled":{"type":"integer"},"running":{"type":"integer"}},"description":"Summary of subtask states for the pipeline"},"status":{"type":"string","description":"Status of pipeline","enum":["complete","failed","in_progress","queued","cancelled"]},"terminated":{"type":"boolean","description":"Has the pipeline been terminated?"},"triggering_pipeline_id":{"type":"integer","description":"Triggering pipeline ID"},"user":{"type":"object","required":["id","name"],"description":"Details of the user who created the pipeline","properties":{"id":{"type":"integer","description":"User ID of the pipeline creator"},"name":{"type":"string","description":"User name of the pipeline creator"}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data"],"type":"object"}}},"description":"Successful response with pipeline data."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get pipeline","tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"},"patch":{"description":"Update the attributes of a pipeline. Can also be used to cancel a pipeline, by updating the 'aborted' attribute to true.","parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the pipeline to update."}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["aborted"],"properties":{"aborted":{"type":"boolean","description":"Set to true to cancel the pipeline","enum":[true]}}}}}},"responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"pipeline_id":{"type":"integer","description":"The ID of the updated pipeline."}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}},"description":"The data containing the ID of the updated pipeline."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Update pipeline","tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/pipelines\/{id}\/logs":{"get":{"description":"Get the logs for a pipeline by ID.","parameters":[{"description":"Pipeline ID to retrieve logs for.","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"description":"Zip file with logs","content":{"application\/zip":{"schema":{"type":"string","format":"binary"}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get pipeline logs","tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/pipelines\/rerun":{"post":{"description":"Either rerun all the pipelines for a project or a single pipeline with a given ID.","requestBody":{"content":{"application\/json":{"schema":{"type":"object","properties":{"pipeline_id":{"type":"integer","description":"ID of the pipeline to rerun."},"project_id":{"type":"integer","description":"ID of the project to rerun all pipelines"}}}}}},"responses":{"201":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"pipeline_ids":{"type":"array","items":{"type":"integer"},"description":"The IDs of the reran pipeline(s)."}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}},"description":"Response containing the IDs of the reran pipeline(s)."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Rerun pipeline","tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/pipelines\/cancel-all":{"patch":{"description":"Cancel all running pipelines.","responses":{"200":{"content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","required":["message","ids"],"properties":{"message":{"type":"string","description":"Message indicating the number of pipelines that have been cancelled."},"ids":{"type":"array","items":{"type":"integer"},"description":"The IDs of the cancelled pipeline(s)."}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}},"description":"Response containing the IDs of the cancelled pipeline(s)."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Cancel all pipelines","tags":["Pipelines"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/pipelines\/status":{"get":{"summary":"Get global pipeline status counts","description":"Returns counts of pipeline statuses (complete, failed, in_progress, queued)","parameters":[{"name":"project_id","in":"query","description":"Filter by project id","required":false,"schema":{"type":"integer"}}],"responses":{"200":{"description":"Counts of pipelines by status","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["complete","failed","in_progress","queued"],"properties":{"complete":{"type":"integer"},"failed":{"type":"integer"},"in_progress":{"type":"integer"},"queued":{"type":"integer"},"limit":{"type":"integer"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Pipelines"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/platform":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Platform information","description":"Information about the platform, update availability, etc.","tags":["Platform"],"security":[{"bearerAuth":[]}],"parameters":[],"responses":{"200":{"description":"Platform information","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["deployment_details","instance_utilization","warnings","latest_boot","external_id"],"properties":{"instance_utilization":{"type":"object","description":"Instance utilization information","required":["disk","cpu_percent","memory"],"nullable":true,"properties":{"disk":{"description":"Disk information in GB","required":["total_space","used_space","free_space"],"type":"object","properties":{"total_space":{"type":"integer"},"used_space":{"type":"integer"},"free_space":{"type":"integer"},"raw_disk":{"type":"string"}}},"cpu_percent":{"type":"number","description":"CPU usage percentage"},"memory":{"type":"object","description":"Memory information in Mb","required":["available","total"],"properties":{"available":{"type":"number"},"total":{"type":"number"}}}}},"deployment_details":{"type":"object","description":"Platform deployment details","required":["cloud","account_id","supports_azure","supports_aws","govcloud","image_id","nfs_enabled","local_workers","secrets_manager","saas"],"properties":{"cloud":{"type":"string","description":"The cloud the platform is running in"},"account_id":{"type":"string","description":"The account where the instance is deployed","nullable":true},"supports_azure":{"type":"boolean","description":"Whether the platform supports Azure imports","nullable":true},"supports_aws":{"type":"boolean","description":"Whether the platform supports AWS imports","nullable":true},"govcloud":{"type":"boolean","description":"Is the platform running in AWS GovCloud","nullable":true},"image_id":{"type":"string","description":"The image ID of the instance","nullable":true},"nfs_enabled":{"type":"boolean","description":"Whether NFS is enabled","nullable":true},"local_workers":{"type":"boolean","description":"Whether Local Workers are enabled","nullable":true},"secrets_manager":{"type":"boolean","description":"Whether the respective cloud service secrets manager is enabled","nullable":true},"saas":{"type":"boolean","description":"Whether the system is running in SaaS"}}},"warnings":{"type":"array","description":"Any warnings that should be displayed to the user","nullable":true,"items":{"type":"object","required":["message","code"],"properties":{"message":{"type":"string","description":"The warning message"},"code":{"type":"string","description":"The warning code"}}}},"latest_boot":{"type":"number","description":"Unix timestamp of when the platform last booted","nullable":true},"external_id":{"type":"string","description":"Unique digest"},"tenant_name":{"type":"string","description":"Tenant name","nullable":true}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/platform\/logs":{"get":{"description":"Download the logs from the platform","parameters":[{"name":"size","in":"query","required":false,"schema":{"type":"any","enum":[10,25,50,"full"]}}],"responses":{"200":{"description":"Zip file with logs","content":{"application\/zip":{"schema":{"type":"string","format":"binary"}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Download platform logs","tags":["Platform"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/platform\/reboot":{"post":{"description":"Reboot the platform","parameters":[],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":[],"properties":{}}}}},"responses":{"200":{"description":"Returns the status of the reboot","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["task_id"],"properties":{"task_id":{"type":"string","description":"The task ID to track the reboot"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Reboot the platform","tags":["Platform"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/platform\/update":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Update information","description":"Get information about platform updates","tags":["Platform"],"security":[{"bearerAuth":[]}],"parameters":[],"responses":{"200":{"description":"Update information","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success","enum":["success"]},"data":{"type":"object","required":["version_info","allow_updates"],"description":"The data object containing update information","properties":{"version_info":{"type":"object","description":"Version information","required":["latest_version","latest_release_date","backend_version","backend_release_date","cado_host_version"],"properties":{"latest_version":{"type":"string","description":"The latest version of the platform"},"latest_release_date":{"type":"integer","description":"The release date of the latest version"},"backend_version":{"type":"string","description":"The current version of the platform"},"backend_release_date":{"type":"integer","description":"The release date of the current version"},"cado_host_version":{"type":"string","description":"The version of Cado Host the platform will use to perform triage and Kubernetes captures"}}},"allow_updates":{"type":"boolean","description":"Whether native updates are allowed. If deployed using Terraform, this will be False"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"description":"Manually update the platform from the remote repository","parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["image_id"],"properties":{"image_id":{"type":"string","description":"The image ID to update to"},"instance_type":{"type":"string","description":"The instance type to update to"}}}}}},"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"object","required":["task_id","is_cado_build"],"properties":{"task_id":{"type":"string","description":"The task ID to track the update"},"is_cado_build":{"type":"boolean","description":"Whether the update is a Cado build"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data"],"type":"object"}}},"description":"Task ID to track the update"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Update the platform","tags":["Platform"],"x-Required Roles":["Administrator","Platform Administrator"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/projects\/{project_id}":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get information about a specified project","description":"Get a singular project by ID","tags":["Projects"],"parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"integer"},"description":"The ID of the project to retrieve"}],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A singular project","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["id","created","alarms","evidences","details","ai_summary"],"properties":{"id":{"type":"integer","description":"Project ID"},"created":{"type":"number","description":"created date (ms since epoch)"},"alarms":{"type":"object","description":"Summary of alarms detected in this project","nullable":false,"required":["malicious","suspicious"],"properties":{"malicious":{"type":"integer"},"suspicious":{"type":"integer"}}},"evidences":{"description":"Number of evidences in this project","type":"integer"},"details":{"type":"object","description":"User editable details about the project","required":["name","description","items_identified","status"],"properties":{"name":{"type":"string","description":"Project name"},"description":{"type":"string"},"items_identified":{"type":"integer"},"status":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]},"users":{"type":"array","items":{"type":"object","required":["id","rbac_role","username","login_type","display_name"],"$ref":"#\/components\/schemas\/user_schema"}},"groups":{"type":"array","items":{"type":"object","required":["name","id"],"properties":{"id":{"type":"integer"},"name":{"type":"string"},"users":{"type":"array","items":{"type":"object","required":["username"],"properties":{"username":{"type":"string"}}}},"accounts":{"type":"array","items":{"type":"object","required":["cloud_id"],"properties":{"cloud_id":{"type":"string"},"provider":{"type":"string"}}}}}}},"ioc":{"type":"object","required":["custom_data"],"properties":{"custom_data":{"type":"object","properties":{"user_input":{"type":"string"}}}},"description":"Project-specific custom IOCs"}}},"ai_summary":{"type":"string","nullable":true,"description":"Cado AI generated summary of the project"},"last_acquisition":{"type":"number","description":"last acquisition date (ms since epoch)"},"unique_sources":{"type":"array","items":{"type":"string"},"description":"List of unique sources for this project"},"last_update":{"type":"number","description":"Last status update"},"scan_rule_count":{"type":"integer","description":"associated scheduled scan count"}}}}}}}}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Update a project","description":"Update a project","tags":["Projects"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"integer"},"description":"The ID of the project to update"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"case_name":{"type":"string","minLength":1,"maxLength":80,"description":"The name of the project"},"description":{"type":"string","description":"Project description"},"items_identified":{"type":"integer","description":"Number of items identified in project"},"status":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"],"description":"Status of the project"},"users":{"type":"array","items":{"type":"object","properties":{"username":{"type":"string","description":"The name of an individual user"}}},"description":"A list of users to add to the project"},"groups":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of a group"}}},"description":"A list of groups to add to the project"},"ioc":{"type":"string","description":"Custom ioc rules"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated project","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"project_id":{"type":"integer","description":"The ID of the updated project."}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}}}}}},"\/api\/v3\/projects":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"List projects","description":"List projects visible to the current user","tags":["Projects"],"parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return, ordered by created desc."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page, ordered by created desc."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["created","-created","name","-name","status","-status","id","-id","malicious","-malicious","suspicious","-suspicious","evidences","-evidences","items_identified","-items_identified","description","-description","ai_summary","-ai_summary","last_acquisition","-last_acquisition"],"default":"-created"}},{"name":"status","description":"Filter by project status","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]}}},{"name":"name","description":"Filter by project name","in":"query","required":false,"schema":{"type":"string"}},{"name":"created_start_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"Filter by the created timestamp (s) starting from this time"},{"name":"created_end_timestamp","in":"query","required":false,"schema":{"type":"number"},"description":"Filter by the created timestamp (s) end from this time"},{"name":"get_alarm_summary","in":"query","required":false,"schema":{"type":"boolean"},"description":"Get alarm summary for each project"},{"name":"project_id","in":"query","required":false,"schema":{"type":"array","items":{"type":"integer"}},"description":"Filter by the project_id"}],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of projects","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","required":["id","created","evidences","details","ai_summary"],"properties":{"id":{"type":"integer","description":"Project ID"},"created":{"type":"number","description":"created date (ms since epoch)"},"alarms":{"type":"object","description":"Summary of alarms detected in this project","nullable":false,"required":["malicious","suspicious"],"properties":{"malicious":{"type":"integer"},"suspicious":{"type":"integer"}}},"evidences":{"description":"Number of evidences in this project","type":"integer"},"details":{"type":"object","description":"User editable details about the project","required":["name","description","items_identified","status"],"properties":{"name":{"type":"string","description":"Project name"},"description":{"type":"string"},"items_identified":{"type":"integer"},"status":{"type":"string","enum":["Collection & Analysis","Containment","Eradication","Recovery","Post incident activity","Closed","Archived"]}}},"ai_summary":{"type":"string","nullable":true,"description":"Cado AI generated summary of the project"},"last_acquisition":{"type":"number","description":"last acquisition date (ms since epoch)"},"last_update":{"type":"number","description":"last status update"},"scan_rule_count":{"type":"integer","description":"associated scheduled scan count"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Create a new project","description":"Create a new project","tags":["Projects"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["case_name"],"properties":{"case_name":{"type":"string","minLength":1,"maxLength":80,"description":"The name of the new project"},"description":{"type":"string","description":"Project description"},"users":{"type":"array","items":{"type":"object","properties":{"username":{"type":"string","description":"The name of an individual user"}}},"description":"A list of users to add to the project"},"groups":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of a group"}}},"description":"A list of groups to add to the project"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"New project details","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"description":"The new project details","type":"object","required":["message","id"],"properties":{"message":{"type":"string","description":"The message indicating the project has been created"},"id":{"type":"integer","description":"The id of the new project"}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Delete a project","description":"Delete a project.","tags":["Projects"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["investigation_ids"],"description":"Payload for bulk removing projects","properties":{"investigation_ids":{"type":"array","description":"A selection of project IDs to bulk delete","items":{"type":"integer","description":"The ID of an project"}}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted investigations","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}}},"\/api\/v3\/settings\/proxy-test":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Test proxy connectivity","description":"Validate a potential change to the proxy settings for the platform.","tags":["Proxy Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"required":["proxy_url"],"properties":{"proxy_url":{"type":"string","description":"Proxy URL including protocol, hostname and port. Supports http and https.","example":"https:\/\/user:pass@proxy.server.com:12345"},"proxy_cert_url":{"type":"string","description":"Optional URL whose hostname:port will be used to fetch a TLS server certificate","example":"https:\/\/proxy.cert.server.com:12345"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Proxy test succeeded.","content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response.","enum":["success"],"default":"success"},"data":{"type":"object","additionalProperties":false,"required":["msg"],"properties":{"msg":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","example":"Successfully connected to https:\/\/console.aws.amazon.com\/ through proxy"}}}}}}}}}}},"\/api\/v3\/release-notes":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"List release note versions","description":"Returns a list of SaaS versions with release notes, newest first.","tags":["ReleaseNotes"],"parameters":[],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of release note versions.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["versions"],"properties":{"versions":{"type":"array","description":"List of version strings, newest first.","items":{"type":"string"}}}}}}}}}}}},"\/api\/v3\/release-notes\/{version}":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get release notes for a version","description":"Returns the release notes content for a specific SaaS version.","tags":["ReleaseNotes"],"parameters":[{"name":"version","in":"path","required":true,"schema":{"type":"string"},"description":"The SaaS version to get release notes for."}],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Release notes for the specified version.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["version","content"],"properties":{"version":{"type":"string","description":"The version string."},"content":{"type":"string","description":"The release notes content."}}}}}}}}}}},"\/api\/v3\/remote-actions\/run-script":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst"],"summary":"Run a Saved Script on a SSM enabled EC2 instance","description":"Run a Saved Script on a SSM enabled EC2 instance.","tags":["Remote Actions"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["script_id","cloud_id","project_id","instance_id","region"],"properties":{"script_id":{"type":"integer","description":"The ID of the script to be run on the EC2 via SSM."},"cloud_id":{"type":"string","description":"AWS Credentials Alias."},"project_id":{"type":"integer","description":"Cado Project ID."},"region":{"type":"string","description":"AWS Region of the EC2."},"instance_id":{"type":"string","description":"EC2 Instance ID."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A new pipeline object is returned, indicating a successful kick-off of a pipeline. You can see the <a href=\"#\">Pipeline API<\/a> documentation for information on getting details about this pipeline.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data containing the new pipeline ID.","schema":null,"required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The numerical ID assigned to the pipeline."}}}}}}}}}}},"\/api\/v3\/roles":{"get":{"description":"Retrieve a list of roles available on the platform.","security":[{"bearerAuth":[]}],"summary":"List of roles","tags":["Roles"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."}],"responses":{"200":{"description":"List of roles","content":{"application\/json":{"schema":{"required":["status","data","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","enum":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst","Darktrace"],"description":"The name of the role."},"permissions":{"type":"array","items":{"type":"string"},"description":"The permissions associated with the role."}},"required":["name","permissions"]},"description":"List of roles"},"pagination":{"$ref":"#\/components\/schemas\/pagination","required":["total_records","current_page","total_pages","type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/roles\/permissions_matrix":{"get":{"description":"Retrieve a list of apis and endpoint information","security":[{"bearerAuth":[]}],"summary":"List of apis endpoint access","tags":["Roles"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","parameters":[],"responses":{"200":{"description":"List of apis endpoint access","content":{"application\/json":{"schema":{"required":["status","data","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["group_name","endpoint_meta"],"properties":{"group_name":{"type":"string"},"endpoint_meta":{"type":"array","items":{"type":"object","properties":{"endpoint_description":{"type":"string","description":"Describe what the endpoint achieves i.e update user"},"access_granted":{"type":"array","items":{"type":"string"},"description":"A list of roles granted permission to access endpoint"},"access_denied":{"type":"array","items":{"type":"string"},"description":"A list of roles denied permission to access endpoint"}},"required":["endpoint_description","access_granted","access_denied"]}}}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/schedule\/scans":{"post":{"summary":"Create a new Scheduled Scan rule","description":"Create a new Scheduled Scan rule which will automate scanning of cloud resources","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Scheduled Scans"],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","accounts","tags"],"properties":{"name":{"type":"string","description":"The name of the Scheduled Scan Rule being created."},"finish_date":{"description":"The date where the rule will automatically be disabled. This should be in Unix Epoch format.","type":"number"},"accounts":{"type":"array","description":"An updated list of account names to be associated with the Scheduled Scan Rule.","items":{"type":"string"}},"tags":{"type":"array","description":"The tags used to filter for resources","items":{"type":"object","required":["key"],"properties":{"key":{"type":"string","description":"The key of the tag"},"value":{"type":"string","description":"The value of the tag used to filter for resources"}}}}}}}}},"responses":{"200":{"description":"The resource ID of the Scheduled Scan Rule created.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned containing the resource ID of the Scheduled Scan Rule created.","schema":null,"required":["scheduled_scan_rule_id"],"properties":{"scheduled_scan_rule_id":{"type":"integer","description":"The resource ID of the Scheduled Scan Rule created."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"get":{"summary":"Get all scheduled scan rules","description":"Get all scheduled scan rules","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Scheduled Scans"],"parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of rule results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":50},"description":"How many rule results per page."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["id","investigation_id","investigation_name","name","enabled","created","schedule","next_run"],"properties":{"id":{"type":"integer","description":"ID of a Scheduled Scan Rule"},"investigation_id":{"type":"integer","description":"Investigation ID of a Scheduled Scan Rule"},"investigation_name":{"type":"string","description":"Name of the Investigation for the Scheduled Scan Rule"},"name":{"type":"string","description":"Name of the Scheduled Scan Rule"},"enabled":{"type":"boolean","description":"Bool to signify if a Scheduled Scan Rule is enabled or not"},"created":{"type":"number","description":"Date the Scheduled Scan Rule was created"},"schedule":{"type":"string","description":"The schedule that the rule runs"},"finish_date":{"type":"number","description":"The date when the Scheduled Scan Rule will expire"},"last_run":{"type":"number","description":"Date of last run of the Scheduled Scan Rule"},"next_run":{"type":"number","description":"Date of next run of the Scheduled Scan Rule"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of scan rule items"},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/schedule\/scans\/{scan_rule_id}":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Delete a Scheduled Scan Rule","description":"Retrieve a Scheduled Scan Rule corresponding to the provided Scheduled Scan Rule ID.","tags":["Scheduled Scans"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"scan_rule_id","in":"path","required":true,"description":"ID of the Scheduled Scan Rule.","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A scan rule entry.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","required":["id","investigation_id","investigation_name","name","enabled","created","schedule","next_run"],"properties":{"id":{"type":"integer","description":"ID of a Scheduled Scan Rule"},"investigation_id":{"type":"integer","description":"Investigation ID of a Scheduled Scan Rule"},"investigation_name":{"type":"string","description":"Name of the Investigation for the Scheduled Scan Rule"},"name":{"type":"string","description":"Name of the Scheduled Scan Rule"},"enabled":{"type":"boolean","description":"Bool to signify if a Scheduled Scan Rule is enabled or not"},"created":{"type":"number","description":"Date the Scheduled Scan Rule was created"},"schedule":{"type":"string","description":"The schedule that the rule runs"},"finish_date":{"type":"number","description":"The date when the Scheduled Scan Rule will expire"},"last_run":{"type":"number","description":"Date of last run of the Scheduled Scan Rule"},"next_run":{"type":"number","description":"Date of next run of the Scheduled Scan Rule"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Delete a Scheduled Scan Rule","description":"Delete a Scheduled Scan Rule corresponding to the provided Scheduled Scan Rule ID.","tags":["Scheduled Scans"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"scan_rule_id","in":"path","required":true,"description":"ID of the Scheduled Scan Rule to delete.","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted Scheduled Scan Rule.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Update a Scheduled Scan Rule","description":"Update a Scheduled Scan Rule.","tags":["Scheduled Scans"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"scan_rule_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the Scheduled Scans Rule to be modified."}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"required":["enabled"],"type":"object","properties":{"enabled":{"type":"boolean","description":"bool to signify if a Scheduled Scans Rule is enabled or not"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Details of the updated Scheduled Scans Rule.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["id","investigation_id name","enabled","created","schedule","next_run"],"properties":{"id":{"type":"integer","description":"ID of a Scheduled Scan Rule"},"investigation_id":{"type":"integer","description":"Investigation ID of a Scheduled Scan Rule"},"name":{"type":"string","description":"Name of the Scheduled Scan Rule"},"enabled":{"type":"boolean","description":"Bool to signify if a Scheduled Scan Rule is enabled or not"},"created":{"type":"number","description":"Date the Scheduled Scan Rule was created"},"schedule":{"type":"string","description":"The schedule that the rule runs"},"finish_date":{"type":"number","description":"The date when the Scheduled Scan Rule will expire"},"last_run":{"type":"number","description":"Date of last run of the Scheduled Scan Rule"},"next_run":{"type":"number","description":"Date of next run of the Scheduled Scan Rule"}}}}}}}}}}},"\/api\/v3\/schedule\/scans\/runs":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Retrieve Run information for a given Scan Rule","description":"Retrieve Run information for a given Scan Rule","tags":["Scheduled Scans"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"scan_rule_id","in":"query","required":true,"schema":{"type":"integer"},"description":"ID of the Scheduled Scans Rule to retrieve pipeline information for."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of rule results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":50},"description":"How many rule results per page."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A list of pipeline information (runs) for the provided Scan Rule","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"array","description":"A list of runs for the provided Scan Rule","items":{"type":"object","required":["kick_off_pipeline_id","kick_off_datetime"],"properties":{"kick_off_pipeline_id":{"type":"integer","description":"The kick-off pipeline ID for the Scan run"},"kick_off_datetime":{"type":"number","description":"The start time of the Scheduled Scan run"}}}}}}}}}}},"post":{"summary":"Start a manual run for a Scan Rule","description":"Manually kicks off a run for a Scan Rule if one is not currently running.","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Scheduled Scans"],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["scan_rule_id"],"properties":{"scan_rule_id":{"type":"integer","description":"The ID of the Scan Rule."}}}}}},"responses":{"200":{"description":"Pipeline information of the kicked off Scan Rule run.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"An object containing information of the manually run kick off pipeline.","schema":null,"required":["kick_off_pipeline_id"],"properties":{"kick_off_pipeline_id":{"type":"integer","description":"The pipeline ID of the manually run Scan Rule."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/settings\/nfs":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Update NFS settings","description":"Update NFS settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","oneOf":[{"required":["aws_nfs_config"]},{"required":["gcp_nfs_config"]},{"required":["azure_nfs_config"]}],"properties":{"aws_nfs_config":{"type":"object","description":"AWS NFS settings.","properties":{"efs_ip":{"type":"string","description":"The IP address of the NFS server."},"efs_filesystem_id":{"type":"string","description":"The file system ID of the NFS server."},"efs_accesspoint_id":{"type":"string","description":"The access point ID of the NFS server."}}},"gcp_nfs_config":{"type":"object","description":"GCP NFS settings.","required":["filestore_ip","filestore_name"],"properties":{"filestore_ip":{"type":"string","description":"The IP address of the NFS server."},"filestore_name":{"type":"string","description":"The NFS server name."}}},"azure_nfs_config":{"type":"object","description":"Azure NFS settings.","required":["azure_storage_name","azure_storage_share"],"properties":{"azure_storage_name":{"type":"string","description":"The storage account name of the NFS server."},"azure_storage_share":{"type":"string","description":"The storage share name of the NFS server."}}}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response indicating the NFS was successfully mounted.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Any supporting data returned by the API that can help with further troubleshooting.","properties":{"task_id":{"type":"string","description":"The task ID to track the update"}}}}}}}}}}},"\/api\/v3\/settings":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Update settings","description":"Update settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/settings_schema"}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response indicating settings have successfully been applied","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"},"data":{"type":"object","description":"Any supporting data returned by the API that can help with further troubleshooting.","required":["message"],"properties":{"message":{"type":"string","description":"A description of the state of local worker mode."}}}}}}}}}},"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get settings","description":"Get settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"oauth_provider","in":"query","required":false,"schema":{"type":"string","enum":["microsoft","okta"]}},{"name":"saml_provider","in":"query","required":false,"schema":{"type":"string","enum":["okta","ping"]}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response returning requested settings values.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"},"data":{"type":"object","$ref":"#\/components\/schemas\/settings_schema"}}}}}}}}},"\/api\/v3\/settings\/sso-test":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Test SSO settings","description":"Test SSO settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["sso_flow","provider","configuration","enabled"],"properties":{"sso_flow":{"type":"string","enum":["oauth","saml"],"description":"SSO type"},"provider":{"type":"string","description":"SSO provider"},"enabled":{"type":"boolean","description":"Enable SSO"},"configuration":{"type":"object","description":"Configuration settings for the given provider","oneOf":[{"type":"object","title":"OAuth Configuration","description":"SSO OAuth Settings.","required":["client_secret","client_id","tenant_id","admin_group","current_base_url"],"properties":{"client_secret":{"type":"string","description":"The OAuth client secret"},"client_id":{"type":"string","description":"The OAuth client id"},"tenant_id":{"type":"string","description":"The OAuth tenant id"},"current_base_url":{"type":"string","description":"The current base URL"},"admin_group":{"type":"string","description":"The name of the OAuth admin group"}}},{"type":"object","title":"SAML Configuration","description":"SSO SAML Settings.","required":["idp_entity_id","idp_sso_url","idp_x509cert","sp_entity_id","sp_acs_url","admin_group"],"properties":{"idp_entity_id":{"type":"string","description":"The IDP entity id"},"idp_sso_url":{"type":"string","description":"The IDP SSO URL"},"idp_x509cert":{"type":"string","description":"The SAML provider x509 cert"},"sp_entity_id":{"type":"string","description":"The SAML provider entity id"},"sp_acs_url":{"type":"string","description":"The SAML provider ACS URL"},"admin_group":{"type":"string","description":"The name of the SAML admin group"}}}]}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response successful SSO settings","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Any supporting data returned by the API that can help with further troubleshooting.","properties":{"provider":{"type":"string","description":"SSO provider"},"redirect_url":{"type":"string","description":"Redirect URL"}}}}}}}}}}},"\/api\/v3\/settings\/scripts":{"get":{"summary":"Get a list of scripts that can be executed on SSM enabled devices","description":"Retrieve a list of scripts that can be executed on SSM enabled devices, either get all or can search based on name and operating system.","parameters":[{"name":"name","in":"query","description":"The name of the script to search for.","required":false,"schema":{"type":"string"}},{"name":"operating_system","in":"query","description":"The operating system of the device that the script will be run on.","required":false,"schema":{"type":"string"}},{"name":"page","in":"query","required":false,"description":"The page number to get notifications for","schema":{"type":"integer","default":1}},{"name":"per_page","in":"query","required":false,"description":"The number of notifications to get per page","schema":{"type":"integer","default":10}}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A script that can be executed on SSM enabled devices.","required":["id","name","description","os","script_input_uri","script_output_uri","created_datetime","updated_datetime"],"properties":{"id":{"type":"integer","description":"The resource ID for the script."},"name":{"type":"string","description":"The name of the script."},"description":{"type":"string","description":"A description of the script."},"os":{"type":"string","description":"The operating system of the device that the script will be run on.","enum":["linux","windows"]},"script_input_uri":{"type":"string","description":"The value of the script IO input. This should be a S3 URI of where to download from. Should be identified in the script using ${INPUT}."},"script_output_uri":{"type":"string","description":"The value of the script IO output. This should be a path in the S3 Cado default bucket. Should be identified in the script using ${OUTPUT}.","example":"\/folder\/filename"},"created_datetime":{"type":"number","description":"The timestamp of when the script was created."},"updated_datetime":{"type":"number","description":"The timestamp of when the script was last updated."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":"A reponse indicating that scripts have been successfully retrieved."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Settings"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta"},"post":{"summary":"Create a new script to be executed on SSM enabled devices","description":"Create a new script which will be run on SSM enabled devices. A script can have \"input\" or \"output\" variables associated with it which will specify where to copy from, or copy files to respectively. Returns the resource ID of the created script.","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"tags":["Settings"],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","description","os","script"],"properties":{"name":{"type":"string","description":"The name of script being created."},"description":{"type":"string","description":"A brief description of the script being created."},"os":{"type":"string","description":"The operating system of the device that the script will be run on. This can have a value of \"linux\" or \"windows\".","default":"linux","enum":["linux","windows"]},"script":{"type":"string","description":"The contents of the script being created."},"script_input_uri":{"type":"string","description":"The value of the script IO input. This should be a S3 URI of where to download from. Should be identified in the script using ${INPUT}."},"script_output_uri":{"type":"string","description":"The value of the script IO output. This should be a path in the S3 Cado default bucket. Should be identified in the script using ${OUTPUT}.","example":"\/folder\/filename"}}}}}},"responses":{"200":{"description":"The resource ID of the script created.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"The data returned containing the resource ID of the script created.","schema":null,"required":["script_id"],"properties":{"script_id":{"type":"integer","description":"The resource ID of the script created."}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/settings\/scripts\/{script_id}":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Get in-depth script information","description":"Get in-depth script information by its ID.","tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"script_id","in":"path","required":true,"description":"ID of the script being queried.","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully retrieved script.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"data":{"type":"object","description":"Detailed information on the script being queried.","required":["id","name","description","os","script","script_input_uri","script_output_uri","created_datetime","updated_datetime"],"properties":{"id":{"type":"integer","description":"The resource ID for the script."},"name":{"type":"string","description":"The name of the script."},"description":{"type":"string","description":"A brief description of the script."},"os":{"type":"string","description":"The operating system of the device that the script will be run on.","enum":["linux","windows"]},"script":{"type":"string","description":"The contents of the script."},"script_input_uri":{"type":"string","description":"The value of the script IO input. This should be a S3 URI of where to download from. Should be identified in the script using ${INPUT}."},"script_output_uri":{"type":"string","description":"The value of the script IO output. This should be a path in the S3 Cado default bucket. Should be identified in the script using ${OUTPUT}.","example":"\/folder\/filename"},"created_datetime":{"type":"number","description":"The timestamp of when the script was created."},"updated_datetime":{"type":"number","description":"The timestamp of when the script was last updated."}}},"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}},"patch":{"summary":"Update a script","description":"Update an existing script which will be run on SSM-enabled devices. A script can have \"input\" or \"output\" variables associated with it which will specify where to copy from, or copy files to respectively. Returns details of the updated script.","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"script_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the script you want to update."}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"The name of script."},"description":{"type":"string","description":"A brief description of the script."},"script":{"type":"string","description":"The contents of the script."},"script_input_uri":{"type":"string","description":"The value of the script IO input. This should be a S3 URI of where to download from. Should be identified in the script using ${INPUT}."},"script_output_uri":{"type":"string","description":"The value of the script IO output. This should be a path in the S3 Cado default bucket. Should be identified in the script using ${OUTPUT}.","example":"\/folder\/filename"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated the script.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The data being returned containing details of the updated script.","required":["id","name","description","os","script","script_input_uri","script_output_uri"],"properties":{"id":{"type":"integer","description":"The ID of the updated script."},"name":{"type":"string","description":"The name of the updated script."},"description":{"type":"string","description":"A brief description of the updated script."},"os":{"type":"string","description":"The operating system of the device that the updated script will be run on. This can have a value of \"linux\" or \"windows\".","default":"linux","enum":["linux","windows"]},"script":{"type":"string","description":"The contents of the updated script."},"script_input_uri":{"type":"string","description":"The value of the script IO input. This should be a S3 URI of where to download from. Should be identified in the script using ${INPUT}."},"script_output_uri":{"type":"string","description":"The value of the script IO output. This should be a path in the S3 Cado default bucket. Should be identified in the script using ${OUTPUT}.","example":"\/folder\/filename"}}}}}}}}}},"delete":{"summary":"Delete a script from the scripts library","description":"Delete a script from the scripts library.","x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"tags":["Settings"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"script_id","in":"path","required":true,"description":"ID of the script to delete.","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted script","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}}},"\/api\/v3\/settings\/secrets_manager":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Update Secrets Manager settings","description":"Update Secrets Manager settings.","tags":["Settings"],"security":[{"bearerAuth":[]}],"requestBody":{"required":false,"content":{"application\/json":{"schema":{"type":"object","properties":{"keyvault_uri":{"type":"string","description":"The Key Vault name to be used as the Secrets Manager - Azure only"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"A response indicating that Secrets Manager was successfully updated.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Any supporting data returned by the API that can help with further troubleshooting.","required":["message"],"properties":{"message":{"type":"string","description":"A description of the state of the Secrets Manager."}}}}}}}}}}},"\/api\/v3\/support\/{id}":{"get":{"description":"Get the ticket url for a raised pipeline by ID.","parameters":[{"description":"Pipeline ID to retrieve ticket url for.","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"description":"If previously raised a ticket about this pipeline","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","properties":{"ticket_url":{"type":"string","description":"The url of the ticket raised"}}},"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get pipeline ticket url","tags":["Support"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/support":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Raise a support ticket","description":"Raise a support ticket","tags":["Support"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"Selected pipeline to raise a ticket about"},"comment":{"type":"string","description":"optional comment about the pipeline"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"DT support portal ticket url","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["ticket_id"],"description":"The data object containing the status of the upload","properties":{"ticket_id":{"type":"string","description":"The ticket identifier created"},"requester_exists":{"type":"boolean","description":"If the requester exists"}}}}}}}}}},"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Number of tickets previously raised","description":"Number of tickets previously raised","tags":["Support"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Count of previously raised pipeline tickets","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["count"],"properties":{"count":{"type":"integer"}}}}}}}}}}},"\/api\/v3\/system\/status":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Get system status","description":"Information about the system","tags":["System"],"security":[{"bearerAuth":[]}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated notification","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["status","status_message","is_installing","setup_complete"],"description":"The data object containing the status of the system","properties":{"status":{"type":"string","description":"The status of the system i.e upgrading, running, etc."},"status_message":{"type":"string","description":"A message describing the status of the system"},"is_installing":{"type":"boolean","description":"A boolean value indicating if the system is currently installing\/updating"},"setup_complete":{"type":"boolean","description":"Has the initial setup been completed"}}}}}}}}}}},"\/api\/v3\/system\/upload_logs":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Uploading logs","description":"Upload logs to Cado bucket","tags":["System"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":[],"properties":{}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Uploading logs has been initiated","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["status","status_message","task_id"],"description":"The data object containing the status of the upload","properties":{"status":{"type":"string","description":"The status type of the upload i.e warning as the upload is in progress"},"status_message":{"type":"string","description":"A message describing that the upload is in progress"},"task_id":{"type":"string","description":"The task ID to track the upload"}}}}}}}}}}},"\/api\/v3\/system\/healthcheck":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Trigger healthcheck","description":"Trigger a healthcheck","tags":["System"],"security":[{"bearerAuth":[]}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":[],"properties":{}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Healthcheck pipeline has been created","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","required":["pipeline_id"],"properties":{"pipeline_id":{"type":"integer","description":"The pipeline ID of the healthcheck pipeline"}}}}}}}}}}},"\/api\/v3\/timeline\/recent_queries":{"get":{"summary":"Get a users recent queries","description":"Get a users recent queries.","security":[{"bearerAuth":[]}],"tags":["Recent Queries"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"investigation_id","in":"query","schema":{"type":"integer"},"required":true,"example":1}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of recent queries performed by the user.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"Recent queries and number of times they were called","example":{"alarm_severity:[1 TO 3]":"5","(alarm_severity:1)  AND alarm_description: \"*php_backdoor*\"":"1"}}}}}}}}},"delete":{"tags":["Recent Queries"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","security":[{"bearerAuth":[]}],"summary":"Delete a recent search","description":"Deletes a recent search from a given input_string","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["input_string","investigation_id"],"properties":{"input_string":{"type":"string","example":"alarm_severity:[1 TO 3]"},"investigation_id":{"type":"integer","example":1}}}}}},"responses":{"200":{"description":"Object of recent searches and amount of times searched","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/timeline":{"get":{"summary":"Get a list of timeline events","description":"Get all facet data available to the current user","parameters":[{"name":"project_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"search_text","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by logic timeline search query."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the desired results page."},{"name":"ignore_cache","in":"query","required":false,"description":"Boolean to say whether or not to not cache the recent search query","schema":{"type":"boolean","default":false}},{"name":"auto_investigate","in":"query","required":false,"description":"Boolean to say whether or not to get the automated investigation timeline results","schema":{"type":"boolean","default":false}},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":100},"description":"The amount of items to be given per page. If left blank, the default will be 100."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["timestamp","-timestamp"],"default":"timestamp"},"description":"How results should be ordered"}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A timeline event object","required":["evidence_id","filename","id","short","source","sourcetype","timestamp","type"],"properties":{"alarm_information":{"type":"array","items":{"type":"object","required":["description","severity","attack"],"properties":{"description":{"type":"string"},"severity":{"type":"integer"},"attack":{"type":"array","items":{"type":"string"}},"extra":{"type":"array","items":{"type":"object","properties":{"identifier":{"type":"string"},"match":{"type":"string"},"offset":{"type":"string"}}}}}}},"attribute_name":{"type":"string","description":"The name of the attribute associated with the event."},"auto_investigate_score":{"type":"number","description":"The auto-investigate score of the event."},"auto_investigate_insights":{"type":"array","items":{"type":"object","properties":{"insight_type":{"type":"string","enum":["timestamp","user","host","filename"]},"linked_event_id":{"type":"string"},"linked_event_artifact":{"type":"string"},"linked_event_severity":{"type":"string"},"linked_event_score":{"type":"number"}},"description":"object containing info about linked event."},"description":"list of linked events contributing to ai score."},"evidence_id":{"type":"integer","description":"The id of the evidence associated with the event."},"evidence_name":{"type":"string","description":"The name of the evidence associated with the event."},"extra":{"type":"string","description":"Extra information about the event."},"executed_process":{"type":"string","description":"The executed process associated with the event."},"filename":{"type":"string","description":"Filename associated with the event."},"first_day":{"type":"boolean","description":"Has the event been seen before?"},"format":{"type":"string","description":"The format associated with the event."},"host":{"type":"string","description":"The host assocaited with the event."},"id":{"type":"string","description":"The id of the event."},"index_id":{"type":"integer","description":"The id of the elasticsearch index."},"inode":{"type":"string","description":"The inode associated with the event."},"is_folder":{"type":"boolean","description":"Is the event associated with a folder?"},"macb":{"type":"string","description":"The macb associated with the event."},"notes":{"oneOf":[{"type":"string"},{"type":"array","items":{"type":"object","description":"A single notes information associated with the event."}}],"description":"Notes information associated with the event."},"query_suggestions":{"type":"array","items":{"type":"object","description":"A single timeline query suggestion for the event."},"description":"Timeline query suggestions for the event."},"sha256":{"type":"string","description":"A hash associated with the event."},"short":{"type":"string","description":"The summary of the event."},"source":{"type":"string","description":"The source of the event."},"sourcetype":{"type":"string","description":"The source type of the event."},"super_short":{"type":"string","description":"The shorter summary of the event."},"tag":{"type":"string","description":"The tags assocaited with the event."},"timestamp":{"type":"number","description":"The unix timestamp of the event."},"type":{"type":"string","description":"The type of the event."},"user":{"type":"string","description":"The username associated with the event."},"file_size":{"type":"integer","description":"The file size associated with the file."},"uid":{"type":"string","description":"The user id associated with the file."},"gid":{"type":"string","description":"The group id associated with the file."},"file_access":{"type":"string","description":"The file access mode."},"num_of_links":{"type":"integer","description":"The number of links associated with the file."}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"per_page":{"description":"The number of records per page","type":"integer"},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."},"total_records":{"type":"integer","description":"The total number of records that can be paged over"}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":""},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Timeline"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/timeline\/date_histogram":{"get":{"summary":"Get automated date histogram for timeline data","description":"Get automated date histogram for timeline data.","parameters":[{"name":"project_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"search_text","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by logic timeline search query."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["time_interval","start_timestamp","suspicious_event_count","malicious_event_count","starred_event_count","commented_event_count","detection_sources","total_event_count","total_alert_count"],"properties":{"time_interval":{"type":"string","description":"Indicates the time interval bucket."},"start_timestamp":{"type":"number","description":"Timestamp value specifying start time of the bucket."},"total_event_count":{"type":"integer","description":"Count of all events in bucket."},"suspicious_event_count":{"type":"integer","description":"Count of suspicious events in bucket."},"malicious_event_count":{"type":"integer","description":"Count of malicious events in bucket."},"starred_event_count":{"type":"integer","description":"Count of starred starred events in bucket."},"commented_event_count":{"type":"integer","description":"Count of commented events in bucket."},"total_alert_count":{"type":"integer","default":0,"description":"Count of all alerts in bucket."},"detection_sources":{"type":"object","required":["crowdstrike_alert_count","guardduty_alert_count","defender_alert_count","wiz_alert_count"],"properties":{"crowdstrike_alert_count":{"type":"integer","default":0,"description":"Count of crowdstrike alerts in bucket."},"guardduty_alert_count":{"type":"integer","default":0,"description":"Count of guardduty alerts in bucket."},"defender_alert_count":{"type":"integer","default":0,"description":"Count of defender alerts in bucket."},"wiz_alert_count":{"type":"integer","default":0,"description":"Count of wiz alerts in bucket."}},"description":"Dictionary of detection sources and counts for events in this bucket."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","pagination","data"],"type":"object"}}},"description":"List of timeline data histogram buckets for the time range"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"tags":["Timeline"],"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"]}},"\/api\/v3\/timeline\/export":{"get":{"description":"Export timeline results","parameters":[{"name":"project_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"search_text","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by logic timeline search query."},{"name":"ignore_cache","in":"query","required":false,"description":"Boolean to say whether or not to not cache the recent search query","schema":{"type":"boolean","default":false}}],"responses":{"200":{"description":"Export data in csv format","content":{"text\/csv":{"schema":{"type":"string"}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Export events to csv","tags":["Timeline"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/timeline\/facets":{"get":{"description":"Get paginated facet data available to the current user","parameters":[{"name":"project_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"facet_field","in":"query","required":true,"schema":{"type":"string","enum":["evidence_id","alarm_severity","is_starred","has_comment","source_hostname","destination_hostname","executed_process","user","filename","sourcetype","source","macb","tag","event_id","type","host","format","alarm_description","alarm_attack","auto_investigate_score","day"]},"description":"The facet field to retrieve counts for."},{"name":"search_text","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by logic timeline search query."},{"name":"cursor","in":"query","required":false,"schema":{"type":"string"},"description":"The pointer to the desired results page."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":100},"description":"The amount of items to be given per page. If left blank, the default will be 100."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","description":"A timeline facet object","required":["value","count"],"properties":{"value":{"type":"string","description":"unique facet value"},"count":{"type":"integer","description":"total count of facet value"},"extra":{"type":"object","description":"additional data for the facet"}}}},"pagination":{"type":"object","properties":{"type":{"type":"string","enum":["cursor"],"default":"cursor","description":"A string indicating the type of pagination supported by the API. In this context, the value will be \"cursor\"."},"per_page":{"description":"The number of records per page","type":"integer"},"current_token":{"type":"string","description":"A string representing the pointer to this current page."},"next_token":{"type":"string","description":"A string representing a cursor to the next page. Use this in place of the `cursor` attribute to get the next page."},"previous_token":{"type":"string","description":"A string representing a cursor to the previous page. Use this in place of the `cursor` attribute to get the previous page."},"total_records":{"type":"integer","description":"The total number of records that can be paged over"}},"required":["type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status","pagination"],"type":"object"}}},"description":"List of logic timeline facet data"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List facet data","tags":["Timeline"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/timeline\/facets\/counts":{"get":{"description":"Get facet count data.","parameters":[{"name":"project_id","in":"query","required":true,"schema":{"type":"integer"},"description":"Filter by project id."},{"name":"search_text","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by timeline search query."}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"object","description":"Facet counts object.","required":["macb","source","sourcetype","filename","event_id","evidence_id"],"properties":{"macb":{"type":"integer"},"tag":{"type":"integer"},"source":{"type":"integer"},"sourcetype":{"type":"integer"},"source_hostname":{"type":"integer"},"destination_hostname":{"type":"integer"},"filename":{"type":"integer"},"event_id":{"type":"integer"},"evidence_id":{"type":"integer"},"user":{"type":"integer"},"executed_process":{"type":"integer"},"is_starred":{"type":"integer"},"informational":{"type":"integer"},"malicious":{"type":"integer"},"suspicious":{"type":"integer"},"has_comment":{"type":"integer"},"detection":{"type":"integer"},"auto_investigate_score":{"type":"integer"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["data","status"],"type":"object"}}},"description":"Timeline facet count data."},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List facet data","tags":["Timeline"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/timeline\/saved_queries":{"get":{"description":"Get a list of all saved queries.","security":[{"bearerAuth":[]}],"summary":"Get a list of all saved queries","tags":["Timeline"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"group_id","in":"query","schema":{"type":"integer"},"required":false},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of saved query results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id"],"default":"-id"},"description":"How results should be ordered"}],"responses":{"200":{"description":"List of saved queries.","content":{"application\/json":{"schema":{"required":["status","data","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["id","query_name","query_text","group_id","description"],"properties":{"id":{"type":"integer","description":"The ID of the saved query."},"query_name":{"type":"string","description":"The name of the saved query."},"query_text":{"type":"string","description":"The text of the saved query."},"group_id":{"type":"integer","description":"The id of the group that the saved query is associated with."},"description":{"type":"string","description":"The description of the saved query."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Create new saved timeline query","description":"Create new saved timeline query.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["query_name","query_text","group_id"],"properties":{"query_name":{"type":"string","description":"The name of the saved query."},"query_text":{"type":"string","description":"The text of the saved query."},"group_id":{"type":"integer","description":"The id of the group that the saved query is associated with."},"description":{"type":"string","description":"The description of the saved query."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Returns the saved query object","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Returns the saved timeline query object","required":["id","query_name","query_text","group_id","description"],"properties":{"id":{"type":"integer"},"query_name":{"type":"string"},"query_text":{"type":"string"},"group_id":{"type":"integer"},"description":{"type":"string"}}}}}}}}}}},"\/api\/v3\/timeline\/saved_queries\/{query_id}":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Update a saved timeline query","description":"Update a saved timeline query.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"query_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the saved timeline query to update."}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","description":"The saved query object to update.","properties":{"query_name":{"type":"string","description":"The updated name of the saved query."},"query_text":{"type":"string","description":"The updated text of the saved query."},"group_id":{"type":"integer","description":"The updated id of the group that the saved query is associated with."},"description":{"type":"string","description":"The updated description of the saved query."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated the saved query.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The updated saved query object","required":[],"properties":{"id":{"type":"integer","description":"The id of the saved query."},"query_name":{"type":"string","description":"The name of the saved query."},"query_text":{"type":"string","description":"The text of the saved query."},"group_id":{"type":"integer","description":"The id of the group that the saved query is associated with."},"description":{"type":"string","description":"The description of the saved query."}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Delete a saved query","description":"Delete a saved query.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"query_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the saved timeline query you want to delete."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted a saved timeline query.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}}},"\/api\/v3\/timeline\/saved_query_groups":{"get":{"description":"Get a list of all saved query groups.","security":[{"bearerAuth":[]}],"summary":"Get a list of all saved query groups","tags":["Timeline"],"x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"investigation_id","in":"query","schema":{"type":"integer"},"required":false},{"name":"predefined","in":"query","schema":{"type":"boolean"},"required":false},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of group results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["id","-id"],"default":"-id"},"description":"How results should be ordered"}],"responses":{"200":{"description":"List of saved query groups.","content":{"application\/json":{"schema":{"required":["status","data","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["id","name","predefined","description","associated_investigations"],"properties":{"id":{"type":"integer","description":"The ID of the saved query."},"name":{"type":"string","description":"The name of the saved query."},"predefined":{"type":"boolean","description":"If the group is predefined or not."},"associated_investigations":{"type":"array","items":{"type":"object","required":["investigation_id","investigation_name"],"properties":{"investigation_id":{"type":"integer","description":"The ID of the associated investigation."},"investigation_name":{"type":"string","description":"The name of the associated investigation."}}}},"description":{"type":"string","description":"The description of the saved query."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Create new saved timeline query","description":"Create new saved timeline query.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","cross_investigation"],"properties":{"name":{"type":"string","description":"The name of the saved query group."},"description":{"type":"string","description":"The description of the saved query group."},"investigation_id":{"type":"integer","description":"ID of investigation to associated the group with."},"cross_investigation":{"type":"boolean","default":false,"description":"whether the group should be associated with all available investigations."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Returns the saved query group object","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Returns the saved timeline query group object","required":["id","name","predefined","description","associated_investigations"],"properties":{"id":{"type":"integer"},"name":{"type":"string"},"predefined":{"type":"boolean"},"description":{"type":"string"},"associated_investigations":{"type":"array","items":{"type":"object","required":["investigation_id","investigation_name"],"properties":{"investigation_id":{"type":"integer","description":"The ID of the associated investigation."},"investigation_name":{"type":"string","description":"The name of the associated investigation."}}}}}}}}}}}}}},"\/api\/v3\/timeline\/saved_query_groups\/{query_group_id}":{"get":{"description":"Get a single saved query group.","security":[{"bearerAuth":[]}],"summary":"Get a single saved query group","tags":["Timeline"],"x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"query_group_id","in":"path","schema":{"type":"integer"},"required":true}],"responses":{"200":{"description":"The saved query group object.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The saved query group object","required":["id","name","predefined","description","associated_investigations"],"properties":{"id":{"type":"integer"},"name":{"type":"string"},"predefined":{"type":"boolean"},"associated_investigations":{"type":"array","items":{"type":"object","required":["investigation_id","investigation_name"],"properties":{"investigation_id":{"type":"integer","description":"The ID of the associated investigation."},"investigation_name":{"type":"string","description":"The name of the associated investigation."}}}},"description":{"type":"string"}}}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"patch":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Update a saved timeline query group","description":"Update a saved timeline query group.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"query_group_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the saved timeline query group to update."}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","description":"The saved query group object to update.","properties":{"name":{"type":"string","description":"The updated name of the saved query group."},"description":{"type":"string","description":"The updated description of the saved query group."},"investigation_id":{"type":"integer","description":"ID of investigation to associated the group with."},"cross_investigation":{"type":"boolean","default":false,"description":"The updated status of whether the group is cross investigation."}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully updated the saved query.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"object","description":"The updated saved query group object","required":[],"properties":{"id":{"type":"integer"},"name":{"type":"string"},"predefined":{"type":"boolean"},"associated_investigations":{"type":"array","items":{"type":"object","required":["investigation_id","investigation_name"],"properties":{"investigation_id":{"type":"integer","description":"The ID of the associated investigation."},"investigation_name":{"type":"string","description":"The name of the associated investigation."}}}},"description":{"type":"string"}}}}}}}}}},"delete":{"x-Feature Lifecycle":"beta","x-Admin Only":"no","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst"],"summary":"Delete a saved query group","description":"Delete a saved query group.","tags":["Timeline"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"query_group_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the saved timeline query group you want to delete."}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted a saved timeline query group.","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}}},"\/api\/v3\/users\/{user_id}\/eula":{"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"Update user's EULA details","description":"Update user's EULA details.","tags":["EULA"],"security":[{"bearerAuth":[]}],"externalDocs":{"description":"Find out more about our EULA here:","url":"https:\/\/docs.cadosecurity.com\/eula\/commercial-eula"},"parameters":[{"name":"user_id","in":"path","required":true,"schema":{"type":"integer"},"description":"ID of the user signing the EULA."}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["eula_agreement","eula_version"],"properties":{"eula_agreement":{"type":"string","description":"Details of which agreement user has signed.","example":"standard_eula_signed"},"eula_version":{"type":"string","description":"Version of agreement signed.","example":"1718202350"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Details of the user's EULA agreement.","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","enum":["success"],"description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","description":"Data of the user and eula.","schema":null,"required":["id","eula_agreement","eula_version","eula_sign_date"],"properties":{"id":{"description":"User ID","type":"integer"},"eula_agreement":{"description":"Details of which agreement user has signed","type":"string"},"eula_version":{"description":"Version of agreement signed","type":"string"},"eula_sign_date":{"description":"Epoch unix timestamp of when the user signed the EULA","type":"number","example":1716398601.220793}}}}}}}}}}},"\/api\/v3\/users":{"get":{"description":"Retrieve a list of all the users register in the platform. Only admin can access this resource.","security":[{"bearerAuth":[]}],"summary":"List of users","tags":["Users"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return, ordered by username desc."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page, ordered by username desc."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["display_name","-display_name"],"default":"-display_name"},"description":"How results should be ordered"},{"name":"username","in":"query","required":false,"schema":{"type":"string"},"description":"Search for a user by username"},{"name":"display_name","in":"query","required":false,"schema":{"type":"string"},"description":"Search for a user by display name"},{"name":"group_name","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by users assigned to the group"}],"responses":{"200":{"description":"List of users","content":{"application\/json":{"schema":{"required":["status","data","pagination"],"type":"object","properties":{"data":{"type":"array","items":{"type":"object","required":["id","rbac_role","username","login_type","display_name","groups_count"],"$ref":"#\/components\/schemas\/user_schema"}},"pagination":{"$ref":"#\/components\/schemas\/pagination","required":["total_records","current_page","total_pages","type"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator","Lead Analyst"],"summary":"Create new user","description":"Create a new user in the platform (must login afterwards to generate access token).","tags":["Users"],"security":[{"bearerAuth":[]}],"parameters":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["username","password","password_confirm","rbac_role"],"properties":{"username":{"type":"string","minLength":5,"maxLength":80,"description":"Username to create"},"password":{"type":"string","minLength":8,"pattern":"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$","description":"Password to use"},"password_confirm":{"type":"string","minLength":8,"pattern":"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$","description":"Repeat the password for confirmation"},"rbac_role":{"type":"string","enum":["Administrator","Platform Administrator","Darktrace","Lead Analyst","Analyst","Read Only Analyst"]}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Returns the user object","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"enum":["success"],"type":"string","description":"The status of the response, in this context, the value will be \"success\".","default":"success"},"data":{"type":"object","required":["id","rbac_role","username","login_type","display_name"],"$ref":"#\/components\/schemas\/user_schema"}}}}}}}}},"\/api\/v3\/users\/{id}":{"delete":{"description":"Delete user record","security":[{"bearerAuth":[]}],"summary":"Delete user record","tags":["Users"],"x-Required Roles":["Administrator"],"x-Feature Lifecycle":"beta","parameters":[{"description":"User id","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status"],"type":"object"}}},"description":""}}},"patch":{"description":"Update a user details - can change username or password.","security":[{"bearerAuth":[]}],"summary":"Update a user's details","tags":["Users"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"description":"User id","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","required":[],"properties":{"display_name":{"type":"string","minLength":5,"maxLength":80,"example":"yossi","description":"new display name"},"password":{"type":"string","example":"ThisIsStringPwd1!","minLength":8,"pattern":"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$","description":"minimum 8 characters containing at least one number and one uppercase"},"password_confirm":{"type":"string","example":"ThisIsStringPwd1!","minLength":8,"pattern":"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$","description":"retype the password - must must be provided when updating your own password"},"current_password":{"type":"string","example":"ThisIsMyOldPwd1!","description":"your current password - must be provided when updating your own password"},"reset_password":{"type":"boolean","example":true,"description":"force reset another users password if True (requires admin)"},"rbac_role":{"type":"string","example":"Analyst","description":"A valid rbac role, as specified by \/roles endpoint"}}}}},"required":true},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"User details","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"data":{"type":"object","required":["id","rbac_role","username","login_type","display_name"],"$ref":"#\/components\/schemas\/user_schema"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}}}},"get":{"description":"Get individual user information such as id, username, etc..","security":[{"bearerAuth":[]}],"summary":"Get individual user information","tags":["Users"],"x-Required Roles":["Administrator","Platform Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta","parameters":[{"description":"User id","in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"description":"User detail","content":{"application\/json":{"schema":{"type":"object","required":["data","status"],"properties":{"data":{"type":"object","required":["id","rbac_role","username","login_type","display_name"],"$ref":"#\/components\/schemas\/user_schema"},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/vulnerabilities":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"summary":"List vulnerabilities","description":"List vulnerabilities visible to the current user.","tags":["Vulnerability"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"investigation_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by investigation id."},{"name":"evidence_id","in":"query","required":false,"schema":{"type":"integer"},"description":"Filter by evidence id."},{"name":"cve","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by vulnerability CVE."},{"name":"resource","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by resource."},{"name":"target","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by target."},{"name":"package","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by package."},{"name":"title","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by title."},{"name":"severity","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["critical","high","medium","low","unknown"]}},"description":"Filter by severity."},{"name":"latest_results","in":"query","required":false,"schema":{"type":"boolean"},"description":"Filter to show only the latest scan results."},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return."},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page."},{"name":"order_by","in":"query","required":false,"schema":{"type":"string","enum":["severity","-severity"],"default":"-severity"},"description":"The way in which to order the results"},{"name":"os","in":"query","required":false,"schema":{"type":"array","items":{"type":"string","enum":["Linux","Windows","MacOS"]}},"description":"The operating system of the asset."}],"responses":{"200":{"description":"A response containing a list of vulnerabilities.","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"type":"array","items":{"type":"object","required":["cve","severity","status","title","description","published_date","last_modified_date","target","pkg_id","pkg_name","installed_version","os","evidence_id","first_seen","last_seen"],"properties":{"cve":{"type":"string","description":"The Common Vulnerabilities and Exposures (CVE) identifier for the vulnerability."},"resource":{"type":"string","description":"The resource associated with the vulnerability."},"evidence_name":{"type":"string","description":"The evidence name"},"severity":{"type":"string","enum":["critical","high","medium","low","unknown"],"description":"The severity of the vulnerability."},"fixed_version":{"type":"string","description":"The version of the library that fixes the vulnerability."},"status":{"type":"string","enum":["not_affected","affected","fixed","under_investigation","fix_deferred","will_not_fix","end_of_life","unknown"],"description":"The status of the vulnerability."},"title":{"type":"string","description":"The title of the vulnerability."},"description":{"type":"string","description":"The description of the vulnerability."},"published_date":{"type":"number","description":"The date the vulnerability was published in epoch seconds."},"last_modified_date":{"type":"number","description":"The date the vulnerability was last modified in epoch seconds."},"cvss":{"type":"object","description":"The Common Vulnerability Scoring System (CVSS) score for the vulnerability."},"target":{"type":"string","description":"The target of the vulnerability."},"pkg_id":{"type":"string","description":"The ID of the package associated with the vulnerability."},"pkg_name":{"type":"string","description":"The name of the package associated with the vulnerability."},"installed_version":{"type":"string","description":"The version of the library that is installed."},"os":{"type":"string","description":"The operating system of the asset."},"evidence_id":{"type":"integer","description":"The ID of the evidence associated with the vulnerability."},"first_seen":{"type":"number","description":"Timestamp of when the vulnerability was first seen in the platform (ms since epoch)."},"last_seen":{"type":"number","description":"Timestamp of when the vulnerability was last seen in the platform (ms since epoch)."}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}},"default":{"$ref":"#\/components\/responses\/default"}}}},"\/api\/v3\/webhooks\/{webhook_id}":{"delete":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Delete the webhook setting","description":"Deleting the specified webhook setting.","tags":["Webhooks"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"webhook_id","in":"path","required":true,"description":"Id of the webhook to delete","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully deleted webhook setting","content":{"application\/json":{"schema":{"type":"object","required":["status"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"}}}}}}}},"patch":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Update the webhook setting","description":"Updating the specified webhook setting.","tags":["Webhooks"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"The name of the webhook setting"},"payload":{"type":"object"},"payload_type":{"type":"string","enum":["slack","custom","jira"],"description":"The payload type of the webhook setting"},"url":{"type":"string","format":"hostname","description":"The url of the webhook setting"},"event_type":{"type":"string","enum":["high_severity_alarm","suspicious_severity_event","processing_with_alarms","processing_finished","processing_failed","admin_login","audit_event_create","audit_event_update","audit_event_delete","audit_event_login","audit_event_logout","audit_event_download","audit_event_reboot","audit_event_upgrade","audit_event_import","audit_event_tested","audit_event_upload","audit_event_cancel","audit_event_rerun","detection_updated","detection_created","detection_group_created","detection_group_updated"],"description":"The event type of the webhook setting"},"enabled":{"type":"boolean","description":"Whether or not the webhook is enabled"}}}}}},"parameters":[{"name":"webhook_id","in":"path","required":true,"description":"Id of the webhook to update","schema":{"type":"integer","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully tested webhook setting","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"description":"Response data from the webhook patch request","type":"object","required":["id","webhook"],"properties":{"id":{"type":"integer","description":"The id of the webhook setting that was updated"},"webhook":{"type":"object","required":["event_type","name","payload_type","url","payload"],"properties":{"name":{"type":"string","description":"The name of the webhook setting"},"payload":{"type":"object","description":"The payload of the webhook setting"},"payload_type":{"type":"string","enum":["slack","custom","jira"],"description":"The payload type of the webhook setting"},"url":{"type":"string","format":"hostname","description":"The url of the webhook setting"},"event_type":{"type":"string","enum":["high_severity_alarm","suspicious_severity_event","processing_with_alarms","processing_finished","processing_failed","admin_login","audit_event_create","audit_event_update","audit_event_delete","audit_event_login","audit_event_logout","audit_event_download","audit_event_reboot","audit_event_upgrade","audit_event_import","audit_event_tested","audit_event_upload","audit_event_cancel","audit_event_rerun","detection_updated","detection_created","detection_group_created","detection_group_updated"]},"enabled":{"type":"boolean","description":"Whether or not the webhook is enabled"}}}}}}}}}}}}},"\/api\/v3\/webhooks\/test":{"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Test the webhook setting","description":"Post a test message to the specified webhook setting.","tags":["Webhooks"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["id"],"properties":{"id":{"type":"integer","description":"Id of a webhook setting"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"Successfully tested webhook setting","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"description":"Response from the webhook test","type":"object","properties":{"id":{"type":"integer","description":"The id of the webhook setting that was tested"},"message":{"type":"string","description":"The message indicating the webhook successfully fired"}}}}}}}}}}},"\/api\/v3\/webhooks":{"get":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Get the webhook settings","description":"Get all the webhook settings.","tags":["Webhooks"],"security":[{"bearerAuth":[]}],"parameters":[{"name":"page","in":"query","required":false,"description":"The page number to return","schema":{"type":"integer","default":1}},{"name":"per_page","in":"query","required":false,"description":"The number of items to return per page","schema":{"type":"integer","default":10}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"description":"List of webhook settings","content":{"application\/json":{"schema":{"type":"object","required":["status","data","pagination"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"description":"Data from the webhook request","type":"array","items":{"type":"object","required":["event_type","id","name","payload_type","url","enabled"],"properties":{"event_type":{"type":"string","enum":["high_severity_alarm","suspicious_severity_event","processing_with_alarms","processing_finished","processing_failed","admin_login","audit_event_create","audit_event_update","audit_event_delete","audit_event_login","audit_event_logout","audit_event_download","audit_event_reboot","audit_event_upgrade","audit_event_import","audit_event_tested","audit_event_upload","audit_event_cancel","audit_event_rerun","detection_updated","detection_created","detection_group_created","detection_group_updated"]},"id":{"type":"integer","description":"The id of the webhook setting"},"name":{"type":"string","description":"The name of the webhook setting"},"payload":{"type":"object","description":"The payload of the webhook setting"},"payload_type":{"type":"string","enum":["slack","custom","jira"],"description":"The payload type of the webhook setting"},"url":{"type":"string","format":"hostname","description":"The url of the webhook setting"},"last_sent":{"type":"number","nullable":true,"description":"The last time the webhook was sent."},"times_sent":{"type":"integer","nullable":true,"description":"The number of times the webhook has been sent."},"enabled":{"type":"boolean","description":"Whether or not the webhook is enabled"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination"}}}}}}}},"post":{"x-Feature Lifecycle":"beta","x-Required Roles":["Administrator","Platform Administrator"],"summary":"Creation of the webhook setting","description":"Creating a new webhook setting.","tags":["Webhooks"],"security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["event_type","url","payload_type","name"],"properties":{"name":{"type":"string","description":"The name of the webhook setting"},"payload":{"type":"object"},"payload_type":{"type":"string","enum":["slack","custom","jira"],"description":"The payload type of the webhook setting"},"url":{"type":"string","format":"hostname","description":"The url of the webhook setting"},"event_type":{"type":"string","enum":["high_severity_alarm","suspicious_severity_event","processing_with_alarms","processing_finished","processing_failed","admin_login","audit_event_create","audit_event_update","audit_event_delete","audit_event_login","audit_event_logout","audit_event_download","audit_event_reboot","audit_event_upgrade","audit_event_import","audit_event_tested","audit_event_upload","audit_event_cancel","audit_event_rerun","detection_updated","detection_created","detection_group_created","detection_group_updated"],"description":"The event type of the webhook setting"}}}}}},"responses":{"default":{"$ref":"#\/components\/responses\/default"},"201":{"description":"Successfully created webhook setting","content":{"application\/json":{"schema":{"type":"object","required":["status","data"],"properties":{"status":{"type":"string","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"default":"success"},"data":{"required":["id","webhook"],"description":"Response data from the webhook post request","type":"object","properties":{"id":{"type":"integer","description":"The id of the webhook setting"},"webhook":{"type":"object","required":["event_type","name","payload_type","url","payload","enabled"],"properties":{"name":{"type":"string","description":"The name of the webhook setting"},"payload":{"type":"object"},"payload_type":{"type":"string","enum":["slack","custom","jira"],"description":"The payload type of the webhook setting"},"url":{"type":"string","format":"hostname","description":"The url of the webhook setting"},"event_type":{"type":"string","enum":["high_severity_alarm","suspicious_severity_event","processing_with_alarms","processing_finished","processing_failed","admin_login","audit_event_create","audit_event_update","audit_event_delete","audit_event_login","audit_event_logout","audit_event_download","audit_event_reboot","audit_event_upgrade","audit_event_import","audit_event_tested","audit_event_upload","audit_event_cancel","audit_event_rerun","detection_updated","detection_created","detection_group_created","detection_group_updated"],"description":"The event type of the webhook setting"},"enabled":{"type":"boolean","description":"Whether or not the webhook is enabled"}}}}}}}}}}}}},"\/api\/v3\/workers":{"get":{"description":"Returns a list of all workers.","parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1},"description":"Which page of results to return"},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":10},"description":"How many results per page"},{"name":"status","description":"Filter by worker status","in":"query","required":false,"schema":{"type":"string","enum":["active","pending","terminating"]}},{"name":"evidence_name","description":"Filter by evidence name","in":"query","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application\/json":{"schema":{"properties":{"data":{"type":"array","items":{"type":"object","required":["id","status","instance_type","launch_time"],"properties":{"id":{"type":"string","description":"instance id"},"status":{"type":"string","description":"pending, active, terminating"},"evidence_id":{"type":"integer","description":"evidence id"},"evidence_name":{"type":"string","description":"evidence name"},"project_id":{"type":"integer","description":"evidence id"},"instance_type":{"type":"string","description":"instance type"},"launch_time":{"type":"number","description":"instance launch time (ms since epoch)"},"url":{"type":"string","description":"cloud portal url"}}}},"pagination":{"$ref":"#\/components\/schemas\/pagination","required":["type","total_records","current_page","total_pages"]},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data","pagination"],"type":"object"}}},"description":"List of workers"},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"List all workers","tags":["Workers"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"}},"\/api\/v3\/workers\/{instance_id}":{"get":{"description":"Get a worker by instance ID.","parameters":[{"description":"The instance ID of the worker to retrieve.","in":"path","name":"instance_id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Successful worker retrieval","content":{"application\/json":{"schema":{"properties":{"data":{"type":"object","required":["instance_id","status","instance_type","launch_time"],"properties":{"instance_id":{"type":"string","description":"instance id"},"status":{"type":"string","description":"pending, active, terminating"},"evidence_id":{"type":"integer","description":"evidence id"},"evidence_name":{"type":"string","description":"evidence name"},"project_id":{"type":"integer","description":"project id"},"instance_type":{"type":"string","description":"instance type"},"launch_time":{"type":"number","description":"instance launch time (ms since epoch)"},"url":{"type":"string","description":"cloud portal url"}}},"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status","data"],"type":"object"}}}},"default":{"$ref":"#\/components\/responses\/default"}},"security":[{"bearerAuth":[]}],"summary":"Get a singular worker","tags":["Workers"],"x-Required Roles":["Administrator","Lead Analyst","Analyst","Read Only Analyst"],"x-Feature Lifecycle":"beta"},"delete":{"description":"Terminates a worker in either AWS or Azure.","parameters":[{"description":"Id of the instance to terminate.","name":"instance_id","in":"path","required":true,"schema":{"type":"string","example":1}}],"responses":{"default":{"$ref":"#\/components\/responses\/default"},"200":{"content":{"application\/json":{"schema":{"properties":{"status":{"default":"success","description":"The status of the response, in this context, the value will be \"success\".","enum":["success"],"type":"string"}},"required":["status"],"type":"object"}}},"description":"Successful termination of worker."}},"security":[{"bearerAuth":[]}],"summary":"Terminate Worker","tags":["Workers"],"x-Required Roles":["Administrator","Lead Analyst","Analyst"],"x-Feature Lifecycle":"beta"}}}}