diff --git a/LICENSE b/LICENSE index f12f6b4..be8e4da 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2025 Crowdsec +Copyright (c) 2026 Crowdsec Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index c71f804..2ea145a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # crowdsec_service_api -**crowdsec_service_api** is a Python SDK for the [CrowdSec Service API](https://docs.crowdsec.net/u/service_api/intro/). +**crowdsec_service_api** is a Python SDK for the [CrowdSec Service API](https://docs.crowdsec.net/u/console/service_api/getting_started). This library enables you to manage CrowdSec resources such as blocklists, integrations in your python applications. ## Installation @@ -11,10 +11,11 @@ pip install crowdsec_service_api ## Usage -You can follow this [documentation](https://docs.crowdsec.net/u/service_api/quickstart/blocklists) to see the basic usage of the SDK. +You can follow this [documentation](https://docs.crowdsec.net/u/console/service_api/sdks/python) to see the basic usage of the SDK. ## Documentation -You can access the full usage documentation [here](https://github.com/crowdsecurity/crowdsec-service-api-sdk-python/tree/main/doc). +You can access [the quickstart guide here](https://docs.crowdsec.net/u/console/service_api/quickstart/authentication). +Or you have the full usage documentation [here](https://github.com/crowdsecurity/crowdsec-service-api-sdk-python/tree/main/doc). ## Contributing diff --git a/crowdsec_service_api/__init__.py b/crowdsec_service_api/__init__.py index af6c9a0..80ca799 100644 --- a/crowdsec_service_api/__init__.py +++ b/crowdsec_service_api/__init__.py @@ -7,11 +7,10 @@ from .services.info import Info from .services.metrics import Metrics from .services.hub import Hub -from .services.cves import Cves from .http_client import ApiKeyAuth class Server(Enum): - production_server = 'https://admin.api.crowdsec.net/v1/' + production_server = 'https://admin.api.crowdsec.net/v1' __all__ = [ 'Allowlists', @@ -20,7 +19,6 @@ class Server(Enum): 'Info', 'Metrics', 'Hub', - 'Cves', 'AllowlistCreateRequest', 'AllowlistCreateResponse', 'AllowlistGetItemsResponse', @@ -61,6 +59,7 @@ class Server(Enum): 'BlocklistUpdateRequest', 'BlocklistUsageStats', 'Body_uploadBlocklistContent', + 'CVESubscription', 'ComputedMetrics', 'ComputedSavedMetrics', 'CtiAs', @@ -106,21 +105,6 @@ class Server(Enum): 'PostoverflowIndex', 'ScenarioIndex', 'VersionDetail', - 'AffectedComponent', - 'AttackDetail', - 'Behavior', - 'Classification', - 'Classifications', - 'GetCVEIPsResponsePage', - 'GetCVEResponse', - 'History', - 'IPItem', - 'Location', - 'MitreTechnique', - 'Reference', - 'ScoreBreakdown', - 'Scores', - 'SubscribeCVEIntegrationRequest', 'ApiKeyAuth', 'Server', 'Page' diff --git a/crowdsec_service_api/__pycache__/base_model.cpython-311.pyc b/crowdsec_service_api/__pycache__/base_model.cpython-311.pyc index a8dddcd..a7fc46c 100644 Binary files a/crowdsec_service_api/__pycache__/base_model.cpython-311.pyc and b/crowdsec_service_api/__pycache__/base_model.cpython-311.pyc differ diff --git a/crowdsec_service_api/__pycache__/http_client.cpython-311.pyc b/crowdsec_service_api/__pycache__/http_client.cpython-311.pyc index b77e6a7..134f917 100644 Binary files a/crowdsec_service_api/__pycache__/http_client.cpython-311.pyc and b/crowdsec_service_api/__pycache__/http_client.cpython-311.pyc differ diff --git a/crowdsec_service_api/base_model.py b/crowdsec_service_api/base_model.py index 411612f..853282f 100644 --- a/crowdsec_service_api/base_model.py +++ b/crowdsec_service_api/base_model.py @@ -1,6 +1,6 @@ from urllib.parse import urlparse -from pydantic import BaseModel, ConfigDict -from typing import Generic, Sequence, Optional, TypeVar +from pydantic import BaseModel, ConfigDict, PrivateAttr, RootModel +from typing import Generic, Sequence, Optional, TypeVar, Any from httpx import Auth from .http_client import HttpClient @@ -9,13 +9,25 @@ class BaseModelSdk(BaseModel): model_config = ConfigDict( extra="ignore", ) + _client: Optional["Service"] = PrivateAttr(default=None) + + def __init__(self, /, _client: "Service" = None, **data): + super().__init__(**data) + self._client = _client + + def next(self, client: "Service" = None) -> Optional["BaseModelSdk"]: + return (client if client is not None else self._client).next_page(self) + + +class RootModelSdk(RootModel): + def __getattr__(self, item: str) -> Any: + return getattr(self.root, item) T = TypeVar("T") class Page(BaseModelSdk, Generic[T]): - _client: "Service" items: Sequence[T] total: Optional[int] page: Optional[int] @@ -23,28 +35,26 @@ class Page(BaseModelSdk, Generic[T]): pages: Optional[int] = None links: Optional[dict] = None - def __init__(self, _client: "Service", **data): - super().__init__(**data) - self._client = _client - - def next(self, client: "Service" = None) -> "Page[T]": - return (client if client is not None else self._client).next_page(self) - class Service: - def __init__(self, base_url: str, auth: Auth) -> None: - self.http_client = HttpClient(base_url=base_url, auth=auth) + def __init__(self, base_url: str, auth: Auth, user_agent: str = None) -> None: + self.http_client = HttpClient( + base_url=base_url, auth=auth, user_agent=user_agent + ) - def next_page(self, page: Page[T]) -> Page[T]: - if not page.links: + def next_page(self, page: BaseModelSdk) -> Optional[BaseModelSdk]: + if not hasattr(page, "links") or not page.links: raise ValueError( "No links found in the response, this is not a paginated response." ) - if page.links.get("next"): + if page.links.next: # links are relative to host not to full base url. We need to pass a full formatted url here parsed_url = urlparse(self.http_client.base_url) response = self.http_client.get( - f"{parsed_url.scheme}://{parsed_url.netloc}{page.links['next']}", path_params=None, params=None, headers=None + f"{parsed_url.scheme}://{parsed_url.netloc}{page.links.next}", + path_params=None, + params=None, + headers=None, ) return page.__class__(_client=self, **response.json()) return None diff --git a/crowdsec_service_api/http_client.py b/crowdsec_service_api/http_client.py index 7fd53a6..63b3f93 100644 --- a/crowdsec_service_api/http_client.py +++ b/crowdsec_service_api/http_client.py @@ -45,11 +45,20 @@ def auth_flow(self, request): class HttpClient: - def __init__(self, base_url: str, auth: httpx.Auth, aws_region="eu-west-1") -> None: + def __init__( + self, + base_url: str, + auth: httpx.Auth, + user_agent: str = None, + aws_region="eu-west-1", + ) -> None: self.aws_region = aws_region self.base_url = base_url self.auth = auth - self.client = httpx.Client() + headers = {"Accept-Encoding": "gzip"} + if user_agent: + headers["User-Agent"] = user_agent + self.client = httpx.Client(headers=headers) self.timeout = 30 def _replace_path_params(self, url: str, path_params: dict): diff --git a/crowdsec_service_api/models.py b/crowdsec_service_api/models.py index 540e50a..18d70cf 100644 --- a/crowdsec_service_api/models.py +++ b/crowdsec_service_api/models.py @@ -1,15 +1,16 @@ # generated by datamodel-codegen: # filename: -# timestamp: 2025-12-02T14:56:05+00:00 +# timestamp: 2026-01-07T14:15:32+00:00 from __future__ import annotations +from datetime import datetime from enum import StrEnum from typing import Annotated, Dict, List, Optional, Union -from pydantic import AnyUrl, AwareDatetime, ConfigDict, Field, RootModel +from pydantic import AnyUrl, ConfigDict, Field, RootModel -from .base_model import BaseModelSdk +from .base_model import BaseModelSdk, RootModelSdk class AllowlistCreateRequest(BaseModelSdk): @@ -49,11 +50,11 @@ class AllowlistCreateResponse(BaseModelSdk): Field(description='Description of the allowlist', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist was created', title='Created At'), ] updated_at: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist was updated', title='Updated At'), ] = None from_cti_query: Annotated[ @@ -84,7 +85,7 @@ class AllowlistItemUpdateRequest(BaseModelSdk): Field(description='Description of the allowlist entry', title='Description'), ] = None expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist entry will expire', title='Expiration'), ] = None @@ -102,7 +103,7 @@ class AllowlistItemsCreateRequest(BaseModelSdk): Field(description='Description of the allowlist entry', title='Description'), ] expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist entry will expire', title='Expiration'), ] = None @@ -131,7 +132,7 @@ class AllowlistSubscriptionResponse(BaseModelSdk): ] = None -class Name(RootModel[str]): +class Name(RootModelSdk[str]): root: Annotated[ str, Field( @@ -179,7 +180,7 @@ class BlocklistAddIPsRequest(BaseModelSdk): ) ips: Annotated[List[str], Field(description='List of IPs or networks', title='Ips')] expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Expiration date', examples=['2030-01-01T00:00:00.000Z'], @@ -326,7 +327,7 @@ class BlocklistUsageStats(BaseModelSdk): total_subscribed_organizations: Annotated[ Optional[int], Field(title='Total Subscribed Organizations') ] = 0 - updated_at: Annotated[Optional[AwareDatetime], Field(title='Updated At')] = None + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None class BodyUploadBlocklistContent(BaseModelSdk): @@ -335,6 +336,10 @@ class BodyUploadBlocklistContent(BaseModelSdk): ] +class CVESubscription(BaseModelSdk): + id: Annotated[str, Field(description='CVE ID', title='Id')] + + class CtiAs(BaseModelSdk): model_config = ConfigDict( extra='allow', @@ -481,7 +486,7 @@ class RemediationMetricsData(BaseModelSdk): Union[int, float], Field(description='Value of the metric', title='Value') ] timestamp: Annotated[ - AwareDatetime, Field(description='Timestamp of the metric', title='Timestamp') + datetime, Field(description='Timestamp of the metric', title='Timestamp') ] @@ -537,158 +542,6 @@ class VersionDetail(BaseModelSdk): ] -class AffectedComponent(BaseModelSdk): - vendor: Annotated[ - Optional[str], - Field(description='Vendor of the affected component', title='Vendor'), - ] = None - product: Annotated[ - Optional[str], - Field(description='Product name of the affected component', title='Product'), - ] = None - - -class AttackDetail(BaseModelSdk): - name: Annotated[str, Field(description='Attack detail name', title='Name')] - label: Annotated[str, Field(description='Attack detail label', title='Label')] - description: Annotated[ - str, Field(description='Attack detail description', title='Description') - ] - references: Annotated[ - Optional[List[str]], - Field(description='Attack detail references', title='References'), - ] = None - - -class Behavior(BaseModelSdk): - name: Annotated[str, Field(description='Behavior name', title='Name')] - label: Annotated[str, Field(description='Behavior label', title='Label')] - description: Annotated[ - str, Field(description='Behavior description', title='Description') - ] - - -class Classification(BaseModelSdk): - name: Annotated[str, Field(description='Classification name', title='Name')] - label: Annotated[str, Field(description='Classification label', title='Label')] - description: Annotated[ - str, Field(description='Classification description', title='Description') - ] - - -class Classifications(BaseModelSdk): - false_positives: Annotated[ - Optional[List[Classification]], - Field(description='False positive classifications', title='False Positives'), - ] = None - classifications: Annotated[ - Optional[List[Classification]], - Field(description='Main classifications', title='Classifications'), - ] = None - - -class GetCVEResponse(BaseModelSdk): - id: Annotated[str, Field(description='ID of the CVE', title='Id')] - name: Annotated[str, Field(description='Name of the CVE', title='Name')] - affected_components: Annotated[ - List[AffectedComponent], - Field(description='List of affected components', title='Affected Components'), - ] - let_score: Annotated[ - int, Field(description='LET score of the CVE', ge=0, le=10, title='Let Score') - ] - first_seen: Annotated[ - AwareDatetime, Field(description='First seen date', title='First Seen') - ] - last_seen: Annotated[ - AwareDatetime, Field(description='Last seen date', title='Last Seen') - ] - nb_ips: Annotated[ - int, Field(description='Number of unique IPs affected', ge=0, title='Nb Ips') - ] - published_date: Annotated[ - AwareDatetime, - Field(description='Published date of the CVE', title='Published Date'), - ] - cvss_score: Annotated[ - float, - Field(description='CVSS score of the CVE', ge=0.0, le=10.0, title='Cvss Score'), - ] - references: Annotated[ - List[str], - Field(description='List of references for the CVE', title='References'), - ] - description: Annotated[ - str, Field(description='Description of the CVE', title='Description') - ] - - -class History(BaseModelSdk): - first_seen: Annotated[ - AwareDatetime, Field(description='First seen timestamp', title='First Seen') - ] - last_seen: Annotated[ - AwareDatetime, Field(description='Last seen timestamp', title='Last Seen') - ] - full_age: Annotated[int, Field(description='Full age in days', title='Full Age')] - days_age: Annotated[int, Field(description='Days age', title='Days Age')] - - -class Location(BaseModelSdk): - country: Annotated[ - Optional[str], Field(description='Country code', title='Country') - ] = None - city: Annotated[Optional[str], Field(description='City name', title='City')] = None - latitude: Annotated[ - Optional[float], Field(description='Latitude coordinate', title='Latitude') - ] = None - longitude: Annotated[ - Optional[float], Field(description='Longitude coordinate', title='Longitude') - ] = None - - -class MitreTechnique(BaseModelSdk): - name: Annotated[str, Field(description='MITRE technique ID', title='Name')] - label: Annotated[str, Field(description='MITRE technique label', title='Label')] - description: Annotated[ - str, Field(description='MITRE technique description', title='Description') - ] - - -class Reference(BaseModelSdk): - name: Annotated[str, Field(description='Reference name', title='Name')] - label: Annotated[str, Field(description='Reference label', title='Label')] - description: Annotated[ - str, Field(description='Reference description', title='Description') - ] - - -class ScoreBreakdown(BaseModelSdk): - aggressiveness: Annotated[ - int, Field(description='Aggressiveness score', title='Aggressiveness') - ] - threat: Annotated[int, Field(description='Threat score', title='Threat')] - trust: Annotated[int, Field(description='Trust score', title='Trust')] - anomaly: Annotated[int, Field(description='Anomaly score', title='Anomaly')] - total: Annotated[int, Field(description='Total score', title='Total')] - - -class Scores(BaseModelSdk): - overall: Annotated[ScoreBreakdown, Field(description='Overall scores')] - last_day: Annotated[ScoreBreakdown, Field(description='Last day scores')] - last_week: Annotated[ScoreBreakdown, Field(description='Last week scores')] - last_month: Annotated[ScoreBreakdown, Field(description='Last month scores')] - - -class SubscribeCVEIntegrationRequest(BaseModelSdk): - model_config = ConfigDict( - extra='forbid', - ) - name: Annotated[ - str, Field(description='Name of the integration to subscribe', title='Name') - ] - - class AllowlistsListAllowlistsQueryParameters(BaseModelSdk): page: Annotated[ Optional[int], Field(description='Page number', ge=1, title='Page') @@ -871,10 +724,10 @@ class BlocklistsDeleteBlocklistPathParameters(BaseModelSdk): class BlocklistsUploadBlocklistContentQueryParameters(BaseModelSdk): expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Blocklist expiration', - examples='2025-12-02T14:55:58.773978+00:00', + examples='2026-01-07T14:15:14.928525+00:00', title='Expiration', ), ] = None @@ -998,6 +851,16 @@ class IntegrationsUpdateIntegrationPathParameters(BaseModelSdk): integration_id: Annotated[str, Field(title='Integration Id')] +class IntegrationsDeleteIntegrationQueryParameters(BaseModelSdk): + force: Annotated[ + Optional[bool], + Field( + description='Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)', + title='Force', + ), + ] = False + + class IntegrationsDeleteIntegrationPathParameters(BaseModelSdk): integration_id: Annotated[str, Field(title='Integration Id')] @@ -1008,7 +871,7 @@ class IntegrationsHeadIntegrationContentPathParameters(BaseModelSdk): ] -class PageSize(RootModel[int]): +class PageSize(RootModelSdk[int]): root: Annotated[ int, Field( @@ -1056,14 +919,14 @@ class IntegrationsGetIntegrationContentStreamPathParameters(BaseModelSdk): class MetricsGetMetricsRemediationQueryParameters(BaseModelSdk): start_date: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Start date of the metrics, default to last day', title='Start Date', ), ] = None end_date: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='End date of the metrics', title='End Date'), ] = None engine_ids: Annotated[ @@ -1114,50 +977,6 @@ class HubHeadItemContentPathParameters(BaseModelSdk): tenant: Annotated[str, Field(title='Tenant')] -class CvesGetCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - - -class Since(RootModel[str]): - root: Annotated[ - str, - Field( - description='Filter IPs seen since this date, format duration (e.g., 7d, 24h)', - pattern='^\\d+[hd]$', - title='Since', - ), - ] - - -class CvesGetCveIpsQueryParameters(BaseModelSdk): - since: Annotated[ - Optional[Since], - Field( - description='Filter IPs seen since this date, format duration (e.g., 7d, 24h)', - title='Since', - ), - ] = None - page: Annotated[ - Optional[int], Field(description='Page number', ge=1, title='Page') - ] = 1 - size: Annotated[ - Optional[int], Field(description='Page size', ge=1, le=100, title='Size') - ] = 50 - - -class CvesGetCveIpsPathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - - -class CvesSubscribeIntegrationToCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - - -class CvesUnsubscribeIntegrationFromCvePathParameters(BaseModelSdk): - cve_id: Annotated[str, Field(title='Cve Id')] - integration_name: Annotated[str, Field(title='Integration Name')] - - class AllowlistSubscriberEntity(BaseModelSdk): id: Annotated[str, Field(description='Subscriber entity id', title='Id')] entity_type: SubscriberEntityType @@ -1208,11 +1027,11 @@ class AllowlistUpdateResponse(BaseModelSdk): Field(description='Description of the allowlist', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist was created', title='Created At'), ] updated_at: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist was updated', title='Updated At'), ] = None from_cti_query: Annotated[ @@ -1292,7 +1111,7 @@ class BlocklistContentStats(BaseModelSdk): Optional[List[CtiCountry]], Field(title='Top Attacking Countries') ] = [] top_ips: Annotated[Optional[List[CtiIp]], Field(title='Top Ips')] = [] - updated_at: Annotated[Optional[AwareDatetime], Field(title='Updated At')] = None + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None class BlocklistOrigin(BaseModelSdk): @@ -1398,7 +1217,7 @@ class BlocklistStats(BaseModelSdk): Optional[float], Field(title='Change Month Percentage') ] = 0.0 count: Annotated[Optional[int], Field(title='Count')] = 0 - updated_at: Annotated[Optional[AwareDatetime], Field(title='Updated At')] = None + updated_at: Annotated[Optional[datetime], Field(title='Updated At')] = None class BlocklistSubscriberEntity(BaseModelSdk): @@ -1481,11 +1300,11 @@ class IntegrationCreateResponse(BaseModelSdk): Field(description='Description of the integration', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the integration was created', title='Created At'), ] updated_at: Annotated[ - AwareDatetime, + datetime, Field(description='Last time the integration was updated', title='Updated At'), ] entity_type: Annotated[ @@ -1495,7 +1314,7 @@ class IntegrationCreateResponse(BaseModelSdk): OutputFormat, Field(description='Output format of the integration') ] last_pull: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Last time the integration pulled blocklists', title='Last Pull' ), @@ -1507,6 +1326,10 @@ class IntegrationCreateResponse(BaseModelSdk): title='Blocklists', ), ] + cves: Annotated[ + List[CVESubscription], + Field(description='CVEs that are subscribed by the integration', title='Cves'), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1547,11 +1370,11 @@ class IntegrationGetResponse(BaseModelSdk): Field(description='Description of the integration', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the integration was created', title='Created At'), ] updated_at: Annotated[ - AwareDatetime, + datetime, Field(description='Last time the integration was updated', title='Updated At'), ] entity_type: Annotated[ @@ -1561,7 +1384,7 @@ class IntegrationGetResponse(BaseModelSdk): OutputFormat, Field(description='Output format of the integration') ] last_pull: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Last time the integration pulled blocklists', title='Last Pull' ), @@ -1573,6 +1396,10 @@ class IntegrationGetResponse(BaseModelSdk): title='Blocklists', ), ] + cves: Annotated[ + List[CVESubscription], + Field(description='CVEs that are subscribed by the integration', title='Cves'), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1638,11 +1465,11 @@ class IntegrationUpdateResponse(BaseModelSdk): Field(description='Description of the integration', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the integration was created', title='Created At'), ] updated_at: Annotated[ - AwareDatetime, + datetime, Field(description='Last time the integration was updated', title='Updated At'), ] entity_type: Annotated[ @@ -1652,7 +1479,7 @@ class IntegrationUpdateResponse(BaseModelSdk): OutputFormat, Field(description='Output format of the integration') ] last_pull: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field( description='Last time the integration pulled blocklists', title='Last Pull' ), @@ -1664,6 +1491,10 @@ class IntegrationUpdateResponse(BaseModelSdk): title='Blocklists', ), ] + cves: Annotated[ + List[CVESubscription], + Field(description='CVEs that are subscribed by the integration', title='Cves'), + ] endpoint: Annotated[ AnyUrl, Field( @@ -1697,10 +1528,10 @@ class OriginMetrics(BaseModelSdk): class PublicBlocklistResponse(BaseModelSdk): id: Annotated[str, Field(description='Blocklist id', title='Id')] created_at: Annotated[ - AwareDatetime, Field(description='Blocklist creation date', title='Created At') + datetime, Field(description='Blocklist creation date', title='Created At') ] updated_at: Annotated[ - AwareDatetime, Field(description='Blocklist update date', title='Updated At') + datetime, Field(description='Blocklist update date', title='Updated At') ] name: Annotated[ str, @@ -2400,81 +2231,6 @@ class ScenarioIndex(BaseModelSdk): ] = None -class IPItem(BaseModelSdk): - ip: Annotated[str, Field(description='IP address', title='Ip')] - reputation: Annotated[ - Optional[str], Field(description='Reputation of the IP', title='Reputation') - ] = None - ip_range: Annotated[ - Optional[str], Field(description='IP range', title='Ip Range') - ] = None - ip_range_score: Annotated[ - Optional[int], Field(description='IP range score', title='Ip Range Score') - ] = None - ip_range_24: Annotated[ - Optional[str], Field(description='IP range /24', title='Ip Range 24') - ] = None - ip_range_24_reputation: Annotated[ - Optional[str], - Field(description='IP range /24 reputation', title='Ip Range 24 Reputation'), - ] = None - ip_range_24_score: Annotated[ - Optional[int], - Field(description='IP range /24 score', title='Ip Range 24 Score'), - ] = None - as_name: Annotated[Optional[str], Field(description='AS name', title='As Name')] = ( - None - ) - as_num: Annotated[Optional[int], Field(description='AS number', title='As Num')] = ( - None - ) - background_noise_score: Annotated[ - Optional[int], - Field(description='Background noise score', title='Background Noise Score'), - ] = None - background_noise: Annotated[ - Optional[str], - Field(description='Background noise level', title='Background Noise'), - ] = None - confidence: Annotated[ - Optional[str], Field(description='Confidence level', title='Confidence') - ] = None - location: Annotated[ - Optional[Location], Field(description='IP location information') - ] = None - reverse_dns: Annotated[ - Optional[str], Field(description='Reverse DNS', title='Reverse Dns') - ] = None - behaviors: Annotated[ - Optional[List[Behavior]], - Field(description='List of behaviors', title='Behaviors'), - ] = None - references: Annotated[ - Optional[List[Reference]], - Field(description='List of references', title='References'), - ] = None - history: Annotated[Optional[History], Field(description='Historical data')] = None - classifications: Annotated[ - Optional[Classifications], Field(description='Classification data') - ] = None - mitre_techniques: Annotated[ - Optional[List[MitreTechnique]], - Field(description='MITRE techniques', title='Mitre Techniques'), - ] = None - cves: Annotated[ - Optional[List[str]], Field(description='List of CVEs', title='Cves') - ] = None - attack_details: Annotated[ - Optional[List[AttackDetail]], - Field(description='Attack details', title='Attack Details'), - ] = None - target_countries: Annotated[ - Optional[Dict[str, int]], - Field(description='Target countries', title='Target Countries'), - ] = None - scores: Annotated[Optional[Scores], Field(description='Scoring information')] = None - - class AllowlistGetItemsResponse(BaseModelSdk): id: Annotated[ str, @@ -2505,11 +2261,11 @@ class AllowlistGetItemsResponse(BaseModelSdk): str, Field(description='Value of the allowlist entry', title='Value') ] created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist entry was created', title='Created At'), ] updated_at: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist entry was updated', title='Updated At'), ] = None created_by: Annotated[ @@ -2520,7 +2276,7 @@ class AllowlistGetItemsResponse(BaseModelSdk): Field(description='The source user who updated the allowlist entry'), ] = None expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist entry will expire', title='Expiration'), ] = None @@ -2552,11 +2308,11 @@ class AllowlistGetResponse(BaseModelSdk): Field(description='Description of the allowlist', title='Description'), ] = None created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist was created', title='Created At'), ] updated_at: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist was updated', title='Updated At'), ] = None from_cti_query: Annotated[ @@ -2623,11 +2379,11 @@ class AllowlistItemUpdateResponse(BaseModelSdk): str, Field(description='Value of the allowlist entry', title='Value') ] created_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist entry was created', title='Created At'), ] updated_at: Annotated[ - AwareDatetime, + datetime, Field(description='Time the allowlist entry was updated', title='Updated At'), ] created_by: Annotated[ @@ -2637,7 +2393,7 @@ class AllowlistItemUpdateResponse(BaseModelSdk): SourceInfo, Field(description='The source user who updated the allowlist entry') ] expiration: Annotated[ - Optional[AwareDatetime], + Optional[datetime], Field(description='Time the allowlist entry will expire', title='Expiration'), ] = None @@ -2692,15 +2448,6 @@ class Index(BaseModelSdk): ] = None -class GetCVEIPsResponsePage(BaseModelSdk): - items: Annotated[List[IPItem], Field(title='Items')] - total: Annotated[int, Field(ge=0, title='Total')] - page: Annotated[int, Field(ge=1, title='Page')] - size: Annotated[int, Field(ge=1, title='Size')] - pages: Annotated[int, Field(ge=0, title='Pages')] - links: Links - - class ComputedMetrics(BaseModelSdk): saved: Annotated[ComputedSavedMetrics, Field(description='estimated saved metrics')] dropped: Annotated[ diff --git a/crowdsec_service_api/services/__pycache__/__init__.cpython-311.pyc b/crowdsec_service_api/services/__pycache__/__init__.cpython-311.pyc index b5d7b60..514c76e 100644 Binary files a/crowdsec_service_api/services/__pycache__/__init__.cpython-311.pyc and b/crowdsec_service_api/services/__pycache__/__init__.cpython-311.pyc differ diff --git a/crowdsec_service_api/services/allowlists.py b/crowdsec_service_api/services/allowlists.py index 2269f08..1f7abe1 100644 --- a/crowdsec_service_api/services/allowlists.py +++ b/crowdsec_service_api/services/allowlists.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Allowlists(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def list_allowlists( self, @@ -30,7 +32,7 @@ def list_allowlists( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return AllowlistGetResponsePage(**response.json()) + return AllowlistGetResponsePage(_client=self, **response.json()) def create_allowlist( self, @@ -147,7 +149,7 @@ def get_allowlist_items( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return AllowlistGetItemsResponsePage(**response.json()) + return AllowlistGetItemsResponsePage(_client=self, **response.json()) def create_allowlist_items( self, @@ -267,7 +269,7 @@ def get_allowlist_subscribers( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return AllowlistSubscriberEntityPage(**response.json()) + return AllowlistSubscriberEntityPage(_client=self, **response.json()) def subscribe_allowlist( self, diff --git a/crowdsec_service_api/services/blocklists.py b/crowdsec_service_api/services/blocklists.py index 909b3fe..6ad3c44 100644 --- a/crowdsec_service_api/services/blocklists.py +++ b/crowdsec_service_api/services/blocklists.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Blocklists(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def get_blocklists( self, @@ -35,7 +37,7 @@ def get_blocklists( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return PublicBlocklistResponsePage(**response.json()) + return PublicBlocklistResponsePage(_client=self, **response.json()) def create_blocklist( self, @@ -83,7 +85,7 @@ def search_blocklist( url=endpoint_url, path_params=path_params, params=params, headers=headers, json=payload ) - return PublicBlocklistResponsePage(**response.json()) + return PublicBlocklistResponsePage(_client=self, **response.json()) def get_blocklist( self, @@ -283,7 +285,7 @@ def get_blocklist_subscribers( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return BlocklistSubscriberEntityPage(**response.json()) + return BlocklistSubscriberEntityPage(_client=self, **response.json()) def subscribe_blocklist( self, diff --git a/crowdsec_service_api/services/hub.py b/crowdsec_service_api/services/hub.py index 1705da2..abd1ca6 100644 --- a/crowdsec_service_api/services/hub.py +++ b/crowdsec_service_api/services/hub.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Hub(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def get_index( self, diff --git a/crowdsec_service_api/services/info.py b/crowdsec_service_api/services/info.py index bac69b8..8b1107f 100644 --- a/crowdsec_service_api/services/info.py +++ b/crowdsec_service_api/services/info.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Info(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def get_info( self, diff --git a/crowdsec_service_api/services/integrations.py b/crowdsec_service_api/services/integrations.py index 4583420..d6b37e8 100644 --- a/crowdsec_service_api/services/integrations.py +++ b/crowdsec_service_api/services/integrations.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Integrations(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def get_integrations( self, @@ -31,7 +33,7 @@ def get_integrations( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return IntegrationGetResponsePage(**response.json()) + return IntegrationGetResponsePage(_client=self, **response.json()) def create_integration( self, @@ -77,11 +79,16 @@ def get_integration( def delete_integration( self, integration_id: str, + force: bool = False, ): endpoint_url = "/integrations/{integration_id}" loc = locals() headers = {} - params = {} + params = json.loads( + IntegrationsDeleteIntegrationQueryParameters(**loc).model_dump_json( + exclude_none=True + ) + ) path_params = json.loads( IntegrationsDeleteIntegrationPathParameters(**loc).model_dump_json( exclude_none=True @@ -124,7 +131,7 @@ def get_integration_content( integration_id: str, page: int = 1, page_size: Optional[int] = None, - ): + )-> str: endpoint_url = "/integrations/{integration_id}/content" loc = locals() headers = {} @@ -143,7 +150,7 @@ def get_integration_content( url=endpoint_url, path_params=path_params, params=params, headers=headers ) - return None + return response.text def get_integration_content_stream( self, diff --git a/crowdsec_service_api/services/metrics.py b/crowdsec_service_api/services/metrics.py index 8f5d97f..37cdeb0 100644 --- a/crowdsec_service_api/services/metrics.py +++ b/crowdsec_service_api/services/metrics.py @@ -10,6 +10,8 @@ from ..http_client import HttpClient class Metrics(Service): + def __init__(self, auth: Auth, base_url: str = "https://admin.api.crowdsec.net/v1") -> None: + super().__init__(base_url=base_url, auth=auth, user_agent="crowdsec_service_api/1.96.0") def get_metrics_remediation( self, diff --git a/doc/Allowlists.md b/doc/Allowlists.md index 90cccd2..b215c8b 100644 --- a/doc/Allowlists.md +++ b/doc/Allowlists.md @@ -38,16 +38,19 @@ ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.list_allowlists( - page=1, - size=50, -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.list_allowlists( + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -71,20 +74,23 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, AllowlistCreateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) +client = Allowlists(auth=auth) request = AllowlistCreateRequest( name=None, description=None, ) -response = client.create_allowlist( - request=request, -) -print(response) +try: + response = client.create_allowlist( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -109,15 +115,18 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.get_allowlist( - allowlist_id='allowlist_id', -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.get_allowlist( + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -141,16 +150,19 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.delete_allowlist( - allowlist_id='allowlist_id', - force=True, -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.delete_allowlist( + allowlist_id='allowlist_id', + force=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -176,21 +188,24 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, AllowlistUpdateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) +client = Allowlists(auth=auth) request = AllowlistUpdateRequest( name=None, description=None, ) -response = client.update_allowlist( - request=request, - allowlist_id='allowlist_id', -) -print(response) +try: + response = client.update_allowlist( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -217,17 +232,20 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.get_allowlist_items( - allowlist_id='allowlist_id', - page=1, - size=50, -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_items( + allowlist_id='allowlist_id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -251,22 +269,25 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, AllowlistItemsCreateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) +client = Allowlists(auth=auth) request = AllowlistItemsCreateRequest( items=None, description=None, expiration=None, ) -response = client.create_allowlist_items( - request=request, - allowlist_id='allowlist_id', -) -print(response) +try: + response = client.create_allowlist_items( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -292,16 +313,19 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.get_allowlist_item( - allowlist_id='allowlist_id', - item_id='item_id', -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_item( + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -325,16 +349,19 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.delete_allowlist_item( - allowlist_id='allowlist_id', - item_id='item_id', -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.delete_allowlist_item( + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -361,22 +388,25 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, AllowlistItemUpdateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) +client = Allowlists(auth=auth) request = AllowlistItemUpdateRequest( description=None, expiration=None, ) -response = client.update_allowlist_item( - request=request, - allowlist_id='allowlist_id', - item_id='item_id', -) -print(response) +try: + response = client.update_allowlist_item( + request=request, + allowlist_id='allowlist_id', + item_id='item_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -403,17 +433,20 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.get_allowlist_subscribers( - allowlist_id='allowlist_id', - page=1, - size=50, -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.get_allowlist_subscribers( + allowlist_id='allowlist_id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -439,21 +472,24 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, AllowlistSubscriptionRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) +client = Allowlists(auth=auth) request = AllowlistSubscriptionRequest( ids=None, entity_type=None, ) -response = client.subscribe_allowlist( - request=request, - allowlist_id='allowlist_id', -) -print(response) +try: + response = client.subscribe_allowlist( + request=request, + allowlist_id='allowlist_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -477,15 +513,18 @@ print(response) ```python from crowdsec_service_api import ( Allowlists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Allowlists(base_url=Server.production_server.value, auth=auth) -response = client.unsubscribe_allowlist( - allowlist_id='allowlist_id', - entity_id='entity_id', -) -print(response) +client = Allowlists(auth=auth) +try: + response = client.unsubscribe_allowlist( + allowlist_id='allowlist_id', + entity_id='entity_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Blocklists.md b/doc/Blocklists.md index cd370ab..78168f1 100644 --- a/doc/Blocklists.md +++ b/doc/Blocklists.md @@ -45,21 +45,24 @@ ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.get_blocklists( - page=1, - page_size=100, - subscribed_only=True, - exclude_subscribed=True, - include_filter=['private', 'shared'], - category=None, - size=50, -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.get_blocklists( + page=1, + page_size=100, + subscribed_only=True, + exclude_subscribed=True, + include_filter=['private', 'shared'], + category=None, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -84,12 +87,12 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistCreateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistCreateRequest( name=None, label=None, @@ -97,10 +100,13 @@ request = BlocklistCreateRequest( references=None, tags=None, ) -response = client.create_blocklist( - request=request, -) -print(response) +try: + response = client.create_blocklist( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -126,12 +132,12 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistSearchRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistSearchRequest( page=None, page_size=None, @@ -146,12 +152,15 @@ request = BlocklistSearchRequest( is_private=None, is_subscribed=None, ) -response = client.search_blocklist( - request=request, - page=1, - size=50, -) -print(response) +try: + response = client.search_blocklist( + request=request, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -176,15 +185,18 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.get_blocklist( - blocklist_id='sample-blocklist-id', -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.get_blocklist( + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -208,16 +220,19 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.delete_blocklist( - blocklist_id='sample-blocklist-id', - force=True, -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.delete_blocklist( + blocklist_id='sample-blocklist-id', + force=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -245,12 +260,12 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistUpdateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistUpdateRequest( label=None, description=None, @@ -259,11 +274,14 @@ request = BlocklistUpdateRequest( from_cti_query=None, since=None, ) -response = client.update_blocklist( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.update_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -290,21 +308,24 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistAddIPsRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistAddIPsRequest( ips=None, expiration=None, ) -response = client.add_ips_to_blocklist( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.add_ips_to_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -331,21 +352,24 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistAddIPsRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistAddIPsRequest( ips=None, expiration=None, ) -response = client.overwrite_ips( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.overwrite_ips( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -371,20 +395,23 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistDeleteIPsRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistDeleteIPsRequest( ips=None, ) -response = client.delete_ips_from_blocklist( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.delete_ips_from_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -413,17 +440,20 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.download_blocklist_content( - blocklist_id='sample-blocklist-id', - if_modified_since=None, - if_none_match=None, -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.download_blocklist_content( + blocklist_id='sample-blocklist-id', + if_modified_since=None, + if_none_match=None, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -450,17 +480,20 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.get_blocklist_subscribers( - blocklist_id='sample-blocklist-id', - page=1, - size=50, -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.get_blocklist_subscribers( + blocklist_id='sample-blocklist-id', + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -486,22 +519,25 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistSubscriptionRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistSubscriptionRequest( ids=None, entity_type=None, remediation=None, ) -response = client.subscribe_blocklist( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.subscribe_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -525,16 +561,19 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.unsubscribe_blocklist( - blocklist_id='sample-blocklist-id', - entity_id='entity_id', -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.unsubscribe_blocklist( + blocklist_id='sample-blocklist-id', + entity_id='entity_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -559,20 +598,23 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, BlocklistShareRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) +client = Blocklists(auth=auth) request = BlocklistShareRequest( organizations=None, ) -response = client.share_blocklist( - request=request, - blocklist_id='sample-blocklist-id', -) -print(response) +try: + response = client.share_blocklist( + request=request, + blocklist_id='sample-blocklist-id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -597,15 +639,18 @@ print(response) ```python from crowdsec_service_api import ( Blocklists, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Blocklists(base_url=Server.production_server.value, auth=auth) -response = client.unshare_blocklist( - blocklist_id='sample-blocklist-id', - unshare_organization_id='unshare_organization_id', -) -print(response) +client = Blocklists(auth=auth) +try: + response = client.unshare_blocklist( + blocklist_id='sample-blocklist-id', + unshare_organization_id='unshare_organization_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Cves.md b/doc/Cves.md deleted file mode 100644 index c8f396a..0000000 --- a/doc/Cves.md +++ /dev/null @@ -1,153 +0,0 @@ - - -# Cves Methods -| Method | Description | -| ------ | ----------- | -| [get_cve](#get_cve) | Get information about a specific CVE ID | -| [get_cve_ips](#get_cve_ips) | Get information about IPs exploiting a specific CVE ID | -| [subscribe_integration_to_cve](#subscribe_integration_to_cve) | Subscribe an integration to receive threats related to a specific CVE ID | -| [unsubscribe_integration_from_cve](#unsubscribe_integration_from_cve) | Unsubscribe an integration from receiving threats related to a specific CVE ID | - -## **get_cve** -### Get information about a specific CVE ID -- Endpoint: `/cves/{cve_id}` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -### Returns: -[GetCVEResponse](./Models.md#getcveresponse) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_service_api import ( - Cves, - Server, - ApiKeyAuth, -) -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(base_url=Server.production_server.value, auth=auth) -response = client.get_cve( - cve_id='cve_id', -) -print(response) -``` - - -## **get_cve_ips** -### Get information about IPs exploiting a specific CVE ID -- Endpoint: `/cves/{cve_id}/ips` -- Method: `GET` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| since | Optional[str] | Filter IPs seen since this date, format duration (e.g., 7d, 24h) | False | None | -| page | int | Page number | False | 1 | -| size | int | Page size | False | 50 | -### Returns: -[GetCVEIPsResponsePage](./Models.md#getcveipsresponsepage) -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | CVE Not Found | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_service_api import ( - Cves, - Server, - ApiKeyAuth, -) -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(base_url=Server.production_server.value, auth=auth) -response = client.get_cve_ips( - cve_id='cve_id', - since=None, - page=1, - size=50, -) -print(response) -``` - - -## **subscribe_integration_to_cve** -### Subscribe an integration to receive threats related to a specific CVE ID -- Endpoint: `/cves/{cve_id}/integrations` -- Method: `POST` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| request | [SubscribeCVEIntegrationRequest](./Models.md#subscribecveintegrationrequest) | Request body | Yes | - | -| cve_id | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | Integration Not Found | -| 400 | CVE Already Subscribed | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_service_api import ( - Cves, - Server, - ApiKeyAuth, - SubscribeCVEIntegrationRequest, -) -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(base_url=Server.production_server.value, auth=auth) -request = SubscribeCVEIntegrationRequest( - name=None, -) -response = client.subscribe_integration_to_cve( - request=request, - cve_id='cve_id', -) -print(response) -``` - - -## **unsubscribe_integration_from_cve** -### Unsubscribe an integration from receiving threats related to a specific CVE ID -- Endpoint: `/cves/{cve_id}/integrations/{integration_name}` -- Method: `DELETE` - -### Parameters: -| Parameter | Type | Description | Required | Default | -| --------- | ---- | ----------- | -------- | ------- | -| cve_id | str | | True | | -| integration_name | str | | True | | -### Errors: -| Code | Description | -| ---- | ----------- | -| 404 | Integration Not Found | -| 400 | CVE Already Unsubscribed | -| 422 | Validation Error | -### Usage - -```python -from crowdsec_service_api import ( - Cves, - Server, - ApiKeyAuth, -) -auth = ApiKeyAuth(api_key='your_api_key') -client = Cves(base_url=Server.production_server.value, auth=auth) -response = client.unsubscribe_integration_from_cve( - cve_id='cve_id', - integration_name='integration_name', -) -print(response) -``` - diff --git a/doc/Hub.md b/doc/Hub.md index 677fb51..8ee7fc9 100644 --- a/doc/Hub.md +++ b/doc/Hub.md @@ -36,17 +36,20 @@ content is returned. | ```python from crowdsec_service_api import ( Hub, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Hub(base_url=Server.production_server.value, auth=auth) -response = client.get_index( - branch='branch', - tenant='tenant', - with_content=True, -) -print(response) +client = Hub(auth=auth) +try: + response = client.get_index( + branch='branch', + tenant='tenant', + with_content=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -74,17 +77,20 @@ cache expiration policies. No body content is returned. ```python from crowdsec_service_api import ( Hub, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Hub(base_url=Server.production_server.value, auth=auth) -response = client.head_index( - branch='branch', - tenant='tenant', - with_content=True, -) -print(response) +client = Hub(auth=auth) +try: + response = client.head_index( + branch='branch', + tenant='tenant', + with_content=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -109,17 +115,20 @@ print(response) ```python from crowdsec_service_api import ( Hub, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Hub(base_url=Server.production_server.value, auth=auth) -response = client.get_item_content( - item_path='item_path', - branch='branch', - tenant='tenant', -) -print(response) +client = Hub(auth=auth) +try: + response = client.get_item_content( + item_path='item_path', + branch='branch', + tenant='tenant', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -145,16 +154,19 @@ content is returned. ```python from crowdsec_service_api import ( Hub, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Hub(base_url=Server.production_server.value, auth=auth) -response = client.head_item_content( - item_path='item_path', - branch='branch', - tenant='tenant', -) -print(response) +client = Hub(auth=auth) +try: + response = client.head_item_content( + item_path='item_path', + branch='branch', + tenant='tenant', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Info.md b/doc/Info.md index 32f783f..234ba08 100644 --- a/doc/Info.md +++ b/doc/Info.md @@ -20,13 +20,16 @@ ```python from crowdsec_service_api import ( Info, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Info(base_url=Server.production_server.value, auth=auth) -response = client.get_info( -) -print(response) +client = Info(auth=auth) +try: + response = client.get_info( + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Integrations.md b/doc/Integrations.md index 0c8619d..3d9ce1d 100644 --- a/doc/Integrations.md +++ b/doc/Integrations.md @@ -34,17 +34,20 @@ ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.get_integrations( - tag=None, - page=1, - size=50, -) -print(response) +client = Integrations(auth=auth) +try: + response = client.get_integrations( + tag=None, + page=1, + size=50, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -68,22 +71,25 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, IntegrationCreateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) +client = Integrations(auth=auth) request = IntegrationCreateRequest( name=None, description=None, entity_type=None, output_format=None, ) -response = client.create_integration( - request=request, -) -print(response) +try: + response = client.create_integration( + request=request, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -107,15 +113,18 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.get_integration( - integration_id='integration_id', -) -print(response) +client = Integrations(auth=auth) +try: + response = client.get_integration( + integration_id='integration_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -128,6 +137,7 @@ print(response) | Parameter | Type | Description | Required | Default | | --------- | ---- | ----------- | -------- | ------- | | integration_id | str | | True | | +| force | bool | Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists) | False | False | ### Errors: | Code | Description | | ---- | ----------- | @@ -137,15 +147,19 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.delete_integration( - integration_id='integration_id', -) -print(response) +client = Integrations(auth=auth) +try: + response = client.delete_integration( + integration_id='integration_id', + force=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -170,23 +184,26 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, IntegrationUpdateRequest, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) +client = Integrations(auth=auth) request = IntegrationUpdateRequest( name=None, description=None, output_format=None, regenerate_credentials=None, ) -response = client.update_integration( - request=request, - integration_id='integration_id', -) -print(response) +try: + response = client.update_integration( + request=request, + integration_id='integration_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -201,27 +218,33 @@ print(response) | integration_id | str | | True | | | page | int | Page number to return | False | 1 | | page_size | Optional[int] | Maximum number of items to return, 0 means no limit (default), should be greater than 10000 | False | None | +### Returns: +[str](./Models.md#str) ### Errors: | Code | Description | | ---- | ----------- | | 404 | Integration not found | +| 204 | Integration has no subscribed blocklists or no content available | | 422 | Validation Error | ### Usage ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.get_integration_content( - integration_id='integration_id', - page=1, - page_size=None, -) -print(response) +client = Integrations(auth=auth) +try: + response = client.get_integration_content( + integration_id='integration_id', + page=1, + page_size=None, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -244,15 +267,18 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.head_integration_content( - integration_id='integration_id', -) -print(response) +client = Integrations(auth=auth) +try: + response = client.head_integration_content( + integration_id='integration_id', + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` @@ -276,15 +302,18 @@ print(response) ```python from crowdsec_service_api import ( Integrations, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Integrations(base_url=Server.production_server.value, auth=auth) -response = client.get_integration_content_stream( - integration_id='integration_id', - startup=True, -) -print(response) +client = Integrations(auth=auth) +try: + response = client.get_integration_content_stream( + integration_id='integration_id', + startup=True, + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Metrics.md b/doc/Metrics.md index 14a4942..4d88515 100644 --- a/doc/Metrics.md +++ b/doc/Metrics.md @@ -29,18 +29,21 @@ ```python from crowdsec_service_api import ( Metrics, - Server, ApiKeyAuth, ) +from httpx import HTTPStatusError auth = ApiKeyAuth(api_key='your_api_key') -client = Metrics(base_url=Server.production_server.value, auth=auth) -response = client.get_metrics_remediation( - start_date='start_date', - end_date='end_date', - engine_ids=['sample-item'], - integration_ids=['sample-item'], - tags=['sample-item'], -) -print(response) +client = Metrics(auth=auth) +try: + response = client.get_metrics_remediation( + start_date='start_date', + end_date='end_date', + engine_ids=['sample-item'], + integration_ids=['sample-item'], + tags=['sample-item'], + ) + print(response) +except HTTPStatusError as e: + print(f"An error occurred: {e.response.status_code} - {e.response.text}") ``` diff --git a/doc/Models.md b/doc/Models.md index 89efd30..3ea65f1 100644 --- a/doc/Models.md +++ b/doc/Models.md @@ -34,7 +34,7 @@ id, allowlist_id, description, scope, value, created_at, created_by | id | str | ID of the allowlist entry || | allowlist_id | str | ID of the allowlist || | description | str | Description of the allowlist entry || -| scope | str | None || +| scope | AllowlistScope | None || | value | Union[str, str] | Value of the allowlist entry || | created_at | str | Time the allowlist entry was created || | updated_at | Optional[str] | Time the allowlist entry was updated || @@ -101,7 +101,7 @@ id, allowlist_id, description, scope, value, created_at, updated_at, created_by, | id | str | ID of the allowlist entry || | allowlist_id | str | ID of the allowlist || | description | str | Description of the allowlist entry || -| scope | str | None || +| scope | AllowlistScope | None || | value | Union[str, str] | Value of the allowlist entry || | created_at | str | Time the allowlist entry was created || | updated_at | str | Time the allowlist entry was updated || @@ -130,7 +130,7 @@ id, entity_type | Property | Type | Description | Example | |----------|------|-------------|---------| | id | str | Subscriber entity id || -| entity_type | str | None || +| entity_type | SubscriberEntityType | None || # **AllowlistSubscriberEntityPage** ## Required: @@ -151,7 +151,7 @@ entity_type, count ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| entity_type | str | None || +| entity_type | SubscriberEntityType | None || | count | int | Subscriber entity count || # **AllowlistSubscriptionRequest** @@ -161,7 +161,7 @@ entity_type | Property | Type | Description | Example | |----------|------|-------------|---------| | ids | list[str] | List of subscriber entity id || -| entity_type | str | None || +| entity_type | EntityType | None || # **AllowlistSubscriptionResponse** ## Required: @@ -294,7 +294,7 @@ label, id, pricing_tier |----------|------|-------------|---------| | label | str | Label of the blocklist || | id | str | ID of the blocklist || -| pricing_tier | str | None || +| pricing_tier | PricingTiers | None || # **BlocklistSearchRequest** ## Properties @@ -347,7 +347,7 @@ id, entity_type, remediation | Property | Type | Description | Example | |----------|------|-------------|---------| | id | str | Subscriber entity id || -| entity_type | str | None || +| entity_type | SubscriberEntityType | None || | remediation | str | Remediation || # **BlocklistSubscriberEntityPage** @@ -369,7 +369,7 @@ entity_type, count ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| entity_type | str | None || +| entity_type | SubscriberEntityType | None || | count | int | Subscriber entity count || # **BlocklistSubscription** @@ -390,7 +390,7 @@ entity_type | Property | Type | Description | Example | |----------|------|-------------|---------| | ids | list[str] | List of subscriber entity id || -| entity_type | str | None || +| entity_type | SubscriberEntityType | None || | remediation | Optional[str] | Remediation || # **BlocklistSubscriptionResponse** @@ -432,6 +432,14 @@ file |----------|------|-------------|---------| | file | str | Blocklist file in txt format || +# **CVESubscription** +## Required: +id +## Properties +| Property | Type | Description | Example | +|----------|------|-------------|---------| +| id | str | CVE ID || + # **ComputedMetrics** ## Required: saved @@ -551,12 +559,12 @@ name, entity_type, output_format |----------|------|-------------|---------| | name | str | Name of the integration || | description | str | Description of the integration || -| entity_type | str | None || -| output_format | str | None || +| entity_type | IntegrationType | None || +| output_format | OutputFormat | None || # **IntegrationCreateResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, endpoint, credentials +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, endpoint, credentials ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -566,10 +574,11 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | description | str | Description of the integration || | created_at | str | Time the integration was created || | updated_at | str | Last time the integration was updated || -| entity_type | str | None || -| output_format | str | None || +| entity_type | IntegrationType | None || +| output_format | OutputFormat | None || | last_pull | Optional[str] | Last time the integration pulled blocklists || | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || +| cves | list[CVESubscription] | CVEs that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -577,7 +586,7 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b # **IntegrationGetResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, endpoint +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, endpoint ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -587,10 +596,11 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | description | str | Description of the integration || | created_at | str | Time the integration was created || | updated_at | str | Last time the integration was updated || -| entity_type | str | None || -| output_format | str | None || +| entity_type | IntegrationType | None || +| output_format | OutputFormat | None || | last_pull | Optional[str] | Last time the integration pulled blocklists || | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || +| cves | list[CVESubscription] | CVEs that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -618,12 +628,12 @@ FIREWALL_INTEGRATION, REMEDIATION_COMPONENT_INTEGRATION |----------|------|-------------|---------| | name | str | New name || | description | str | New description || -| output_format | str | None || +| output_format | OutputFormat | None || | regenerate_credentials | bool | Regenerate credentials for the integration || # **IntegrationUpdateResponse** ## Required: -id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, endpoint +id, name, organization_id, created_at, updated_at, entity_type, output_format, blocklists, cves, endpoint ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| @@ -633,10 +643,11 @@ id, name, organization_id, created_at, updated_at, entity_type, output_format, b | description | str | Description of the integration || | created_at | str | Time the integration was created || | updated_at | str | Last time the integration was updated || -| entity_type | str | None || -| output_format | str | None || +| entity_type | IntegrationType | None || +| output_format | OutputFormat | None || | last_pull | Optional[str] | Last time the integration pulled blocklists || | blocklists | list[BlocklistSubscription] | Blocklists that are subscribed by the integration || +| cves | list[CVESubscription] | CVEs that are subscribed by the integration || | endpoint | str | Url that should be used by the firewall or the remediation component to fetch the integration's content || | stats | Stats | None || | tags | list[str] | Tags associated with the integration || @@ -692,8 +703,8 @@ id, created_at, updated_at, name, description, is_private, pricing_tier, source, | references | list[str] | Blocklist references || | is_private | bool | Private blocklist if True or public if False || | tags | list[str] | Classification tags || -| pricing_tier | str | None || -| source | str | None || +| pricing_tier | PricingTiers | None || +| source | BlocklistSources | None || | stats | BlocklistStats | None || | from_cti_query | Optional[str] | CTI query from which the blocklist was created || | since | Optional[str] | Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days || @@ -729,7 +740,7 @@ total, unit, progression, data | Property | Type | Description | Example | |----------|------|-------------|---------| | total | Union[int, float] | Total value of the metric || -| unit | str | None || +| unit | MetricUnits | None || | progression | Optional[int] | Progression of the metric value from the previous period || | data | list[OriginMetrics] | Data points per origin || @@ -749,7 +760,7 @@ organization_id, permission | Property | Type | Description | Example | |----------|------|-------------|---------| | organization_id | str | None || -| permission | str | None || +| permission | Permission | None || # **SourceInfo** ## Required: @@ -757,7 +768,7 @@ source_type, identifier ## Properties | Property | Type | Description | Example | |----------|------|-------------|---------| -| source_type | str | None || +| source_type | SourceType | None || | identifier | str | The source identifier that created the allowlist entry || # **SourceType** @@ -902,181 +913,4 @@ digest | Property | Type | Description | Example | |----------|------|-------------|---------| | deprecated | Optional[bool] | Indicates whether this version is deprecated. || -| digest | str | The SHA256 digest of the versioned file. || - -# **AffectedComponent** -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| vendor | str | Vendor of the affected component || -| product | str | Product name of the affected component || - -# **AttackDetail** -## Required: -name, label, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | Attack detail name || -| label | str | Attack detail label || -| description | str | Attack detail description || -| references | list[str] | Attack detail references || - -# **Behavior** -## Required: -name, label, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | Behavior name || -| label | str | Behavior label || -| description | str | Behavior description || - -# **Classification** -## Required: -name, label, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | Classification name || -| label | str | Classification label || -| description | str | Classification description || - -# **Classifications** -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| false_positives | list[Classification] | False positive classifications || -| classifications | list[Classification] | Main classifications || - -# **GetCVEIPsResponsePage** -## Required: -items, total, page, size, pages, links -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| items | list[IPItem] | None || -| total | int | None || -| page | int | None || -| size | int | None || -| pages | int | None || -| links | Links | None || - -# **GetCVEResponse** -## Required: -id, name, affected_components, let_score, first_seen, last_seen, nb_ips, published_date, cvss_score, references, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| id | str | ID of the CVE || -| name | str | Name of the CVE || -| affected_components | list[AffectedComponent] | List of affected components || -| let_score | int | LET score of the CVE || -| first_seen | str | First seen date || -| last_seen | str | Last seen date || -| nb_ips | int | Number of unique IPs affected || -| published_date | str | Published date of the CVE || -| cvss_score | float | CVSS score of the CVE || -| references | list[str] | List of references for the CVE || -| description | str | Description of the CVE || - -# **History** -## Required: -first_seen, last_seen, full_age, days_age -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| first_seen | str | First seen timestamp || -| last_seen | str | Last seen timestamp || -| full_age | int | Full age in days || -| days_age | int | Days age || - -# **IPItem** -## Required: -ip -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| ip | str | IP address || -| reputation | str | Reputation of the IP || -| ip_range | Optional[str] | IP range || -| ip_range_score | Optional[int] | IP range score || -| ip_range_24 | Optional[str] | IP range /24 || -| ip_range_24_reputation | Optional[str] | IP range /24 reputation || -| ip_range_24_score | Optional[int] | IP range /24 score || -| as_name | Optional[str] | AS name || -| as_num | Optional[int] | AS number || -| background_noise_score | int | Background noise score || -| background_noise | Optional[str] | Background noise level || -| confidence | Optional[str] | Confidence level || -| location | Optional[Location] | IP location information || -| reverse_dns | Optional[str] | Reverse DNS || -| behaviors | list[Behavior] | List of behaviors || -| references | list[Reference] | List of references || -| history | History | None || -| classifications | Classifications | None || -| mitre_techniques | list[MitreTechnique] | MITRE techniques || -| cves | list[str] | List of CVEs || -| attack_details | list[AttackDetail] | Attack details || -| target_countries | Target Countries | Target countries || -| scores | Scores | None || - -# **Location** -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| country | Optional[str] | Country code || -| city | Optional[str] | City name || -| latitude | Optional[float] | Latitude coordinate || -| longitude | Optional[float] | Longitude coordinate || - -# **MitreTechnique** -## Required: -name, label, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | MITRE technique ID || -| label | str | MITRE technique label || -| description | str | MITRE technique description || - -# **Reference** -## Required: -name, label, description -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | Reference name || -| label | str | Reference label || -| description | str | Reference description || - -# **ScoreBreakdown** -## Required: -aggressiveness, threat, trust, anomaly, total -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| aggressiveness | int | Aggressiveness score || -| threat | int | Threat score || -| trust | int | Trust score || -| anomaly | int | Anomaly score || -| total | int | Total score || - -# **Scores** -## Required: -overall, last_day, last_week, last_month -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| overall | ScoreBreakdown | None || -| last_day | ScoreBreakdown | None || -| last_week | ScoreBreakdown | None || -| last_month | ScoreBreakdown | None || - -# **SubscribeCVEIntegrationRequest** -## Required: -name -## Properties -| Property | Type | Description | Example | -|----------|------|-------------|---------| -| name | str | Name of the integration to subscribe || \ No newline at end of file +| digest | str | The SHA256 digest of the versioned file. || \ No newline at end of file diff --git a/doc/README.md b/doc/README.md index 97e0a89..5d75eed 100644 --- a/doc/README.md +++ b/doc/README.md @@ -23,8 +23,6 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [Hub](./Hub.md) -[Cves](./Cves.md) - ## API Endpoint models [AllowlistCreateRequest](./Models.md#allowlistcreaterequest) @@ -107,6 +105,8 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [Body_uploadBlocklistContent](./Models.md#body_uploadblocklistcontent) +[CVESubscription](./Models.md#cvesubscription) + [ComputedMetrics](./Models.md#computedmetrics) [ComputedSavedMetrics](./Models.md#computedsavedmetrics) @@ -195,34 +195,4 @@ You can find a Quickstart about this SDK, following this [documentation](https:/ [ScenarioIndex](./Models.md#scenarioindex) -[VersionDetail](./Models.md#versiondetail) - -[AffectedComponent](./Models.md#affectedcomponent) - -[AttackDetail](./Models.md#attackdetail) - -[Behavior](./Models.md#behavior) - -[Classification](./Models.md#classification) - -[Classifications](./Models.md#classifications) - -[GetCVEIPsResponsePage](./Models.md#getcveipsresponsepage) - -[GetCVEResponse](./Models.md#getcveresponse) - -[History](./Models.md#history) - -[IPItem](./Models.md#ipitem) - -[Location](./Models.md#location) - -[MitreTechnique](./Models.md#mitretechnique) - -[Reference](./Models.md#reference) - -[ScoreBreakdown](./Models.md#scorebreakdown) - -[Scores](./Models.md#scores) - -[SubscribeCVEIntegrationRequest](./Models.md#subscribecveintegrationrequest) \ No newline at end of file +[VersionDetail](./Models.md#versiondetail) \ No newline at end of file diff --git a/openapi.json b/openapi.json index 67c1dc6..b3bebe4 100644 --- a/openapi.json +++ b/openapi.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "Service API", "description": "This is the API to manage Crowdsec services", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.87.2"}, "paths": {"/allowlists": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist", "description": "Create a new allowlist for an organization", "operationId": "createAllowlist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "List Allowlists", "description": "List all allowlists for an organization", "operationId": "listAllowlists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist", "description": "Get an allowlist by ID", "operationId": "getAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist", "description": "Update an allowlist by ID", "operationId": "updateAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist", "description": "Delete an allowlist by ID", "operationId": "deleteAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the allowlist, even if it has subscribers", "default": false, "title": "Force"}, "description": "Force delete the allowlist, even if it has subscribers"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist Items", "description": "Create items for an allowlist", "operationId": "createAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemsCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "Get Allowlist Items", "description": "Get items in an allowlist", "operationId": "getAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponsePage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items/{item_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Item", "description": "Get an allowlist item by ID", "operationId": "getAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist Item", "description": "Update an allowlist item by ID", "operationId": "updateAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist Item", "description": "Delete an allowlist item by ID", "operationId": "deleteAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Subscribers", "description": "Get subscribers of an allowlist", "operationId": "getAllowlistSubscribers", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriberEntityPage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "post": {"tags": ["Allowlists"], "summary": "Subscribe Allowlist", "description": "Subscribe to an allowlist", "operationId": "subscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Allowlists"], "summary": "Unsubscribe Allowlist", "description": "Unsubscribe from an allowlist", "operationId": "unsubscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists": {"post": {"tags": ["Blocklists"], "summary": "Create Blocklist", "description": "Create a new blocklist owned by your organization. The name must be unique within your organization. The list will only be visible to your organization and organizations you shared the blocklist with. This operation is submitted to quotas", "operationId": "createBlocklist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "409": {"description": "Blocklist already exists"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklists", "description": "Get multiple blocklists. Only blocklists owned by your organization, shared with your organization or public blocklists are returned. Filters and pagination are available as query parameters.", "operationId": "getBlocklists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "page_size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 1000, "description": "Page size", "default": 100, "title": "Page Size"}, "description": "Page size"}, {"name": "subscribed_only", "in": "query", "required": false, "schema": {"type": "boolean", "description": "only subscribed blocklists", "default": false, "title": "Subscribed Only"}, "description": "only subscribed blocklists"}, {"name": "exclude_subscribed", "in": "query", "required": false, "schema": {"type": "boolean", "description": "exclude subscribed blocklists", "default": false, "title": "Exclude Subscribed"}, "description": "exclude subscribed blocklists"}, {"name": "include_filter", "in": "query", "required": false, "schema": {"type": "array", "items": {"$ref": "#/components/schemas/BlocklistIncludeFilters"}, "description": "Include blocklists with the specified filters", "default": ["private", "shared"], "title": "Include Filter"}, "description": "Include blocklists with the specified filters"}, {"name": "category", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "Filter by category", "title": "Category"}, "description": "Filter by category"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/search": {"post": {"tags": ["Blocklists"], "summary": "Search Blocklists", "description": "Search blocklists", "operationId": "searchBlocklist", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSearchRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}": {"get": {"tags": ["Blocklists"], "summary": "Get Blocklist", "description": "Get the details of a blocklist by ID. The content of the blocklist is not returned.", "operationId": "getBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Blocklists"], "summary": "Update Blocklist", "description": "Update a blocklist's details by ID. It is not possible to update the blocklist content using this operation.", "operationId": "updateBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Blocklists"], "summary": "Delete Blocklist", "description": "Delete a blocklist by ID. If the blocklist is shared with other organizations or it has subscriptions, the operation will fail. If you want to force delete the blocklist, you can use the force query parameter, so the blocklists will be unshared / unsubscribed.", "operationId": "deleteBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the blocklist if it is shared or subscribed", "default": false, "title": "Force"}, "description": "Force delete the blocklist if it is shared or subscribed"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/upload": {"post": {"tags": ["Blocklists"], "summary": "Upload Blocklist Content", "description": "Upload a blocklist. The file must be in txt format with one IP per line. This operation will overwrite the existing blocklist content.", "operationId": "uploadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "expiration", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "description": "Blocklist expiration", "examples": "2025-12-02T14:55:58.773978+00:00", "title": "Expiration"}, "description": "Blocklist expiration"}, {"name": "ignore_invalid_ips", "in": "query", "required": false, "schema": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "description": "Ignore invalid IPs", "default": false, "title": "Ignore Invalid Ips"}, "description": "Ignore invalid IPs"}], "requestBody": {"required": true, "content": {"multipart/form-data": {"schema": {"$ref": "#/components/schemas/Body_uploadBlocklistContent"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "400": {"description": "Invalid IP in blocklist file content"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips": {"post": {"tags": ["Blocklists"], "summary": "Add Ips To Blocklist", "description": "Add IPs to a blocklist. If an IP is already in the blocklist, its expiration will be updated with the new expiration.", "operationId": "addIpsToBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/bulk_overwrite": {"post": {"tags": ["Blocklists"], "summary": "Bulk Overwrite Blocklist Ips", "description": "Overwrite blocklist content", "operationId": "overwriteIps", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"202": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/delete": {"post": {"tags": ["Blocklists"], "summary": "Delete Ips From Blocklist", "description": "Delete IPs from a blocklist", "operationId": "deleteIpsFromBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistDeleteIPsRequest"}}}}, "responses": {"204": {"description": "Successful Response"}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/download": {"get": {"tags": ["Blocklists"], "summary": "Download Blocklist Content", "description": "Download blocklist content as a list of ips as plain text separated by new lines. The response will include the ETag header for cache control. If_Modified_Since and If_None_Match cache control headers are supported for conditional requests.", "operationId": "downloadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "if-modified-since", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_Modified_Since cache control header", "title": "If-Modified-Since"}, "description": "If_Modified_Since cache control header"}, {"name": "if-none-match", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_None_Match cache control header", "title": "If-None-Match"}, "description": "If_None_Match cache control header"}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Blocklist not found"}, "204": {"description": "Blocklist is empty"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers": {"post": {"tags": ["Blocklists"], "summary": "Subscribe Blocklist", "description": "Subscribe to a blocklist with a remediation type. If the entity type is the full organization or a Tag, all the engines belonging to the organization or the Tag will be subscribed and new engines that will join the organization or the Tag will also be automatically subscribed. If the subscription has been done on an organization or Tag you cannot unsubscribe individual engines. In case of errors for some subscribers, the operation will still succeed for the entities that were successfully subscribed and you'll have the list of errors in the operation's result. This operation is submitted to quotas.", "operationId": "subscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklist Subscribers", "description": "Get blocklist subscribers within your organization.", "operationId": "getBlocklistSubscribers", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriberEntityPage"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unsubscribe Blocklist", "description": "Unsubscribe from a blocklist. You cannot unsubscribe individual engines if the subscription has been done on an organization or Tag.", "operationId": "unsubscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares": {"post": {"tags": ["Blocklists"], "summary": "Share Blocklist", "description": "Share a blocklist with other organizations given their IDs. The blocklist must be owned by your organization. You can give read-only access or read-write access to the blocklist. Sharing a blocklist will not automatically subscribe the shared organizations to the blocklist.", "operationId": "shareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistShareRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares/{unshare_organization_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unshare Blocklist", "description": "Unshare a blocklist with other organizations. If the blocklist is subscribed by the organization, the operation will fail.Use force query parameter to unshare a blocklist even if subscriptions exists.", "operationId": "unshareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "unshare_organization_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Unshare Organization Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/info": {"get": {"tags": ["Info"], "summary": "Get Me Info", "description": "Get the current user and organization informations", "operationId": "getInfo", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/InfoResponse"}}}}}}}, "/metrics/remediation": {"get": {"tags": ["Metrics"], "summary": "Get Metrics Remediation", "description": "Get remediation metrics", "operationId": "getMetricsRemediation", "parameters": [{"name": "start_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "Start date of the metrics, default to last day", "title": "Start Date"}, "description": "Start date of the metrics, default to last day"}, {"name": "end_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "End date of the metrics", "title": "End Date"}, "description": "End date of the metrics"}, {"name": "engine_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of engine ids", "default": [], "title": "Engine Ids"}, "description": "List of engine ids"}, {"name": "integration_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of integration ids", "default": [], "title": "Integration Ids"}, "description": "List of integration ids"}, {"name": "tags", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of tags", "default": [], "title": "Tags"}, "description": "List of tags"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRemediationMetricsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/hub/index/{tenant}/{branch}/.index.json": {"get": {"description": "Get a (minimized) index file for 'cscli hub update'. May or may not include unused fields\n(content, long descriptions, labels...) or redundant ones (author, name).", "operationId": "getIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get a minimized index file (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for the index file without the full content.\nIt is useful for validating cache, checking resource freshness, and managing client-side\ncache expiration policies. No body content is returned.", "operationId": "headIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for the index file", "tags": ["Hub"]}}, "/hub/index/{tenant}/{branch}/{item_path}": {"get": {"description": "Get an item's content from its path. This is usually a YAML file.", "operationId": "getItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "404": {"description": "No content field"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get an item's content (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for an item's content. It is useful for validating\ncache, checking resource freshness, and managing client-side cache expiration policies. No body\ncontent is returned.", "operationId": "headItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for an item's content", "tags": ["Hub"]}}, "/cves/{cve_id}": {"get": {"tags": ["Cves"], "summary": "Get CVE ID informations", "description": "Get information about a specific CVE ID", "operationId": "getCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEResponse"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/ips": {"get": {"tags": ["Cves"], "summary": "Get IPs exploiting a CVE ID", "description": "Get information about IPs exploiting a specific CVE ID", "operationId": "getCveIps", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "since", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "pattern": "^\\d+[hd]$"}, {"type": "null"}], "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h)", "title": "Since"}, "description": "Filter IPs seen since this date, format duration (e.g., 7d, 24h)"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetCVEIPsResponsePage"}}}}, "404": {"description": "CVE Not Found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations": {"post": {"tags": ["Cves"], "summary": "Subscribe an integration to a CVE ID", "description": "Subscribe an integration to receive threats related to a specific CVE ID", "operationId": "subscribeIntegrationToCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SubscribeCVEIntegrationRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Subscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/cves/{cve_id}/integrations/{integration_name}": {"delete": {"tags": ["Cves"], "summary": "Unsubscribe an integration from a CVE ID", "description": "Unsubscribe an integration from receiving threats related to a specific CVE ID", "operationId": "unsubscribeIntegrationFromCve", "parameters": [{"name": "cve_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Cve Id"}}, {"name": "integration_name", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Name"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration Not Found"}, "400": {"description": "CVE Already Unsubscribed"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}}, "components": {"schemas": {"AllowlistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "AllowlistCreateRequest"}, "AllowlistCreateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistCreateResponse"}, "AllowlistGetItemsResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"anyOf": [{"$ref": "#/components/schemas/SourceInfo"}, {"type": "null"}], "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "created_by"], "title": "AllowlistGetItemsResponse"}, "AllowlistGetItemsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetItemsResponsePage"}, "AllowlistGetResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistGetResponse"}, "AllowlistGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetResponsePage"}, "AllowlistItemUpdateRequest": {"properties": {"description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "title": "AllowlistItemUpdateRequest"}, "AllowlistItemUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "updated_at", "created_by", "updated_by"], "title": "AllowlistItemUpdateResponse"}, "AllowlistItemsCreateRequest": {"properties": {"items": {"items": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}]}, "type": "array", "title": "Items", "description": "List of values to add to the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "required": ["items", "description"], "title": "AllowlistItemsCreateRequest"}, "AllowlistScope": {"type": "string", "enum": ["ip", "range"], "title": "AllowlistScope"}, "AllowlistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}}, "type": "object", "required": ["id", "entity_type"], "title": "AllowlistSubscriberEntity"}, "AllowlistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistSubscriberEntityPage"}, "AllowlistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "AllowlistSubscribersCount"}, "AllowlistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/EntityType"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "AllowlistSubscriptionRequest"}, "AllowlistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated allowlist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "AllowlistSubscriptionResponse"}, "AllowlistUpdateRequest": {"properties": {"name": {"anyOf": [{"type": "string", "maxLength": 200, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "title": "AllowlistUpdateRequest"}, "AllowlistUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistUpdateResponse"}, "ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "AttacksMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "label": {"type": "string", "title": "Label", "description": "Label of the metric which is the attack type"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["total", "label", "progression", "data"], "title": "AttacksMetrics"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistAddIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}, "expiration": {"type": "string", "format": "date-time", "title": "Expiration", "description": "Expiration date", "examples": ["2030-01-01T00:00:00.000Z"]}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistAddIPsRequest"}, "BlocklistCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "priority": {"type": "integer", "title": "Priority"}}, "type": "object", "required": ["name", "label", "description", "priority"], "title": "BlocklistCategory"}, "BlocklistContentStats": {"properties": {"total_seen": {"type": "integer", "title": "Total Seen", "default": 0}, "total_fire": {"type": "integer", "title": "Total Fire", "default": 0}, "total_seen_1m": {"type": "integer", "title": "Total Seen 1M", "default": 0}, "total_in_other_lists": {"type": "integer", "title": "Total In Other Lists", "default": 0}, "total_false_positive": {"type": "integer", "title": "Total False Positive", "default": 0}, "false_positive_removed_by_crowdsec": {"type": "integer", "title": "False Positive Removed By Crowdsec", "default": 0}, "most_present_behaviors": {"items": {"$ref": "#/components/schemas/CtiBehavior"}, "type": "array", "title": "Most Present Behaviors", "default": []}, "most_present_categories": {"items": {"$ref": "#/components/schemas/CtiCategory"}, "type": "array", "title": "Most Present Categories", "default": []}, "most_present_scenarios": {"items": {"$ref": "#/components/schemas/CtiScenario"}, "type": "array", "title": "Most Present Scenarios", "default": []}, "top_as": {"items": {"$ref": "#/components/schemas/CtiAs"}, "type": "array", "title": "Top As", "default": []}, "top_attacking_countries": {"items": {"$ref": "#/components/schemas/CtiCountry"}, "type": "array", "title": "Top Attacking Countries", "default": []}, "top_ips": {"items": {"$ref": "#/components/schemas/CtiIp"}, "type": "array", "title": "Top Ips", "default": []}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistContentStats"}, "BlocklistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Blocklist name, must be unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name (Default: name)"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Useful references on the list's origins", "default": []}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}}, "additionalProperties": false, "type": "object", "required": ["name", "description"], "title": "BlocklistCreateRequest"}, "BlocklistDeleteIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistDeleteIPsRequest"}, "BlocklistIncludeFilters": {"type": "string", "enum": ["public", "private", "shared", "all"], "title": "BlocklistIncludeFilters"}, "BlocklistOrigin": {"properties": {"label": {"type": "string", "title": "Label", "description": "Label of the blocklist"}, "id": {"type": "string", "title": "Id", "description": "ID of the blocklist"}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier of the blocklist"}}, "type": "object", "required": ["label", "id", "pricing_tier"], "title": "BlocklistOrigin"}, "BlocklistSearchRequest": {"properties": {"page": {"type": "integer", "minimum": 1.0, "title": "Page", "description": "Page number", "default": 1}, "page_size": {"type": "integer", "maximum": 1000.0, "title": "Page Size", "description": "Page size", "default": 100}, "pricing_tiers": {"items": {"$ref": "#/components/schemas/PricingTiers"}, "type": "array", "title": "Pricing Tiers", "description": "Pricing tiers", "default": []}, "query": {"type": "string", "title": "Query", "description": "Search query", "default": ""}, "targeted_countries": {"items": {"type": "string"}, "type": "array", "title": "Targeted Countries", "description": "Targeted countries", "default": []}, "classifications": {"items": {"type": "string"}, "type": "array", "title": "Classifications", "description": "Classifications", "default": []}, "behaviors": {"items": {"type": "string"}, "type": "array", "title": "Behaviors", "description": "Behaviors", "default": []}, "min_ips": {"type": "integer", "minimum": 0.0, "title": "Min Ips", "description": "Minimum number of IPs", "default": 0}, "sources": {"items": {"$ref": "#/components/schemas/BlocklistSources"}, "type": "array", "title": "Sources", "description": "Sources", "default": []}, "categories": {"items": {"type": "string"}, "type": "array", "title": "Categories", "description": "Categories", "default": []}, "is_private": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Private", "description": "Private blocklist"}, "is_subscribed": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Subscribed", "description": "Subscribed blocklist (None: all)"}}, "additionalProperties": false, "type": "object", "title": "BlocklistSearchRequest"}, "BlocklistShareRequest": {"properties": {"organizations": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Organizations", "description": "List of organizations to share the blocklist"}}, "additionalProperties": false, "type": "object", "required": ["organizations"], "title": "BlocklistShareRequest"}, "BlocklistSources": {"type": "string", "enum": ["crowdsec", "third_party", "custom"], "title": "BlocklistSources"}, "BlocklistStats": {"properties": {"content_stats": {"$ref": "#/components/schemas/BlocklistContentStats", "default": {"total_seen": 0, "total_fire": 0, "total_seen_1m": 0, "total_in_other_lists": 0, "total_false_positive": 0, "false_positive_removed_by_crowdsec": 0, "most_present_behaviors": [], "most_present_categories": [], "most_present_scenarios": [], "top_as": [], "top_attacking_countries": [], "top_ips": []}}, "usage_stats": {"anyOf": [{"$ref": "#/components/schemas/BlocklistUsageStats"}, {"type": "null"}], "default": {"engines_subscribed_directly": 0, "engines_subscribed_through_org": 0, "engines_subscribed_through_tag": 0, "total_subscribed_engines": 0, "total_subscribed_organizations": 0}}, "addition_2days": {"type": "integer", "title": "Addition 2Days", "default": 0}, "addition_month": {"type": "integer", "title": "Addition Month", "default": 0}, "suppression_2days": {"type": "integer", "title": "Suppression 2Days", "default": 0}, "suppression_month": {"type": "integer", "title": "Suppression Month", "default": 0}, "change_2days_percentage": {"type": "number", "title": "Change 2Days Percentage", "default": 0.0}, "change_month_percentage": {"type": "number", "title": "Change Month Percentage", "default": 0.0}, "count": {"type": "integer", "title": "Count", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistStats"}, "BlocklistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"type": "string", "title": "Remediation", "description": "Remediation"}}, "type": "object", "required": ["id", "entity_type", "remediation"], "title": "BlocklistSubscriberEntity"}, "BlocklistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/BlocklistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "BlocklistSubscriberEntityPage"}, "BlocklistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "BlocklistSubscribersCount"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}, "name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}}, "type": "object", "required": ["id", "name", "label"], "title": "BlocklistSubscription"}, "BlocklistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation", "description": "Remediation"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "BlocklistSubscriptionRequest"}, "BlocklistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated blocklist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "BlocklistSubscriptionResponse"}, "BlocklistUpdateRequest": {"properties": {"label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Blocklist tags"}, "from_cti_query": {"type": "string", "title": "From Cti Query", "description": "CTI query (doc link available soon)"}, "since": {"type": "string", "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}}, "additionalProperties": false, "type": "object", "title": "BlocklistUpdateRequest"}, "BlocklistUsageStats": {"properties": {"engines_subscribed_directly": {"type": "integer", "title": "Engines Subscribed Directly", "default": 0}, "engines_subscribed_through_org": {"type": "integer", "title": "Engines Subscribed Through Org", "default": 0}, "engines_subscribed_through_tag": {"type": "integer", "title": "Engines Subscribed Through Tag", "default": 0}, "total_subscribed_engines": {"type": "integer", "title": "Total Subscribed Engines", "default": 0}, "total_subscribed_organizations": {"type": "integer", "title": "Total Subscribed Organizations", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistUsageStats"}, "Body_uploadBlocklistContent": {"properties": {"file": {"type": "string", "format": "binary", "title": "File", "description": "Blocklist file in txt format"}}, "type": "object", "required": ["file"], "title": "Body_uploadBlocklistContent"}, "ComputedMetrics": {"properties": {"saved": {"$ref": "#/components/schemas/ComputedSavedMetrics", "description": "estimated saved metrics"}, "dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "estimated dropped metrics", "default": []}, "prevented": {"items": {"$ref": "#/components/schemas/AttacksMetrics"}, "type": "array", "title": "Prevented", "description": "prevented attacks metrics", "default": []}}, "type": "object", "required": ["saved"], "title": "ComputedMetrics"}, "ComputedSavedMetrics": {"properties": {"log_lines": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Log Lines", "description": "estimated log lines saved", "default": []}, "storage": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Storage", "description": "estimated storage saved", "default": []}, "egress_traffic": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Egress Traffic", "description": "estimated egress traffic saved", "default": []}}, "type": "object", "title": "ComputedSavedMetrics"}, "CtiAs": {"properties": {"as_num": {"type": "string", "title": "As Num"}, "as_name": {"type": "string", "title": "As Name"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["as_num", "as_name", "total_ips"], "title": "CtiAs"}, "CtiBehavior": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiBehavior"}, "CtiCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "total_ips"], "title": "CtiCategory"}, "CtiCountry": {"properties": {"country_short": {"type": "string", "title": "Country Short"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["country_short", "total_ips"], "title": "CtiCountry"}, "CtiIp": {"properties": {"ip": {"type": "string", "title": "Ip"}, "total_signals_1m": {"type": "integer", "title": "Total Signals 1M"}, "reputation": {"type": "string", "title": "Reputation", "default": "unknown"}}, "additionalProperties": true, "type": "object", "required": ["ip", "total_signals_1m"], "title": "CtiIp"}, "CtiScenario": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiScenario"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "GetRemediationMetricsResponse": {"properties": {"raw": {"$ref": "#/components/schemas/RawMetrics", "description": "Raw metrics data"}, "computed": {"$ref": "#/components/schemas/ComputedMetrics", "description": "Computed metrics data"}}, "type": "object", "required": ["raw", "computed"], "title": "GetRemediationMetricsResponse"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InfoResponse": {"properties": {"organization_id": {"type": "string", "title": "Organization Id", "description": "The organization ID"}, "subscription_type": {"type": "string", "title": "Subscription Type", "description": "The organization subscription type"}, "api_key_name": {"type": "string", "title": "Api Key Name", "description": "The API key name that is used"}}, "type": "object", "required": ["organization_id", "subscription_type", "api_key_name"], "title": "InfoResponse"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "MetricUnits": {"type": "string", "enum": ["byte", "packet", "request", "ip", "line", "event"], "title": "MetricUnits"}, "OriginMetrics": {"properties": {"origin": {"anyOf": [{"$ref": "#/components/schemas/BlocklistOrigin"}, {"type": "string"}, {"type": "null"}], "title": "Origin", "description": "Origin of the metric"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["origin", "data"], "title": "OriginMetrics"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Permission": {"type": "string", "enum": ["read", "write"], "title": "Permission"}, "PricingTiers": {"type": "string", "enum": ["free", "premium", "platinum"], "title": "PricingTiers"}, "PublicBlocklistResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Blocklist id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Blocklist creation date"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Blocklist update date"}, "name": {"type": "string", "title": "Name", "description": "Blocklist name, unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references", "default": []}, "is_private": {"type": "boolean", "title": "Is Private", "description": "Private blocklist if True or public if False"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier for Crowdsec blocklists only"}, "source": {"$ref": "#/components/schemas/BlocklistSources", "description": "Blocklist source"}, "stats": {"$ref": "#/components/schemas/BlocklistStats", "description": "Blocklist stats"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "shared_with": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Shared With", "description": "List of organizations shared with", "default": []}, "organization_id": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization Id", "description": "Blocklists owner's organization id"}, "subscribers": {"items": {"$ref": "#/components/schemas/BlocklistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers to the blocklist. Only subscribers belonging to your organization are returned", "default": []}, "categories": {"items": {"$ref": "#/components/schemas/BlocklistCategory"}, "type": "array", "title": "Categories", "description": "List of categories for the blocklist", "default": []}}, "type": "object", "required": ["id", "created_at", "updated_at", "name", "description", "is_private", "pricing_tier", "source", "stats"], "title": "PublicBlocklistResponse"}, "PublicBlocklistResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/PublicBlocklistResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "PublicBlocklistResponsePage"}, "RawMetrics": {"properties": {"dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "dropped metrics", "default": []}, "processed": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Processed", "description": "processed metrics", "default": []}}, "type": "object", "title": "RawMetrics"}, "RemediationMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "unit": {"$ref": "#/components/schemas/MetricUnits", "description": "Unit of the metric"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/OriginMetrics"}, "type": "array", "title": "Data", "description": "Data points per origin"}}, "type": "object", "required": ["total", "unit", "progression", "data"], "title": "RemediationMetrics"}, "RemediationMetricsData": {"properties": {"value": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Value", "description": "Value of the metric"}, "timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the metric"}}, "type": "object", "required": ["value", "timestamp"], "title": "RemediationMetricsData"}, "Share": {"properties": {"organization_id": {"type": "string", "title": "Organization Id"}, "permission": {"$ref": "#/components/schemas/Permission"}}, "type": "object", "required": ["organization_id", "permission"], "title": "Share"}, "SourceInfo": {"properties": {"source_type": {"$ref": "#/components/schemas/SourceType", "description": "The source type that created the allowlist entry"}, "identifier": {"type": "string", "title": "Identifier", "description": "The source identifier that created the allowlist entry"}}, "type": "object", "required": ["source_type", "identifier"], "title": "SourceInfo"}, "SourceType": {"type": "string", "enum": ["user", "apikey"], "title": "SourceType"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "SubscriberEntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration"], "title": "SubscriberEntityType"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "AppsecConfigIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecConfigIndex", "type": "object"}, "AppsecRuleIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecRuleIndex", "type": "object"}, "CollectionIndex": {"properties": {"appsec-configs": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-configs", "title": "Appsec-Configs"}, "appsec-rules": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-rules", "title": "Appsec-Rules"}, "collections": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of collections", "title": "Collections"}, "content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "contexts": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of contexts", "title": "Contexts"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "parsers": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of parsers", "title": "Parsers"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "postoverflows": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of postoverflows", "title": "Postoverflows"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "scenarios": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of scenarios", "title": "Scenarios"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "CollectionIndex", "type": "object"}, "ContextIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ContextIndex", "type": "object"}, "Index": {"description": "Index document served to crowdsec/cscli.", "properties": {"appsec-configs": {"additionalProperties": {"$ref": "#/components/schemas/AppsecConfigIndex"}, "title": "Appsec-Configs", "type": "object"}, "appsec-rules": {"additionalProperties": {"$ref": "#/components/schemas/AppsecRuleIndex"}, "title": "Appsec-Rules", "type": "object"}, "collections": {"additionalProperties": {"$ref": "#/components/schemas/CollectionIndex"}, "title": "Collections", "type": "object"}, "contexts": {"additionalProperties": {"$ref": "#/components/schemas/ContextIndex"}, "title": "Contexts", "type": "object"}, "parsers": {"additionalProperties": {"$ref": "#/components/schemas/ParserIndex"}, "title": "Parsers", "type": "object"}, "postoverflows": {"additionalProperties": {"$ref": "#/components/schemas/PostoverflowIndex"}, "title": "Postoverflows", "type": "object"}, "scenarios": {"additionalProperties": {"$ref": "#/components/schemas/ScenarioIndex"}, "title": "Scenarios", "type": "object"}}, "title": "Index", "type": "object"}, "ParserIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the parser", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "ParserIndex", "type": "object"}, "PostoverflowIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the postoverflow", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "PostoverflowIndex", "type": "object"}, "ScenarioIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ScenarioIndex", "type": "object"}, "VersionDetail": {"properties": {"deprecated": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": false, "description": "Indicates whether this version is deprecated.", "title": "Deprecated"}, "digest": {"description": "The SHA256 digest of the versioned file.", "examples": ["Detect FTP bruteforce (vsftpd)"], "title": "Digest", "type": "string"}}, "required": ["digest"], "title": "VersionDetail", "type": "object"}, "AffectedComponent": {"properties": {"vendor": {"type": "string", "title": "Vendor", "description": "Vendor of the affected component"}, "product": {"type": "string", "title": "Product", "description": "Product name of the affected component"}}, "type": "object", "title": "AffectedComponent", "description": "Affected Component in a CVE"}, "AttackDetail": {"properties": {"name": {"type": "string", "title": "Name", "description": "Attack detail name"}, "label": {"type": "string", "title": "Label", "description": "Attack detail label"}, "description": {"type": "string", "title": "Description", "description": "Attack detail description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Attack detail references"}}, "type": "object", "required": ["name", "label", "description"], "title": "AttackDetail"}, "Behavior": {"properties": {"name": {"type": "string", "title": "Name", "description": "Behavior name"}, "label": {"type": "string", "title": "Label", "description": "Behavior label"}, "description": {"type": "string", "title": "Description", "description": "Behavior description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Behavior"}, "Classification": {"properties": {"name": {"type": "string", "title": "Name", "description": "Classification name"}, "label": {"type": "string", "title": "Label", "description": "Classification label"}, "description": {"type": "string", "title": "Description", "description": "Classification description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Classification"}, "Classifications": {"properties": {"false_positives": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "False Positives", "description": "False positive classifications"}, "classifications": {"items": {"$ref": "#/components/schemas/Classification"}, "type": "array", "title": "Classifications", "description": "Main classifications"}}, "type": "object", "title": "Classifications"}, "GetCVEIPsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IPItem"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "GetCVEIPsResponsePage"}, "GetCVEResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the CVE"}, "name": {"type": "string", "title": "Name", "description": "Name of the CVE"}, "affected_components": {"items": {"$ref": "#/components/schemas/AffectedComponent"}, "type": "array", "title": "Affected Components", "description": "List of affected components"}, "let_score": {"type": "integer", "maximum": 10.0, "minimum": 0.0, "title": "Let Score", "description": "LET score of the CVE"}, "first_seen": {"type": "string", "format": "date-time", "title": "First Seen", "description": "First seen date"}, "last_seen": {"type": "string", "format": "date-time", "title": "Last Seen", "description": "Last seen date"}, "nb_ips": {"type": "integer", "minimum": 0.0, "title": "Nb Ips", "description": "Number of unique IPs affected"}, "published_date": {"type": "string", "format": "date-time", "title": "Published Date", "description": "Published date of the CVE"}, "cvss_score": {"type": "number", "maximum": 10.0, "minimum": 0.0, "title": "Cvss Score", "description": "CVSS score of the CVE"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "List of references for the CVE"}, "description": {"type": "string", "title": "Description", "description": "Description of the CVE"}}, "type": "object", "required": ["id", "name", "affected_components", "let_score", "first_seen", "last_seen", "nb_ips", "published_date", "cvss_score", "references", "description"], "title": "GetCVEResponse", "description": "GET CVE ID Response"}, "History": {"properties": {"first_seen": {"type": "string", "format": "date-time", "title": "First Seen", "description": "First seen timestamp"}, "last_seen": {"type": "string", "format": "date-time", "title": "Last Seen", "description": "Last seen timestamp"}, "full_age": {"type": "integer", "title": "Full Age", "description": "Full age in days"}, "days_age": {"type": "integer", "title": "Days Age", "description": "Days age"}}, "type": "object", "required": ["first_seen", "last_seen", "full_age", "days_age"], "title": "History"}, "IPItem": {"properties": {"ip": {"type": "string", "title": "Ip", "description": "IP address"}, "reputation": {"type": "string", "title": "Reputation", "description": "Reputation of the IP"}, "ip_range": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range", "description": "IP range"}, "ip_range_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range Score", "description": "IP range score"}, "ip_range_24": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24", "description": "IP range /24"}, "ip_range_24_reputation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip Range 24 Reputation", "description": "IP range /24 reputation"}, "ip_range_24_score": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Ip Range 24 Score", "description": "IP range /24 score"}, "as_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "As Name", "description": "AS name"}, "as_num": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "As Num", "description": "AS number"}, "background_noise_score": {"type": "integer", "title": "Background Noise Score", "description": "Background noise score"}, "background_noise": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Background Noise", "description": "Background noise level"}, "confidence": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Confidence", "description": "Confidence level"}, "location": {"anyOf": [{"$ref": "#/components/schemas/Location"}, {"type": "null"}], "description": "IP location information"}, "reverse_dns": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Reverse Dns", "description": "Reverse DNS"}, "behaviors": {"items": {"$ref": "#/components/schemas/Behavior"}, "type": "array", "title": "Behaviors", "description": "List of behaviors"}, "references": {"items": {"$ref": "#/components/schemas/Reference"}, "type": "array", "title": "References", "description": "List of references"}, "history": {"$ref": "#/components/schemas/History", "description": "Historical data"}, "classifications": {"$ref": "#/components/schemas/Classifications", "description": "Classification data"}, "mitre_techniques": {"items": {"$ref": "#/components/schemas/MitreTechnique"}, "type": "array", "title": "Mitre Techniques", "description": "MITRE techniques"}, "cves": {"items": {"type": "string"}, "type": "array", "title": "Cves", "description": "List of CVEs"}, "attack_details": {"items": {"$ref": "#/components/schemas/AttackDetail"}, "type": "array", "title": "Attack Details", "description": "Attack details"}, "target_countries": {"additionalProperties": {"type": "integer"}, "type": "object", "title": "Target Countries", "description": "Target countries"}, "scores": {"$ref": "#/components/schemas/Scores", "description": "Scoring information"}}, "type": "object", "required": ["ip"], "title": "IPItem"}, "Location": {"properties": {"country": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Country", "description": "Country code"}, "city": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "City", "description": "City name"}, "latitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Latitude", "description": "Latitude coordinate"}, "longitude": {"anyOf": [{"type": "number"}, {"type": "null"}], "title": "Longitude", "description": "Longitude coordinate"}}, "type": "object", "title": "Location"}, "MitreTechnique": {"properties": {"name": {"type": "string", "title": "Name", "description": "MITRE technique ID"}, "label": {"type": "string", "title": "Label", "description": "MITRE technique label"}, "description": {"type": "string", "title": "Description", "description": "MITRE technique description"}}, "type": "object", "required": ["name", "label", "description"], "title": "MitreTechnique"}, "Reference": {"properties": {"name": {"type": "string", "title": "Name", "description": "Reference name"}, "label": {"type": "string", "title": "Label", "description": "Reference label"}, "description": {"type": "string", "title": "Description", "description": "Reference description"}}, "type": "object", "required": ["name", "label", "description"], "title": "Reference"}, "ScoreBreakdown": {"properties": {"aggressiveness": {"type": "integer", "title": "Aggressiveness", "description": "Aggressiveness score"}, "threat": {"type": "integer", "title": "Threat", "description": "Threat score"}, "trust": {"type": "integer", "title": "Trust", "description": "Trust score"}, "anomaly": {"type": "integer", "title": "Anomaly", "description": "Anomaly score"}, "total": {"type": "integer", "title": "Total", "description": "Total score"}}, "type": "object", "required": ["aggressiveness", "threat", "trust", "anomaly", "total"], "title": "ScoreBreakdown"}, "Scores": {"properties": {"overall": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Overall scores"}, "last_day": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last day scores"}, "last_week": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last week scores"}, "last_month": {"$ref": "#/components/schemas/ScoreBreakdown", "description": "Last month scores"}}, "type": "object", "required": ["overall", "last_day", "last_week", "last_month"], "title": "Scores"}, "SubscribeCVEIntegrationRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Name of the integration to subscribe"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "SubscribeCVEIntegrationRequest"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1/", "description": "Production server"}]} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "Service API", "description": "This is the API to manage Crowdsec services", "contact": {"name": "CrowdSec", "url": "https://crowdsec.net/", "email": "info@crowdsec.net"}, "version": "1.96.0"}, "paths": {"/allowlists": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist", "description": "Create a new allowlist for an organization", "operationId": "createAllowlist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "List Allowlists", "description": "List all allowlists for an organization", "operationId": "listAllowlists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist", "description": "Get an allowlist by ID", "operationId": "getAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist", "description": "Update an allowlist by ID", "operationId": "updateAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist", "description": "Delete an allowlist by ID", "operationId": "deleteAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the allowlist, even if it has subscribers", "default": false, "title": "Force"}, "description": "Force delete the allowlist, even if it has subscribers"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items": {"post": {"tags": ["Allowlists"], "summary": "Create Allowlist Items", "description": "Create items for an allowlist", "operationId": "createAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemsCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Allowlists"], "summary": "Get Allowlist Items", "description": "Get items in an allowlist", "operationId": "getAllowlistItems", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponsePage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/items/{item_id}": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Item", "description": "Get an allowlist item by ID", "operationId": "getAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Allowlists"], "summary": "Update Allowlist Item", "description": "Update an allowlist item by ID", "operationId": "updateAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistItemUpdateResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Allowlists"], "summary": "Delete Allowlist Item", "description": "Delete an allowlist item by ID", "operationId": "deleteAllowlistItem", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "item_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Item Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers": {"get": {"tags": ["Allowlists"], "summary": "Get Allowlist Subscribers", "description": "Get subscribers of an allowlist", "operationId": "getAllowlistSubscribers", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriberEntityPage"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "post": {"tags": ["Allowlists"], "summary": "Subscribe Allowlist", "description": "Subscribe to an allowlist", "operationId": "subscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AllowlistSubscriptionResponse"}}}}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/allowlists/{allowlist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Allowlists"], "summary": "Unsubscribe Allowlist", "description": "Unsubscribe from an allowlist", "operationId": "unsubscribeAllowlist", "parameters": [{"name": "allowlist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Allowlist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Allowlist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists": {"post": {"tags": ["Blocklists"], "summary": "Create Blocklist", "description": "Create a new blocklist owned by your organization. The name must be unique within your organization. The list will only be visible to your organization and organizations you shared the blocklist with. This operation is submitted to quotas", "operationId": "createBlocklist", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "409": {"description": "Blocklist already exists"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklists", "description": "Get multiple blocklists. Only blocklists owned by your organization, shared with your organization or public blocklists are returned. Filters and pagination are available as query parameters.", "operationId": "getBlocklists", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "page_size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 1000, "description": "Page size", "default": 100, "title": "Page Size"}, "description": "Page size"}, {"name": "subscribed_only", "in": "query", "required": false, "schema": {"type": "boolean", "description": "only subscribed blocklists", "default": false, "title": "Subscribed Only"}, "description": "only subscribed blocklists"}, {"name": "exclude_subscribed", "in": "query", "required": false, "schema": {"type": "boolean", "description": "exclude subscribed blocklists", "default": false, "title": "Exclude Subscribed"}, "description": "exclude subscribed blocklists"}, {"name": "include_filter", "in": "query", "required": false, "schema": {"type": "array", "items": {"$ref": "#/components/schemas/BlocklistIncludeFilters"}, "description": "Include blocklists with the specified filters", "default": ["private", "shared"], "title": "Include Filter"}, "description": "Include blocklists with the specified filters"}, {"name": "category", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "Filter by category", "title": "Category"}, "description": "Filter by category"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/search": {"post": {"tags": ["Blocklists"], "summary": "Search Blocklists", "description": "Search blocklists", "operationId": "searchBlocklist", "parameters": [{"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSearchRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}": {"get": {"tags": ["Blocklists"], "summary": "Get Blocklist", "description": "Get the details of a blocklist by ID. The content of the blocklist is not returned.", "operationId": "getBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Blocklists"], "summary": "Update Blocklist", "description": "Update a blocklist's details by ID. It is not possible to update the blocklist content using this operation.", "operationId": "updateBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/PublicBlocklistResponse"}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Blocklists"], "summary": "Delete Blocklist", "description": "Delete a blocklist by ID. If the blocklist is shared with other organizations or it has subscriptions, the operation will fail. If you want to force delete the blocklist, you can use the force query parameter, so the blocklists will be unshared / unsubscribed.", "operationId": "deleteBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the blocklist if it is shared or subscribed", "default": false, "title": "Force"}, "description": "Force delete the blocklist if it is shared or subscribed"}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/upload": {"post": {"tags": ["Blocklists"], "summary": "Upload Blocklist Content", "description": "Upload a blocklist. The file must be in txt format with one IP per line. This operation will overwrite the existing blocklist content.", "operationId": "uploadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "expiration", "in": "query", "required": false, "schema": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "description": "Blocklist expiration", "examples": "2026-01-07T14:15:14.928525+00:00", "title": "Expiration"}, "description": "Blocklist expiration"}, {"name": "ignore_invalid_ips", "in": "query", "required": false, "schema": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "description": "Ignore invalid IPs", "default": false, "title": "Ignore Invalid Ips"}, "description": "Ignore invalid IPs"}], "requestBody": {"required": true, "content": {"multipart/form-data": {"schema": {"$ref": "#/components/schemas/Body_uploadBlocklistContent"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "400": {"description": "Invalid IP in blocklist file content"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips": {"post": {"tags": ["Blocklists"], "summary": "Add Ips To Blocklist", "description": "Add IPs to a blocklist. If an IP is already in the blocklist, its expiration will be updated with the new expiration.", "operationId": "addIpsToBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/bulk_overwrite": {"post": {"tags": ["Blocklists"], "summary": "Bulk Overwrite Blocklist Ips", "description": "Overwrite blocklist content", "operationId": "overwriteIps", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistAddIPsRequest"}}}}, "responses": {"202": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "412": {"description": "Payload too large for one operation, limit is 20000 IPs per request"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/ips/delete": {"post": {"tags": ["Blocklists"], "summary": "Delete Ips From Blocklist", "description": "Delete IPs from a blocklist", "operationId": "deleteIpsFromBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistDeleteIPsRequest"}}}}, "responses": {"204": {"description": "Successful Response"}, "403": {"description": "Blocklist is read-only"}, "404": {"description": "Blocklist not found"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/download": {"get": {"tags": ["Blocklists"], "summary": "Download Blocklist Content", "description": "Download blocklist content as a list of ips as plain text separated by new lines. The response will include the ETag header for cache control. If_Modified_Since and If_None_Match cache control headers are supported for conditional requests.", "operationId": "downloadBlocklistContent", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "if-modified-since", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_Modified_Since cache control header", "title": "If-Modified-Since"}, "description": "If_Modified_Since cache control header"}, {"name": "if-none-match", "in": "header", "required": false, "schema": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "If_None_Match cache control header", "title": "If-None-Match"}, "description": "If_None_Match cache control header"}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Blocklist not found"}, "204": {"description": "Blocklist is empty"}, "500": {"description": "Internal server error"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers": {"post": {"tags": ["Blocklists"], "summary": "Subscribe Blocklist", "description": "Subscribe to a blocklist with a remediation type. If the entity type is the full organization or a Tag, all the engines belonging to the organization or the Tag will be subscribed and new engines that will join the organization or the Tag will also be automatically subscribed. If the subscription has been done on an organization or Tag you cannot unsubscribe individual engines. In case of errors for some subscribers, the operation will still succeed for the entities that were successfully subscribed and you'll have the list of errors in the operation's result. This operation is submitted to quotas.", "operationId": "subscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriptionResponse"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Blocklists"], "summary": "Get Blocklist Subscribers", "description": "Get blocklist subscribers within your organization.", "operationId": "getBlocklistSubscribers", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistSubscriberEntityPage"}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/subscribers/{entity_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unsubscribe Blocklist", "description": "Unsubscribe from a blocklist. You cannot unsubscribe individual engines if the subscription has been done on an organization or Tag.", "operationId": "unsubscribeBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "entity_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Entity Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares": {"post": {"tags": ["Blocklists"], "summary": "Share Blocklist", "description": "Share a blocklist with other organizations given their IDs. The blocklist must be owned by your organization. You can give read-only access or read-write access to the blocklist. Sharing a blocklist will not automatically subscribe the shared organizations to the blocklist.", "operationId": "shareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/BlocklistShareRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/blocklists/{blocklist_id}/shares/{unshare_organization_id}": {"delete": {"tags": ["Blocklists"], "summary": "Unshare Blocklist", "description": "Unshare a blocklist with other organizations. If the blocklist is subscribed by the organization, the operation will fail.Use force query parameter to unshare a blocklist even if subscriptions exists.", "operationId": "unshareBlocklist", "parameters": [{"name": "blocklist_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Blocklist Id"}}, {"name": "unshare_organization_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Unshare Organization Id"}}], "responses": {"204": {"description": "Successful Response"}, "404": {"description": "Blocklist not found"}, "409": {"description": "Blocklist is not private"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations": {"post": {"tags": ["Integrations"], "summary": "Create Integration", "description": "Create an integration to a firewall or remediation component, owned by your organization. The name should be unique within the organization. This operation is submitted to quotas.", "operationId": "createIntegration", "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateRequest"}}}}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationCreateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integrations", "description": "Get integrations owned by your organization", "operationId": "getIntegrations", "parameters": [{"name": "tag", "in": "query", "required": false, "schema": {"anyOf": [{"type": "array", "items": {"type": "string"}}, {"type": "null"}], "description": "List of tags associated with the integrations (any of)", "title": "Tag"}, "description": "List of tags associated with the integrations (any of)"}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number", "default": 1, "title": "Page"}, "description": "Page number"}, {"name": "size", "in": "query", "required": false, "schema": {"type": "integer", "maximum": 100, "minimum": 1, "description": "Page size", "default": 50, "title": "Size"}, "description": "Page size"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponsePage"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}": {"get": {"tags": ["Integrations"], "summary": "Get Integration", "description": "Get an integration by ID", "operationId": "getIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationGetResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "patch": {"tags": ["Integrations"], "summary": "Update Integration", "description": "Update the integration details", "operationId": "updateIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}], "requestBody": {"required": true, "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/IntegrationUpdateResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "delete": {"tags": ["Integrations"], "summary": "Delete Integration", "description": "Delete the integration by ID", "operationId": "deleteIntegration", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Integration Id"}}, {"name": "force", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)", "default": false, "title": "Force"}, "description": "Force delete the integration even if it has active subscriptions (it will unsubscribe from all lists)"}], "responses": {"204": {"description": "Successful Response"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/content": {"head": {"tags": ["Integrations"], "summary": "Head Integration Content", "description": "Check if the integration has content", "operationId": "headIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}, "get": {"tags": ["Integrations"], "summary": "Get Integration Content", "description": "Get the ips associated to the integration in plain text format. The content can be paginated to accomodate limits in firewalls.", "operationId": "getIntegrationContent", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "page", "in": "query", "required": false, "schema": {"type": "integer", "minimum": 1, "description": "Page number to return", "default": 1, "title": "Page"}, "description": "Page number to return"}, {"name": "page_size", "in": "query", "required": false, "schema": {"anyOf": [{"type": "integer", "minimum": 10000}, {"type": "null"}], "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000", "title": "Page Size"}, "description": "Maximum number of items to return, 0 means no limit (default), should be greater than 10000"}], "responses": {"200": {"description": "Successful Response", "content": {"text/plain": {"schema": {"type": "string"}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/integrations/{integration_id}/v1/decisions/stream": {"get": {"tags": ["Integrations"], "summary": "Get Integration Content Stream", "description": "Get the ips associated to the integration in a format compatible with a remediation component. As for the remediation components, you can fetch the full content with startup=true or only the changes since the last pull", "operationId": "getIntegrationContentStream", "parameters": [{"name": "integration_id", "in": "path", "required": true, "schema": {"type": "string", "format": "ObjectId", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"], "title": "Integration Id"}}, {"name": "startup", "in": "query", "required": false, "schema": {"type": "boolean", "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull.", "default": false, "title": "Startup"}, "description": "Set to true if it's the first run to fetch all the content, otherwise only changes since the last pull."}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {}}}}, "404": {"description": "Integration not found"}, "204": {"description": "Integration has no subscribed blocklists or no content available"}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/info": {"get": {"tags": ["Info"], "summary": "Get Me Info", "description": "Get the current user and organization informations", "operationId": "getInfo", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/InfoResponse"}}}}}}}, "/metrics/remediation": {"get": {"tags": ["Metrics"], "summary": "Get Metrics Remediation", "description": "Get remediation metrics", "operationId": "getMetricsRemediation", "parameters": [{"name": "start_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "Start date of the metrics, default to last day", "title": "Start Date"}, "description": "Start date of the metrics, default to last day"}, {"name": "end_date", "in": "query", "required": false, "schema": {"type": "string", "format": "date-time", "description": "End date of the metrics", "title": "End Date"}, "description": "End date of the metrics"}, {"name": "engine_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of engine ids", "default": [], "title": "Engine Ids"}, "description": "List of engine ids"}, {"name": "integration_ids", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of integration ids", "default": [], "title": "Integration Ids"}, "description": "List of integration ids"}, {"name": "tags", "in": "query", "required": false, "schema": {"type": "array", "items": {"type": "string"}, "description": "List of tags", "default": [], "title": "Tags"}, "description": "List of tags"}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRemediationMetricsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/hub/index/{tenant}/{branch}/.index.json": {"get": {"description": "Get a (minimized) index file for 'cscli hub update'. May or may not include unused fields\n(content, long descriptions, labels...) or redundant ones (author, name).", "operationId": "getIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get a minimized index file (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for the index file without the full content.\nIt is useful for validating cache, checking resource freshness, and managing client-side\ncache expiration policies. No body content is returned.", "operationId": "headIndex", "parameters": [{"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}, {"description": "Include content in the index", "in": "query", "name": "with_content", "required": false, "schema": {"default": false, "description": "Include content in the index", "title": "With Content", "type": "boolean"}}], "responses": {"200": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/Index"}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for the index file", "tags": ["Hub"]}}, "/hub/index/{tenant}/{branch}/{item_path}": {"get": {"description": "Get an item's content from its path. This is usually a YAML file.", "operationId": "getItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "404": {"description": "No content field"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Get an item's content (crowdsec only)", "tags": ["Hub"]}, "head": {"description": "This endpoint returns cache-related headers for an item's content. It is useful for validating\ncache, checking resource freshness, and managing client-side cache expiration policies. No body\ncontent is returned.", "operationId": "headItemContent", "parameters": [{"in": "path", "name": "item_path", "required": true, "schema": {"title": "Item Path", "type": "string"}}, {"in": "path", "name": "branch", "required": true, "schema": {"title": "Branch", "type": "string"}}, {"in": "path", "name": "tenant", "required": true, "schema": {"title": "Tenant", "type": "string"}}], "responses": {"200": {"content": {"application/json": {"schema": {}}}, "description": "Successful Response"}, "422": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}, "description": "Validation Error"}}, "summary": "Check cache control headers for an item's content", "tags": ["Hub"]}}}, "components": {"schemas": {"AllowlistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "required": ["name"], "title": "AllowlistCreateRequest"}, "AllowlistCreateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistCreateResponse"}, "AllowlistGetItemsResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"anyOf": [{"$ref": "#/components/schemas/SourceInfo"}, {"type": "null"}], "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "created_by"], "title": "AllowlistGetItemsResponse"}, "AllowlistGetItemsResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetItemsResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetItemsResponsePage"}, "AllowlistGetResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistGetResponse"}, "AllowlistGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistGetResponsePage"}, "AllowlistItemUpdateRequest": {"properties": {"description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "title": "AllowlistItemUpdateRequest"}, "AllowlistItemUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist entry", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "allowlist_id": {"type": "string", "format": "ObjectId", "title": "Allowlist Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the allowlist entry"}, "scope": {"$ref": "#/components/schemas/AllowlistScope", "description": "Scope of the allowlist entry"}, "value": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}], "title": "Value", "description": "Value of the allowlist entry"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist entry was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Time the allowlist entry was updated"}, "created_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who created the allowlist entry"}, "updated_by": {"$ref": "#/components/schemas/SourceInfo", "description": "The source user who updated the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "type": "object", "required": ["id", "allowlist_id", "description", "scope", "value", "created_at", "updated_at", "created_by", "updated_by"], "title": "AllowlistItemUpdateResponse"}, "AllowlistItemsCreateRequest": {"properties": {"items": {"items": {"anyOf": [{"type": "string", "format": "ipvanyaddress"}, {"type": "string", "format": "ipvanynetwork"}]}, "type": "array", "title": "Items", "description": "List of values to add to the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist entry"}, "expiration": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Expiration", "description": "Time the allowlist entry will expire"}}, "additionalProperties": false, "type": "object", "required": ["items", "description"], "title": "AllowlistItemsCreateRequest"}, "AllowlistScope": {"type": "string", "enum": ["ip", "range"], "title": "AllowlistScope"}, "AllowlistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}}, "type": "object", "required": ["id", "entity_type"], "title": "AllowlistSubscriberEntity"}, "AllowlistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/AllowlistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "AllowlistSubscriberEntityPage"}, "AllowlistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "AllowlistSubscribersCount"}, "AllowlistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/EntityType"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "AllowlistSubscriptionRequest"}, "AllowlistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated allowlist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "AllowlistSubscriptionResponse"}, "AllowlistUpdateRequest": {"properties": {"name": {"anyOf": [{"type": "string", "maxLength": 200, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "Name of the allowlist"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Description of the allowlist"}}, "additionalProperties": false, "type": "object", "title": "AllowlistUpdateRequest"}, "AllowlistUpdateResponse": {"properties": {"id": {"type": "string", "format": "ObjectId", "title": "Id", "description": "ID of the allowlist", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "name": {"type": "string", "title": "Name", "description": "Name of the allowlist"}, "description": {"type": "string", "title": "Description", "description": "Description of the allowlist"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the allowlist was created"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At", "description": "Time the allowlist was updated"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "total_items": {"type": "integer", "title": "Total Items", "description": "Number of items in the allowlist"}, "subscribers": {"items": {"$ref": "#/components/schemas/AllowlistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers count by entity type", "default": []}}, "type": "object", "required": ["id", "organization_id", "name", "created_at", "total_items"], "title": "AllowlistUpdateResponse"}, "ApiKeyCredentials": {"properties": {"api_key": {"type": "string", "title": "Api Key", "description": "API key for the integration"}}, "type": "object", "required": ["api_key"], "title": "ApiKeyCredentials"}, "AttacksMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "label": {"type": "string", "title": "Label", "description": "Label of the metric which is the attack type"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["total", "label", "progression", "data"], "title": "AttacksMetrics"}, "BasicAuthCredentials": {"properties": {"username": {"type": "string", "title": "Username", "description": "Basic auth username for the integration"}, "password": {"type": "string", "title": "Password", "description": "Basic auth password for the integration"}}, "type": "object", "required": ["username", "password"], "title": "BasicAuthCredentials"}, "BlocklistAddIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}, "expiration": {"type": "string", "format": "date-time", "title": "Expiration", "description": "Expiration date", "examples": ["2030-01-01T00:00:00.000Z"]}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistAddIPsRequest"}, "BlocklistCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "priority": {"type": "integer", "title": "Priority"}}, "type": "object", "required": ["name", "label", "description", "priority"], "title": "BlocklistCategory"}, "BlocklistContentStats": {"properties": {"total_seen": {"type": "integer", "title": "Total Seen", "default": 0}, "total_fire": {"type": "integer", "title": "Total Fire", "default": 0}, "total_seen_1m": {"type": "integer", "title": "Total Seen 1M", "default": 0}, "total_in_other_lists": {"type": "integer", "title": "Total In Other Lists", "default": 0}, "total_false_positive": {"type": "integer", "title": "Total False Positive", "default": 0}, "false_positive_removed_by_crowdsec": {"type": "integer", "title": "False Positive Removed By Crowdsec", "default": 0}, "most_present_behaviors": {"items": {"$ref": "#/components/schemas/CtiBehavior"}, "type": "array", "title": "Most Present Behaviors", "default": []}, "most_present_categories": {"items": {"$ref": "#/components/schemas/CtiCategory"}, "type": "array", "title": "Most Present Categories", "default": []}, "most_present_scenarios": {"items": {"$ref": "#/components/schemas/CtiScenario"}, "type": "array", "title": "Most Present Scenarios", "default": []}, "top_as": {"items": {"$ref": "#/components/schemas/CtiAs"}, "type": "array", "title": "Top As", "default": []}, "top_attacking_countries": {"items": {"$ref": "#/components/schemas/CtiCountry"}, "type": "array", "title": "Top Attacking Countries", "default": []}, "top_ips": {"items": {"$ref": "#/components/schemas/CtiIp"}, "type": "array", "title": "Top Ips", "default": []}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistContentStats"}, "BlocklistCreateRequest": {"properties": {"name": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Name", "description": "Blocklist name, must be unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name (Default: name)"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Useful references on the list's origins", "default": []}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}}, "additionalProperties": false, "type": "object", "required": ["name", "description"], "title": "BlocklistCreateRequest"}, "BlocklistDeleteIPsRequest": {"properties": {"ips": {"items": {"type": "string"}, "type": "array", "title": "Ips", "description": "List of IPs or networks"}}, "additionalProperties": false, "type": "object", "required": ["ips"], "title": "BlocklistDeleteIPsRequest"}, "BlocklistIncludeFilters": {"type": "string", "enum": ["public", "private", "shared", "all"], "title": "BlocklistIncludeFilters"}, "BlocklistOrigin": {"properties": {"label": {"type": "string", "title": "Label", "description": "Label of the blocklist"}, "id": {"type": "string", "title": "Id", "description": "ID of the blocklist"}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier of the blocklist"}}, "type": "object", "required": ["label", "id", "pricing_tier"], "title": "BlocklistOrigin"}, "BlocklistSearchRequest": {"properties": {"page": {"type": "integer", "minimum": 1.0, "title": "Page", "description": "Page number", "default": 1}, "page_size": {"type": "integer", "maximum": 1000.0, "title": "Page Size", "description": "Page size", "default": 100}, "pricing_tiers": {"items": {"$ref": "#/components/schemas/PricingTiers"}, "type": "array", "title": "Pricing Tiers", "description": "Pricing tiers", "default": []}, "query": {"type": "string", "title": "Query", "description": "Search query", "default": ""}, "targeted_countries": {"items": {"type": "string"}, "type": "array", "title": "Targeted Countries", "description": "Targeted countries", "default": []}, "classifications": {"items": {"type": "string"}, "type": "array", "title": "Classifications", "description": "Classifications", "default": []}, "behaviors": {"items": {"type": "string"}, "type": "array", "title": "Behaviors", "description": "Behaviors", "default": []}, "min_ips": {"type": "integer", "minimum": 0.0, "title": "Min Ips", "description": "Minimum number of IPs", "default": 0}, "sources": {"items": {"$ref": "#/components/schemas/BlocklistSources"}, "type": "array", "title": "Sources", "description": "Sources", "default": []}, "categories": {"items": {"type": "string"}, "type": "array", "title": "Categories", "description": "Categories", "default": []}, "is_private": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Private", "description": "Private blocklist"}, "is_subscribed": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Is Subscribed", "description": "Subscribed blocklist (None: all)"}}, "additionalProperties": false, "type": "object", "title": "BlocklistSearchRequest"}, "BlocklistShareRequest": {"properties": {"organizations": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Organizations", "description": "List of organizations to share the blocklist"}}, "additionalProperties": false, "type": "object", "required": ["organizations"], "title": "BlocklistShareRequest"}, "BlocklistSources": {"type": "string", "enum": ["crowdsec", "third_party", "custom"], "title": "BlocklistSources"}, "BlocklistStats": {"properties": {"content_stats": {"$ref": "#/components/schemas/BlocklistContentStats", "default": {"total_seen": 0, "total_fire": 0, "total_seen_1m": 0, "total_in_other_lists": 0, "total_false_positive": 0, "false_positive_removed_by_crowdsec": 0, "most_present_behaviors": [], "most_present_categories": [], "most_present_scenarios": [], "top_as": [], "top_attacking_countries": [], "top_ips": []}}, "usage_stats": {"anyOf": [{"$ref": "#/components/schemas/BlocklistUsageStats"}, {"type": "null"}], "default": {"engines_subscribed_directly": 0, "engines_subscribed_through_org": 0, "engines_subscribed_through_tag": 0, "total_subscribed_engines": 0, "total_subscribed_organizations": 0}}, "addition_2days": {"type": "integer", "title": "Addition 2Days", "default": 0}, "addition_month": {"type": "integer", "title": "Addition Month", "default": 0}, "suppression_2days": {"type": "integer", "title": "Suppression 2Days", "default": 0}, "suppression_month": {"type": "integer", "title": "Suppression Month", "default": 0}, "change_2days_percentage": {"type": "number", "title": "Change 2Days Percentage", "default": 0.0}, "change_month_percentage": {"type": "number", "title": "Change Month Percentage", "default": 0.0}, "count": {"type": "integer", "title": "Count", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistStats"}, "BlocklistSubscriberEntity": {"properties": {"id": {"type": "string", "title": "Id", "description": "Subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"type": "string", "title": "Remediation", "description": "Remediation"}}, "type": "object", "required": ["id", "entity_type", "remediation"], "title": "BlocklistSubscriberEntity"}, "BlocklistSubscriberEntityPage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/BlocklistSubscriberEntity"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "BlocklistSubscriberEntityPage"}, "BlocklistSubscribersCount": {"properties": {"entity_type": {"$ref": "#/components/schemas/SubscriberEntityType", "description": "Subscriber entity type"}, "count": {"type": "integer", "title": "Count", "description": "Subscriber entity count"}}, "type": "object", "required": ["entity_type", "count"], "title": "BlocklistSubscribersCount"}, "BlocklistSubscription": {"properties": {"id": {"type": "string", "title": "Id"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation"}, "name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}}, "type": "object", "required": ["id", "name", "label"], "title": "BlocklistSubscription"}, "BlocklistSubscriptionRequest": {"properties": {"ids": {"items": {"type": "string"}, "type": "array", "title": "Ids", "description": "List of subscriber entity id"}, "entity_type": {"$ref": "#/components/schemas/SubscriberEntityType"}, "remediation": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Remediation", "description": "Remediation"}}, "additionalProperties": false, "type": "object", "required": ["entity_type"], "title": "BlocklistSubscriptionRequest"}, "BlocklistSubscriptionResponse": {"properties": {"updated": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Updated", "description": "List of updated blocklist ids", "examples": ["5f9d88b9e5c4f5b9a3d3e8b1"]}, "errors": {"anyOf": [{"items": {"additionalProperties": {"type": "string"}, "type": "object"}, "type": "array"}, {"type": "null"}], "title": "Errors", "description": "List of errors if any", "examples": [{"5f9d88b9e5c4f5b9a3d3e8b1": "error message"}]}}, "type": "object", "required": ["updated", "errors"], "title": "BlocklistSubscriptionResponse"}, "BlocklistUpdateRequest": {"properties": {"label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Blocklist tags"}, "from_cti_query": {"type": "string", "title": "From Cti Query", "description": "CTI query (doc link available soon)"}, "since": {"type": "string", "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}}, "additionalProperties": false, "type": "object", "title": "BlocklistUpdateRequest"}, "BlocklistUsageStats": {"properties": {"engines_subscribed_directly": {"type": "integer", "title": "Engines Subscribed Directly", "default": 0}, "engines_subscribed_through_org": {"type": "integer", "title": "Engines Subscribed Through Org", "default": 0}, "engines_subscribed_through_tag": {"type": "integer", "title": "Engines Subscribed Through Tag", "default": 0}, "total_subscribed_engines": {"type": "integer", "title": "Total Subscribed Engines", "default": 0}, "total_subscribed_organizations": {"type": "integer", "title": "Total Subscribed Organizations", "default": 0}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "additionalProperties": true, "type": "object", "title": "BlocklistUsageStats"}, "Body_uploadBlocklistContent": {"properties": {"file": {"type": "string", "format": "binary", "title": "File", "description": "Blocklist file in txt format"}}, "type": "object", "required": ["file"], "title": "Body_uploadBlocklistContent"}, "CVESubscription": {"properties": {"id": {"type": "string", "title": "Id", "description": "CVE ID"}}, "type": "object", "required": ["id"], "title": "CVESubscription"}, "ComputedMetrics": {"properties": {"saved": {"$ref": "#/components/schemas/ComputedSavedMetrics", "description": "estimated saved metrics"}, "dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "estimated dropped metrics", "default": []}, "prevented": {"items": {"$ref": "#/components/schemas/AttacksMetrics"}, "type": "array", "title": "Prevented", "description": "prevented attacks metrics", "default": []}}, "type": "object", "required": ["saved"], "title": "ComputedMetrics"}, "ComputedSavedMetrics": {"properties": {"log_lines": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Log Lines", "description": "estimated log lines saved", "default": []}, "storage": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Storage", "description": "estimated storage saved", "default": []}, "egress_traffic": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Egress Traffic", "description": "estimated egress traffic saved", "default": []}}, "type": "object", "title": "ComputedSavedMetrics"}, "CtiAs": {"properties": {"as_num": {"type": "string", "title": "As Num"}, "as_name": {"type": "string", "title": "As Name"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["as_num", "as_name", "total_ips"], "title": "CtiAs"}, "CtiBehavior": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiBehavior"}, "CtiCategory": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "total_ips"], "title": "CtiCategory"}, "CtiCountry": {"properties": {"country_short": {"type": "string", "title": "Country Short"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["country_short", "total_ips"], "title": "CtiCountry"}, "CtiIp": {"properties": {"ip": {"type": "string", "title": "Ip"}, "total_signals_1m": {"type": "integer", "title": "Total Signals 1M"}, "reputation": {"type": "string", "title": "Reputation", "default": "unknown"}}, "additionalProperties": true, "type": "object", "required": ["ip", "total_signals_1m"], "title": "CtiIp"}, "CtiScenario": {"properties": {"name": {"type": "string", "title": "Name"}, "label": {"type": "string", "title": "Label"}, "description": {"type": "string", "title": "Description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References"}, "total_ips": {"type": "integer", "title": "Total Ips"}}, "additionalProperties": true, "type": "object", "required": ["name", "label", "description", "references", "total_ips"], "title": "CtiScenario"}, "EntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration", "remediation_component", "log_processor"], "title": "EntityType"}, "GetRemediationMetricsResponse": {"properties": {"raw": {"$ref": "#/components/schemas/RawMetrics", "description": "Raw metrics data"}, "computed": {"$ref": "#/components/schemas/ComputedMetrics", "description": "Computed metrics data"}}, "type": "object", "required": ["raw", "computed"], "title": "GetRemediationMetricsResponse"}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "title": "Detail", "type": "array"}}, "title": "HTTPValidationError", "type": "object"}, "InfoResponse": {"properties": {"organization_id": {"type": "string", "title": "Organization Id", "description": "The organization ID"}, "subscription_type": {"type": "string", "title": "Subscription Type", "description": "The organization subscription type"}, "api_key_name": {"type": "string", "title": "Api Key Name", "description": "The API key name that is used"}}, "type": "object", "required": ["organization_id", "subscription_type", "api_key_name"], "title": "InfoResponse"}, "IntegrationCreateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "Name of the integration"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "Description of the integration"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}}, "additionalProperties": false, "type": "object", "required": ["name", "entity_type", "output_format"], "title": "IntegrationCreateRequest"}, "IntegrationCreateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}], "title": "Credentials", "description": "Credentials that were generated for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "endpoint", "credentials"], "title": "IntegrationCreateResponse"}, "IntegrationGetResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "endpoint"], "title": "IntegrationGetResponse"}, "IntegrationGetResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/IntegrationGetResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "IntegrationGetResponsePage"}, "IntegrationType": {"type": "string", "enum": ["firewall_integration", "remediation_component_integration"], "title": "IntegrationType"}, "IntegrationUpdateRequest": {"properties": {"name": {"type": "string", "minLength": 1, "title": "Name", "description": "New name"}, "description": {"type": "string", "minLength": 1, "title": "Description", "description": "New description"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "New output format"}, "regenerate_credentials": {"type": "boolean", "title": "Regenerate Credentials", "description": "Regenerate credentials for the integration"}}, "additionalProperties": false, "type": "object", "title": "IntegrationUpdateRequest"}, "IntegrationUpdateResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "ID of the integration"}, "name": {"type": "string", "title": "Name", "description": "Name of the integration. Should be unique within the organization"}, "organization_id": {"type": "string", "title": "Organization Id", "description": "ID of the owner organization"}, "description": {"type": "string", "title": "Description", "description": "Description of the integration"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Time the integration was created"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Last time the integration was updated"}, "entity_type": {"$ref": "#/components/schemas/IntegrationType", "description": "Type of the integration"}, "output_format": {"$ref": "#/components/schemas/OutputFormat", "description": "Output format of the integration"}, "last_pull": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Last Pull", "description": "Last time the integration pulled blocklists"}, "blocklists": {"items": {"$ref": "#/components/schemas/BlocklistSubscription"}, "type": "array", "title": "Blocklists", "description": "Blocklists that are subscribed by the integration"}, "cves": {"items": {"$ref": "#/components/schemas/CVESubscription"}, "type": "array", "title": "Cves", "description": "CVEs that are subscribed by the integration"}, "endpoint": {"type": "string", "maxLength": 2083, "minLength": 1, "format": "uri", "title": "Endpoint", "description": "Url that should be used by the firewall or the remediation component to fetch the integration's content"}, "stats": {"$ref": "#/components/schemas/Stats", "description": "Stats of the integration", "default": {"count": 0}}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Tags associated with the integration", "default": []}, "credentials": {"anyOf": [{"$ref": "#/components/schemas/ApiKeyCredentials"}, {"$ref": "#/components/schemas/BasicAuthCredentials"}, {"type": "null"}], "title": "Credentials", "description": "Credentials for the integration"}}, "type": "object", "required": ["id", "name", "organization_id", "created_at", "updated_at", "entity_type", "output_format", "blocklists", "cves", "endpoint"], "title": "IntegrationUpdateResponse"}, "Links": {"properties": {"first": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "First", "examples": ["/api/v1/users?limit=1&offset1"]}, "last": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Last", "examples": ["/api/v1/users?limit=1&offset1"]}, "self": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Self", "examples": ["/api/v1/users?limit=1&offset1"]}, "next": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Next", "examples": ["/api/v1/users?limit=1&offset1"]}, "prev": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Prev", "examples": ["/api/v1/users?limit=1&offset1"]}}, "type": "object", "title": "Links"}, "MetricUnits": {"type": "string", "enum": ["byte", "packet", "request", "ip", "line", "event"], "title": "MetricUnits"}, "OriginMetrics": {"properties": {"origin": {"anyOf": [{"$ref": "#/components/schemas/BlocklistOrigin"}, {"type": "string"}, {"type": "null"}], "title": "Origin", "description": "Origin of the metric"}, "data": {"items": {"$ref": "#/components/schemas/RemediationMetricsData"}, "type": "array", "title": "Data", "description": "Data points"}}, "type": "object", "required": ["origin", "data"], "title": "OriginMetrics"}, "OutputFormat": {"type": "string", "enum": ["plain_text", "f5", "remediation_component", "fortigate", "paloalto", "checkpoint", "cisco", "juniper", "mikrotik", "pfsense", "opnsense", "sophos"], "title": "OutputFormat"}, "Permission": {"type": "string", "enum": ["read", "write"], "title": "Permission"}, "PricingTiers": {"type": "string", "enum": ["free", "premium", "platinum"], "title": "PricingTiers"}, "PublicBlocklistResponse": {"properties": {"id": {"type": "string", "title": "Id", "description": "Blocklist id"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Blocklist creation date"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Blocklist update date"}, "name": {"type": "string", "title": "Name", "description": "Blocklist name, unique within the organization"}, "label": {"type": "string", "title": "Label", "description": "Blocklist human readable name"}, "description": {"type": "string", "title": "Description", "description": "Blocklist description"}, "references": {"items": {"type": "string"}, "type": "array", "title": "References", "description": "Blocklist references", "default": []}, "is_private": {"type": "boolean", "title": "Is Private", "description": "Private blocklist if True or public if False"}, "tags": {"items": {"type": "string"}, "type": "array", "title": "Tags", "description": "Classification tags", "default": []}, "pricing_tier": {"$ref": "#/components/schemas/PricingTiers", "description": "Pricing tier for Crowdsec blocklists only"}, "source": {"$ref": "#/components/schemas/BlocklistSources", "description": "Blocklist source"}, "stats": {"$ref": "#/components/schemas/BlocklistStats", "description": "Blocklist stats"}, "from_cti_query": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "From Cti Query", "description": "CTI query from which the blocklist was created"}, "since": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Since", "description": "Since duration for the CTI query (eg. 5m, 2h, 7d). Max is 30 days"}, "shared_with": {"items": {"$ref": "#/components/schemas/Share"}, "type": "array", "title": "Shared With", "description": "List of organizations shared with", "default": []}, "organization_id": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Organization Id", "description": "Blocklists owner's organization id"}, "subscribers": {"items": {"$ref": "#/components/schemas/BlocklistSubscribersCount"}, "type": "array", "title": "Subscribers", "description": "List of subscribers to the blocklist. Only subscribers belonging to your organization are returned", "default": []}, "categories": {"items": {"$ref": "#/components/schemas/BlocklistCategory"}, "type": "array", "title": "Categories", "description": "List of categories for the blocklist", "default": []}}, "type": "object", "required": ["id", "created_at", "updated_at", "name", "description", "is_private", "pricing_tier", "source", "stats"], "title": "PublicBlocklistResponse"}, "PublicBlocklistResponsePage": {"properties": {"items": {"items": {"$ref": "#/components/schemas/PublicBlocklistResponse"}, "type": "array", "title": "Items"}, "total": {"type": "integer", "minimum": 0.0, "title": "Total"}, "page": {"type": "integer", "minimum": 1.0, "title": "Page"}, "size": {"type": "integer", "minimum": 1.0, "title": "Size"}, "pages": {"type": "integer", "minimum": 0.0, "title": "Pages"}, "links": {"$ref": "#/components/schemas/Links", "readOnly": true}}, "type": "object", "required": ["items", "total", "page", "size", "pages", "links"], "title": "PublicBlocklistResponsePage"}, "RawMetrics": {"properties": {"dropped": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Dropped", "description": "dropped metrics", "default": []}, "processed": {"items": {"$ref": "#/components/schemas/RemediationMetrics"}, "type": "array", "title": "Processed", "description": "processed metrics", "default": []}}, "type": "object", "title": "RawMetrics"}, "RemediationMetrics": {"properties": {"total": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Total", "description": "Total value of the metric"}, "unit": {"$ref": "#/components/schemas/MetricUnits", "description": "Unit of the metric"}, "progression": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Progression", "description": "Progression of the metric value from the previous period"}, "data": {"items": {"$ref": "#/components/schemas/OriginMetrics"}, "type": "array", "title": "Data", "description": "Data points per origin"}}, "type": "object", "required": ["total", "unit", "progression", "data"], "title": "RemediationMetrics"}, "RemediationMetricsData": {"properties": {"value": {"anyOf": [{"type": "integer"}, {"type": "number"}], "title": "Value", "description": "Value of the metric"}, "timestamp": {"type": "string", "format": "date-time", "title": "Timestamp", "description": "Timestamp of the metric"}}, "type": "object", "required": ["value", "timestamp"], "title": "RemediationMetricsData"}, "Share": {"properties": {"organization_id": {"type": "string", "title": "Organization Id"}, "permission": {"$ref": "#/components/schemas/Permission"}}, "type": "object", "required": ["organization_id", "permission"], "title": "Share"}, "SourceInfo": {"properties": {"source_type": {"$ref": "#/components/schemas/SourceType", "description": "The source type that created the allowlist entry"}, "identifier": {"type": "string", "title": "Identifier", "description": "The source identifier that created the allowlist entry"}}, "type": "object", "required": ["source_type", "identifier"], "title": "SourceInfo"}, "SourceType": {"type": "string", "enum": ["user", "apikey"], "title": "SourceType"}, "Stats": {"properties": {"count": {"type": "integer", "title": "Count", "description": "Number of total blocklists items the integration will pull"}}, "type": "object", "required": ["count"], "title": "Stats"}, "SubscriberEntityType": {"type": "string", "enum": ["org", "tag", "engine", "firewall_integration", "remediation_component_integration"], "title": "SubscriberEntityType"}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "title": "Location", "type": "array"}, "msg": {"title": "Message", "type": "string"}, "type": {"title": "Error Type", "type": "string"}}, "required": ["loc", "msg", "type"], "title": "ValidationError", "type": "object"}, "AppsecConfigIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecConfigIndex", "type": "object"}, "AppsecRuleIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "AppsecRuleIndex", "type": "object"}, "CollectionIndex": {"properties": {"appsec-configs": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-configs", "title": "Appsec-Configs"}, "appsec-rules": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of appsec-rules", "title": "Appsec-Rules"}, "collections": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of collections", "title": "Collections"}, "content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "contexts": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of contexts", "title": "Contexts"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "parsers": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of parsers", "title": "Parsers"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "postoverflows": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of postoverflows", "title": "Postoverflows"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "scenarios": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of scenarios", "title": "Scenarios"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "CollectionIndex", "type": "object"}, "ContextIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ContextIndex", "type": "object"}, "Index": {"description": "Index document served to crowdsec/cscli.", "properties": {"appsec-configs": {"additionalProperties": {"$ref": "#/components/schemas/AppsecConfigIndex"}, "title": "Appsec-Configs", "type": "object"}, "appsec-rules": {"additionalProperties": {"$ref": "#/components/schemas/AppsecRuleIndex"}, "title": "Appsec-Rules", "type": "object"}, "collections": {"additionalProperties": {"$ref": "#/components/schemas/CollectionIndex"}, "title": "Collections", "type": "object"}, "contexts": {"additionalProperties": {"$ref": "#/components/schemas/ContextIndex"}, "title": "Contexts", "type": "object"}, "parsers": {"additionalProperties": {"$ref": "#/components/schemas/ParserIndex"}, "title": "Parsers", "type": "object"}, "postoverflows": {"additionalProperties": {"$ref": "#/components/schemas/PostoverflowIndex"}, "title": "Postoverflows", "type": "object"}, "scenarios": {"additionalProperties": {"$ref": "#/components/schemas/ScenarioIndex"}, "title": "Scenarios", "type": "object"}}, "title": "Index", "type": "object"}, "ParserIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the parser", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "ParserIndex", "type": "object"}, "PostoverflowIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "stage": {"description": "The stage of the postoverflow", "title": "Stage", "type": "string"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "required": ["stage"], "title": "PostoverflowIndex", "type": "object"}, "ScenarioIndex": {"properties": {"content": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "The YAML content of the item, in plaintext.", "examples": ["type: leaky\n#debug: true\nname: crowdsecurity/vsftpd-bf\ndescription: \"Detect FTP bruteforce (vsftpd)\"\nfilter: evt.Meta.log_type == 'ftp_failed_auth'\nleakspeed: \"10s\"\ncapacity: 5\ngroupby: evt.Meta.source_ip\nblackhole: 5m\nlabels:\n confidence: 3\n spoofable: 0\n classification:\n - attack.T1110\n behavior: \"ftp:bruteforce\"\n label: \"VSFTPD Bruteforce\"\n remediation: true\n service: vsftpd"], "title": "Content"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "A short, plaintext description of the item", "title": "Description"}, "labels": {"anyOf": [{"additionalProperties": {"anyOf": [{"type": "string"}, {"items": {"type": "string"}, "type": "array"}, {"type": "integer"}]}, "type": "object"}, {"type": "null"}], "description": "Classification labels for the item", "examples": [{"behavior": "ftp:bruteforce", "classification": ["attack.T1110"], "confidence": 3, "label": "VSFTPD Bruteforce", "remediation": true, "service": "vsftpd", "spoofable": 0}], "title": "Labels"}, "path": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Relative path to the item's YAML content", "examples": ["scenarios/crowdsecurity/vsftpd-bf.yaml"], "title": "Path"}, "references": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "description": "List of references to external resources", "title": "References"}, "version": {"anyOf": [{"type": "string"}, {"type": "null"}], "description": "Current version of the collection", "examples": ["0.2"], "title": "Version"}, "versions": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/VersionDetail"}, "type": "object"}, {"type": "null"}], "description": "A dictionary where each key is a version number (e.g., '0.1', '0.2')", "examples": [{"0.1": {"deprecated": false, "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1"}, "0.2": {"deprecated": false, "digest": "d1ddf4797250c1899a93ce634e6366e5deaaaf7508135056d17e9b09998ddf91"}}], "title": "Versions"}}, "title": "ScenarioIndex", "type": "object"}, "VersionDetail": {"properties": {"deprecated": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "default": false, "description": "Indicates whether this version is deprecated.", "title": "Deprecated"}, "digest": {"description": "The SHA256 digest of the versioned file.", "examples": ["Detect FTP bruteforce (vsftpd)"], "title": "Digest", "type": "string"}}, "required": ["digest"], "title": "VersionDetail", "type": "object"}}, "securitySchemes": {"ApiKeyAuth": {"type": "apiKey", "in": "header", "name": "x-api-key", "description": "If integration key is provided, can also work to get integration content"}, "BasicAuth": {"type": "http", "scheme": "basic", "description": "Basic Auth for integration content endpoint only"}}}, "security": [{"ApiKeyAuth": []}, {"BasicAuth": []}], "servers": [{"url": "https://admin.api.crowdsec.net/v1", "description": "Production server"}]} \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 8262bda..7967d60 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "crowdsec_service_api" -version = "1.87.2" +version = "1.96.0" license = { text = "MIT" } authors = [ { name="crowdsec", email="info@crowdsec.net" }