diff --git a/docs/api-reference/spec/firework-v2-openapi.json b/docs/api-reference/spec/firework-v2-openapi.json index e13123a..f53d2e1 100644 --- a/docs/api-reference/spec/firework-v2-openapi.json +++ b/docs/api-reference/spec/firework-v2-openapi.json @@ -377,25 +377,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivityUserMetadata" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/ActivityUserMetadata" } } }, - "description": "Query is invalid." + "description": "Success" } }, "tags": [ @@ -482,25 +482,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivityUserMetadata" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/ActivityUserMetadata" } } }, - "description": "Query is invalid." + "description": "Success" } }, "tags": [ @@ -549,25 +549,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivityUserMetadata" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/ActivityUserMetadata" } } }, - "description": "Query is invalid." + "description": "Success" } }, "tags": [ @@ -654,25 +654,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivityUserMetadata" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/ActivityUserMetadata" } } }, - "description": "Query is invalid." + "description": "Success" } }, "tags": [ @@ -1124,10 +1124,6 @@ } ], "responses": { - "200": { - "content": {}, - "description": "Returns the related leaked_data" - }, "404": { "content": { "application/json": { @@ -1137,6 +1133,10 @@ } }, "description": "Activity not found" + }, + "200": { + "content": {}, + "description": "Returns the related leaked_data" } }, "tags": [ @@ -1224,10 +1224,6 @@ } ], "responses": { - "200": { - "content": {}, - "description": "Returns the related parent_uids data" - }, "404": { "content": { "application/json": { @@ -1237,6 +1233,10 @@ } }, "description": "Activity not found" + }, + "200": { + "content": {}, + "description": "Returns the related parent_uids data" } }, "tags": [ @@ -1295,10 +1295,6 @@ } ], "responses": { - "200": { - "content": {}, - "description": "Returns related activities" - }, "400": { "content": { "application/json": { @@ -1318,6 +1314,10 @@ } }, "description": "Activity not found" + }, + "200": { + "content": {}, + "description": "Returns related activities" } }, "tags": [ @@ -1831,7 +1831,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -2037,15 +2037,15 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Identifier group does not exist." }, "400": { "content": { @@ -2057,15 +2057,15 @@ }, "description": "Query is invalid." }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Identifier group does not exist." + "description": "Returns the search result(s)." } }, "tags": [ @@ -2151,7 +2151,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -2357,15 +2357,15 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Identifier group does not exist." }, "400": { "content": { @@ -2377,15 +2377,15 @@ }, "description": "Query is invalid." }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Identifier group does not exist." + "description": "Returns the search result(s)." } }, "tags": [ @@ -2467,25 +2467,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/post_assets__assets__200_response" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/post_assets__assets__200_response" } } }, - "description": "Query is invalid." + "description": "Success" } }, "tags": [ @@ -2722,7 +2722,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -2928,15 +2928,15 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Identifier does not exist." }, "400": { "content": { @@ -2948,15 +2948,15 @@ }, "description": "Query is invalid." }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Identifier does not exist." + "description": "Returns the search result(s)." } }, "tags": [ @@ -3042,7 +3042,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -3248,15 +3248,15 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Identifier does not exist." }, "400": { "content": { @@ -3268,15 +3268,15 @@ }, "description": "Query is invalid." }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Identifier does not exist." + "description": "Returns the search result(s)." } }, "tags": [ @@ -3326,7 +3326,7 @@ "content": {}, "description": "Returns the highlights of the identifier data matching on an activity content." }, - "400": { + "404": { "content": { "application/json": { "schema": { @@ -3334,9 +3334,9 @@ } } }, - "description": "Query is invalid." + "description": "Identifier or activity does not exist." }, - "404": { + "400": { "content": { "application/json": { "schema": { @@ -3344,7 +3344,7 @@ } } }, - "description": "Identifier or activity does not exist." + "description": "Query is invalid." } }, "tags": [ @@ -3440,7 +3440,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -3646,15 +3646,15 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Identifier does not exist." }, "400": { "content": { @@ -3666,15 +3666,15 @@ }, "description": "Query is invalid." }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Identifier does not exist." + "description": "Returns the search result(s)." } }, "tags": [ @@ -3782,7 +3782,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -4061,7 +4061,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -4387,25 +4387,25 @@ "required": true }, "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/put_current_user_profile__me_profile_200_response" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Update is invalid" }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/put_current_user_profile__me_profile_200_response" } } }, - "description": "Update is invalid" + "description": "Success" } }, "tags": [ @@ -4464,25 +4464,25 @@ } ], "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/OrganizationMemberPage" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Organization not found" }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/OrganizationMemberPage" } } }, - "description": "Organization not found" + "description": "Success" } }, "tags": [ @@ -4512,25 +4512,25 @@ "required": true }, "responses": { - "200": { + "404": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/post_organization_members_api__organizations__int_organization_id__members_200_response" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Success" + "description": "Organization not found" }, - "404": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/post_organization_members_api__organizations__int_organization_id__members_200_response" } } }, - "description": "Organization not found" + "description": "Success" } }, "tags": [ @@ -5122,7 +5122,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -5326,25 +5326,25 @@ } ], "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Query is invalid." + "description": "Returns the search result(s)." } }, "tags": [ @@ -5422,7 +5422,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -5626,25 +5626,25 @@ } ], "responses": { - "200": { + "400": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Query is invalid." }, - "400": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Query is invalid." + "description": "Returns the search result(s)." } }, "tags": [ @@ -5885,362 +5885,337 @@ }, "components": { "responses": { - "HTTPException": { + "ParseError": { "content": {}, - "description": "" + "description": "When a mask can't be parsed" }, "MaskError": { "content": {}, "description": "When any error occurs on mask" }, - "ParseError": { + "HTTPException": { "content": {}, - "description": "When a mask can't be parsed" + "description": "" } }, "schemas": { - "ActivityAiAssistance": { + "HttpError": { "properties": { - "prompt": { - "type": "string" - }, - "response": { + "message": { "type": "string" }, - "uid": { + "code": { "type": "string" } }, "type": "object" }, - "ActivityUserMetadata": { + "Search": { "properties": { - "ignored_at": { - "format": "date-time", - "type": "string" - }, - "remediated_asset_uuid": { - "type": "string" - }, - "remediated_at": { - "format": "date-time", - "type": "string" - }, - "risk_score_updated_at": { - "format": "date-time", - "type": "string" - }, - "tags": { + "items": { "items": { - "type": "string" + "properties": {}, + "type": "object" }, "type": "array" }, - "uid": { - "type": "string" - } - }, - "type": "object" - }, - "ActivityUserMetadataIgnored": { - "properties": { - "identifier_id": { + "nb_hits": { "type": "integer" }, - "is_ignored": { - "type": "boolean" - } - }, - "required": [ - "is_ignored" - ], - "type": "object" - }, - "ActivityUserMetadataRemediated": { - "properties": { - "identifier_id": { - "type": "integer" + "links": { + "$ref": "#/components/schemas/SearchLinks" }, - "is_remediated": { - "type": "boolean" - } - }, - "required": [ - "is_remediated" - ], - "type": "object" - }, - "ActivityUserNotes": { - "properties": { - "notes": { + "search_after": { "type": "string" } }, - "required": [ - "notes" - ], "type": "object" }, - "ActivityUserRiskScore": { + "SearchLinks": { "properties": { - "risk_score": { - "type": "integer" + "next": { + "type": "string" } }, - "required": [ - "risk_score" - ], "type": "object" }, - "ActivityUserTags": { + "IdentifierCreate": { "properties": { - "tags": { + "name": { + "minLength": 1, + "type": "string" + }, + "type": { + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ], + "example": "domain", + "type": "string" + }, + "search_types": { + "items": { + "enum": [ + "stack_exchange", + "service", + "ad", + "forum_post", + "listing", + "docker", + "bucket_object", + "social_media_account", + "forum_topic", + "forum_profile", + "source_code_files", + "google", + "bucket", + "paste", + "ransomleak", + "source_code_secrets", + "blog_post", + "domain", + "chat_message", + "leak", + "financial_data", + "bot", + "stealer_log", + "seller", + "illicit_networks", + "open_web", + "buckets", + "source_code", + "leaks", + "domains", + "forum_content", + "blog_content", + "profile", + "ads", + "infected_devices", + "social_media" + ], + "example": "stack_exchange", + "type": "string" + }, + "type": "array" + }, + "experimental_search_types": { "items": { "type": "string" }, "type": "array" + }, + "risks": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "data": { + "properties": {}, + "type": "object" } }, "required": [ - "tags" + "data", + "name", + "search_types", + "type" ], "type": "object" }, - "AlertUpdate": { + "Identifier": { "properties": { "id": { "type": "integer" }, - "last_result_date": { - "format": "date", - "type": "string" - }, - "processed_at": { - "format": "date", - "type": "string" - } - }, - "type": "object" - }, - "ArchiveFile": { - "properties": { - "data": { - "$ref": "#/components/schemas/ArchiveFileData" - }, - "errors": { - "$ref": "#/components/schemas/ArchiveFileErrors" - }, - "id": { + "tenant_id": { "type": "integer" }, - "metadata": { - "$ref": "#/components/schemas/ArchiveFileMetadata" - }, - "password": { - "type": "string" - }, - "ransomleak_uid": { - "type": "string" - }, - "retry_after": { - "format": "date-time", - "type": "string" - }, - "retry_count": { + "feed_id": { "type": "integer" }, - "source": { - "type": "string" - }, - "status": { - "type": "string" - }, - "status_updated_at": { - "format": "date-time", - "type": "string" - }, "type": { + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ], + "example": "domain", "type": "string" }, - "url": { - "type": "string" - } - }, - "type": "object" - }, - "ArchiveFileData": { - "properties": { - "parts": { + "search_types": { "items": { - "$ref": "#/components/schemas/MultiPartData" + "enum": [ + "stack_exchange", + "service", + "forum_post", + "listing", + "docker", + "bucket_object", + "social_media_account", + "forum_topic", + "forum_profile", + "source_code_files", + "google", + "bucket", + "paste", + "ransomleak", + "source_code_secrets", + "blog_post", + "domain", + "chat_message", + "leak", + "financial_data", + "bot", + "stealer_log", + "seller", + "illicit_networks", + "open_web", + "buckets", + "source_code", + "leaks", + "domains", + "forum_content", + "blog_content", + "profile", + "infected_devices", + "social_media" + ], + "example": "stack_exchange", + "type": "string" }, "type": "array" - } - }, - "type": "object" - }, - "ArchiveFileErrorData": { - "properties": { - "traceback": { - "type": "string" }, - "type": { - "type": "string" - } - }, - "type": "object" - }, - "ArchiveFileErrors": { - "properties": { - "errors": { + "experimental_search_types": { "items": { - "$ref": "#/components/schemas/ArchiveFileErrorData" + "type": "string" }, "type": "array" - } - }, - "type": "object" - }, - "ArchiveFileMetadata": { - "properties": { - "estimated_created_at": { - "format": "date-time", - "type": "string" - }, - "event_id": { - "type": "integer" - }, - "event_id_v2": { - "type": "string" - }, - "first_crawled_at": { - "format": "date-time", - "type": "string" - }, - "last_crawled_at": { - "format": "date-time", - "type": "string" - }, - "scraped_at": { - "format": "date-time", - "type": "string" }, - "scraper_id": { - "type": "string" - } - }, - "type": "object" - }, - "AuditEvent": { - "properties": { - "actor_data": { - "properties": {}, - "type": "object" + "v3_refs": { + "$ref": "#/components/schemas/V3_Refs" }, - "affected_entities": { - "properties": {}, - "type": "object" + "risks": { + "items": { + "type": "integer" + }, + "type": "array" }, - "created_at": { - "format": "date-time", + "name": { + "minLength": 1, "type": "string" }, "data": { "properties": {}, "type": "object" }, - "id": { - "type": "integer" - }, - "organization_id": { + "fetching_progress": { "type": "integer" }, - "original_data": { - "properties": {}, - "type": "object" - }, - "user_id": { + "count": { "type": "integer" - } - }, - "required": [ - "data" - ], - "type": "object" - }, - "CredentialUrl": { - "properties": { - "credential_hash": { - "type": "string" }, - "domain": { + "urn": { + "description": "The uniform resource name of the identifier.", "type": "string" }, - "is_stealer_log": { + "is_disabled": { "type": "boolean" }, - "url": { + "source": { + "enum": [ + "USER", + "SYSTEM_RELATION", + "SELF_ONBOARDING", + "ATTRIBUTE", + "IDP_SYNC" + ], + "example": "USER", "type": "string" - } - }, - "type": "object" - }, - "Details": { - "properties": { - "summary": { - "$ref": "#/components/schemas/InsightText" }, - "title": { - "$ref": "#/components/schemas/InsightText" + "data_updated_at": { + "format": "date-time", + "type": "string" } }, "required": [ - "title" + "data", + "name", + "search_types", + "type" ], "type": "object" }, - "EnableState": { + "V3_Refs": { "properties": { - "is_disabled": { - "type": "boolean" + "asset_uuid": { + "type": "string" } }, "type": "object" }, - "ExportPriorityActionVisualizationData": { + "IdentifierToggle": { "properties": { - "format": { - "enum": [ - "csv" - ], - "example": "csv", - "type": "string" - }, - "stream": { - "type": "string" + "is_disabled": { + "default": true, + "description": "The `is_disabled` parameter is used to toggle the asset as either enabled or disabled.", + "type": "boolean" } }, "required": [ - "format", - "stream" + "is_disabled" ], "type": "object" }, "FeedAlert": { "properties": { - "created_at": { - "format": "date-time", + "name": { "type": "string" }, - "experimental_search_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "feed_target_id": { + "id": { "type": "integer" }, + "type": { + "enum": [ + "email", + "channel", + "azure_sentinel", + "azure_sentinel_v2", + "slack", + "discord", + "splunk", + "jira", + "teams", + "servicenow", + "webhook" + ], + "example": "email", + "type": "string" + }, + "feed_url": { + "type": "string" + }, "feed_target_type": { "enum": [ "assets/groups", @@ -6250,30 +6225,29 @@ "example": "assets/groups", "type": "string" }, - "feed_url": { - "type": "string" - }, - "frequency": { + "feed_target_id": { "type": "integer" }, - "id": { + "frequency": { "type": "integer" }, - "name": { + "start_at": { + "format": "date-time", "type": "string" }, - "organization_id": { - "type": "integer" + "created_at": { + "format": "date-time", + "type": "string" }, "params": { "properties": {}, "type": "object" }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" + "tenant_id": { + "type": "integer" + }, + "organization_id": { + "type": "integer" }, "search_types": { "items": { @@ -6339,1209 +6313,979 @@ }, "type": "array" }, - "start_at": { - "format": "date-time", - "type": "string" - }, - "tenant_alert_channel_id": { - "type": "integer" - }, - "tenant_id": { - "type": "integer" - }, - "type": { - "enum": [ - "email", - "channel", - "azure_sentinel", - "azure_sentinel_v2", - "slack", - "discord", - "splunk", - "jira", - "teams", - "servicenow", - "webhook" - ], - "example": "email", - "type": "string" - } - }, - "required": [ - "frequency", - "params", - "start_at", - "type" - ], - "type": "object" - }, - "FootprintVisualizationChart": { - "properties": { - "data": { - "properties": {}, - "type": "object" - }, - "id": { - "type": "string" - }, - "title": { - "type": "string" + "experimental_search_types": { + "items": { + "type": "string" + }, + "type": "array" }, - "type": { - "enum": [ - "comparison_chart", - "tabular_chart", - "radial_chart", - "line_chart", - "bar_chart", - "radar_chart" - ], - "example": "comparison_chart", - "type": "string" + "risks": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "tenant_alert_channel_id": { + "type": "integer" } }, "required": [ - "data", - "id", + "frequency", + "params", + "start_at", "type" ], "type": "object" }, - "GroupedFeedAlerts": { + "IdentifierGroup": { "properties": { - "alerts": { - "$ref": "#/components/schemas/FeedAlert" + "id": { + "type": "integer" }, - "key": { - "type": "string" + "tenant_id": { + "type": "integer" }, - "organization_settings": { - "$ref": "#/components/schemas/OrganizationSettings" + "feed_id": { + "type": "integer" }, - "params": { - "properties": {}, - "type": "object" + "feed_owner_id": { + "type": "integer" }, - "type": { + "name": { "type": "string" - } - }, - "required": [ - "alerts", - "key", - "organization_settings", - "params", - "type" - ], - "type": "object" - }, - "HighlightPayload": { - "properties": { - "identifier_ids": { - "items": { - "type": "integer" - }, - "type": "array" }, - "query_string": { + "urn": { + "description": "The uniform resource name of the identifier group.", "type": "string" } }, "type": "object" }, - "HttpError": { + "UpdateGroupData": { "properties": { - "code": { - "type": "string" - }, - "message": { + "name": { "type": "string" } }, "type": "object" }, - "Identifier": { + "Organization": { "properties": { - "count": { + "id": { "type": "integer" }, - "data": { - "properties": {}, - "type": "object" + "name": { + "description": "Display name", + "type": "string" }, - "data_updated_at": { - "format": "date-time", + "type": { + "enum": [ + "direct", + "service-firm", + "training" + ], + "example": "direct", "type": "string" }, - "experimental_search_types": { - "items": { - "type": "string" - }, - "type": "array" + "settings": { + "$ref": "#/components/schemas/OrganizationSettings" }, - "feed_id": { - "type": "integer" + "file_analysis_enabled": { + "type": "boolean" }, - "fetching_progress": { + "user_limit": { "type": "integer" }, - "id": { + "access_level": { "type": "integer" }, - "is_disabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" - }, - "search_types": { - "items": { - "enum": [ - "listing", - "source_code_files", - "service", - "stealer_log", - "social_media_account", - "ransomleak", - "forum_post", - "bot", - "docker", - "chat_message", - "stack_exchange", - "forum_topic", - "paste", - "seller", - "source_code_secrets", - "blog_post", - "domain", - "google", - "bucket_object", - "financial_data", - "bucket", - "leak", - "forum_profile", - "illicit_networks", - "open_web", - "buckets", - "source_code", - "leaks", - "domains", - "forum_content", - "blog_content", - "profile", - "infected_devices", - "social_media" - ], - "example": "listing", - "type": "string" - }, - "type": "array" - }, - "source": { - "enum": [ - "USER", - "SYSTEM_RELATION", - "SELF_ONBOARDING", - "ATTRIBUTE" - ], - "example": "USER", + "urn": { + "description": "The uniform resource name of the organization.", "type": "string" }, - "tenant_id": { - "type": "integer" - }, - "type": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", + "access_end_at": { + "format": "date-time", "type": "string" }, - "urn": { - "description": "The uniform resource name of the identifier.", + "archived_at": { + "format": "date-time", "type": "string" }, - "v3_refs": { - "$ref": "#/components/schemas/V3_Refs" + "authorization_workflow_enabled": { + "type": "boolean" } }, "required": [ - "data", - "name", - "search_types", - "type" + "name" ], "type": "object" }, - "IdentifierCreate": { + "OrganizationSettings": { "properties": { - "data": { - "properties": {}, - "type": "object" - }, - "experimental_search_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" - }, - "search_types": { - "items": { - "enum": [ - "listing", - "source_code_files", - "service", - "stealer_log", - "social_media_account", - "ad", - "ransomleak", - "forum_post", - "bot", - "docker", - "chat_message", - "stack_exchange", - "forum_topic", - "paste", - "seller", - "source_code_secrets", - "blog_post", - "domain", - "google", - "bucket_object", - "financial_data", - "bucket", - "leak", - "forum_profile", - "illicit_networks", - "open_web", - "buckets", - "source_code", - "leaks", - "domains", - "forum_content", - "blog_content", - "profile", - "ads", - "infected_devices", - "social_media" - ], - "example": "listing", + "permissions": { + "items": { "type": "string" }, "type": "array" }, - "type": { + "through_distributor": { + "type": "boolean" + }, + "hs_takedown_properties": { + "type": "object" + } + }, + "type": "object" + }, + "OrganizationHSProperties": { + "type": "object" + }, + "NewTenantInfo": { + "properties": { + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "industry": { "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" + "global", + "transport", + "education", + "energy", + "finance", + "healthcare", + "manufacturing", + "retail", + "software", + "telecommunication" ], - "example": "domain", + "example": "global", "type": "string" } }, - "required": [ - "data", - "name", - "search_types", - "type" - ], "type": "object" }, - "IdentifierGroup": { + "TenantWithCounts": { "properties": { - "feed_id": { - "type": "integer" - }, - "feed_owner_id": { - "type": "integer" + "next": { + "type": "string" }, + "items": { + "$ref": "#/components/schemas/TenantWithCounts" + } + }, + "type": "object" + }, + "Tenant": { + "properties": { "id": { + "description": "Tenant ID", "type": "integer" }, "name": { + "description": "Tenant name", "type": "string" }, - "tenant_id": { + "type": { + "description": "Tenant type", + "type": "string" + }, + "description": { + "description": "This tenant's purpose", + "type": "string" + }, + "organization_id": { + "description": "ID of the owner organization", "type": "integer" }, "urn": { - "description": "The uniform resource name of the identifier group.", + "description": "The uniform resource name of the tenant.", "type": "string" - } - }, - "type": "object" - }, - "IdentifierRelationData": { - "properties": { - "asset_relation_uuid": { + }, + "number_of_employees": { + "description": "The number of employees for the tenant.", + "type": "integer" + }, + "industry": { + "description": "The industry of the tenant.", "type": "string" }, - "identifier_id": { + "is_disabled": { + "description": "Indicates if the tenant is disabled", + "type": "boolean" + }, + "is_archived": { + "description": "Indicates if the tenant is archived", + "type": "boolean" + }, + "feed_id": { + "description": "ID of the feed", "type": "integer" + }, + "permissions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "prevent_global_search": { + "description": "Indicates if the tenant can perform global searches", + "type": "boolean" } }, - "required": [ - "asset_relation_uuid", - "identifier_id" - ], "type": "object" }, - "IdentifierToggle": { + "UpdatedPermission": { "properties": { - "is_disabled": { - "default": true, - "description": "The `is_disabled` parameter is used to toggle the asset as either enabled or disabled.", + "updated_value": { "type": "boolean" } }, - "required": [ - "is_disabled" - ], "type": "object" }, - "Import": { + "AuditEvent": { "properties": { "id": { "type": "integer" }, - "integration": { - "enum": [ - "csv" - ], - "example": "csv", - "type": "string" + "user_id": { + "type": "integer" }, - "tenant_id": { + "organization_id": { "type": "integer" }, - "type": { - "enum": [ - "identifiers" - ], - "example": "identifiers", + "created_at": { + "format": "date-time", "type": "string" + }, + "data": { + "properties": {}, + "type": "object" + }, + "original_data": { + "properties": {}, + "type": "object" + }, + "affected_entities": { + "properties": {}, + "type": "object" + }, + "actor_data": { + "properties": {}, + "type": "object" } }, "required": [ - "id", - "integration", - "tenant_id", - "type" + "data" ], "type": "object" }, - "ImportItemFailures": { + "OrganizationMemberData": { "properties": { - "message": { + "name": { "type": "string" }, - "type": { - "enum": [ - "unknown_identifier_type", - "bad_identifier_query", - "above_max_group_nesting", - "unknown_identifier_source", - "identifier_not_allowed", - "identifier_type_not_allowed", - "too_many_attributes", - "invalid_attribute_format" - ], - "example": "unknown_identifier_type", + "surname": { "type": "string" + }, + "email": { + "type": "string" + }, + "organization_member_permissions": { + "properties": {}, + "type": "object" + }, + "user_permissions": { + "properties": {}, + "type": "object" + }, + "memberships": { + "items": { + "$ref": "#/components/schemas/UserTenantMembership" + }, + "type": "array" + }, + "send_welcome_email": { + "default": true, + "type": "boolean" } }, "required": [ - "message", - "type" + "email", + "name", + "organization_member_permissions", + "surname" ], "type": "object" }, - "Insight": { + "UserTenantMembership": { "properties": { - "analysis": { - "$ref": "#/components/schemas/InsightText" - }, - "date": { - "format": "date-time", - "type": "string" - }, - "paragraph": { - "$ref": "#/components/schemas/InsightText" + "tenant_id": { + "type": "integer" }, - "title": { - "$ref": "#/components/schemas/InsightText" + "is_readonly": { + "type": "boolean" }, - "type": { + "role": { + "enum": [ + "viewer", + "editor", + "admin" + ], + "example": "viewer", "type": "string" - }, - "visualization": { + } + }, + "required": [ + "tenant_id" + ], + "type": "object" + }, + "OrganizationMemberPage": { + "properties": { + "members": { "items": { - "$ref": "#/components/schemas/FootprintVisualizationChart" + "$ref": "#/components/schemas/OrganizationMemberWithMetadata" }, "type": "array" } }, - "required": [ - "analysis", - "date", - "paragraph", - "title", - "type" - ], "type": "object" }, - "InsightText": { + "OrganizationMemberWithMetadata": { "properties": { - "params": { - "description": "Relevant data related to the text", - "properties": {}, - "type": "object" + "user": { + "$ref": "#/components/schemas/OrganizationMember" }, - "text": { - "description": "Text for the insight", - "type": "string" + "tenant_count": { + "type": "integer" } }, - "required": [ - "text" - ], "type": "object" }, - "LeakActivityCredential": { + "OrganizationMember": { "properties": { - "credential_hash": { - "type": "string" - }, - "domain": { - "type": "string" - }, - "hash": { - "type": "string" - }, "id": { "type": "integer" }, - "identity_name": { + "name": { "type": "string" }, - "ignored_at": { - "format": "date-time", + "surname": { "type": "string" }, - "imported_at": { + "email": { "type": "string" }, - "known_password_id": { - "type": "integer" + "organization_member_permissions": { + "$ref": "#/components/schemas/OrganizationMemberPermission" }, - "remediated_at": { + "is_disabled": { + "type": "boolean" + }, + "registered_at": { "format": "date-time", "type": "string" }, - "source": { - "$ref": "#/components/schemas/source" - }, - "source_id": { + "urn": { + "description": "The uniform resource name of the member.", "type": "string" } }, - "required": [ - "id", - "identity_name", - "imported_at", - "source_id" - ], "type": "object" }, - "LeakedCredential": { + "OrganizationMemberPermission": { "properties": { - "id": { - "type": "integer" + "*": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" } }, "type": "object" }, - "Mitre": { + "EnableState": { "properties": { - "mitigation": { - "$ref": "#/components/schemas/MitreLink" - }, - "techniques": { - "$ref": "#/components/schemas/MitreLink" + "is_disabled": { + "type": "boolean" } }, - "required": [ - "mitigation", - "techniques" - ], "type": "object" }, - "MitreLink": { + "PermissionData": { "properties": { - "id": { - "description": "Mitre's id", - "type": "string" - }, - "text": { - "description": "Mitre's text", + "permission": { "type": "string" }, - "url": { - "description": "Link to the Mitre url page", - "type": "string" + "value": { + "type": "boolean" } }, "required": [ - "id", - "text", - "url" + "permission", + "value" ], "type": "object" }, - "MultiPartData": { + "OrganizationMonthlyUsage": { "properties": { - "size": { + "timestamp": { + "type": "string" + }, + "identifier_count": { "type": "integer" }, - "url": { - "type": "string" + "global_search_calls_count": { + "type": "integer" } }, "type": "object" }, - "NewReport": { + "HighlightPayload": { "properties": { - "audience": { - "enum": [ - "technical", - "general" - ], - "example": "technical", - "type": "string" - }, - "author": { + "query_string": { "type": "string" }, - "elements": { + "identifier_ids": { "items": { - "$ref": "#/components/schemas/ReportElementUpdate" + "type": "integer" }, "type": "array" - }, - "title": { - "type": "string" - } - }, - "required": [ - "author", - "title" - ], - "type": "object" - }, - "NewTenantInfo": { - "properties": { - "description": { - "type": "string" - }, - "industry": { - "enum": [ - "global", - "transport", - "education", - "energy", - "finance", - "healthcare", - "manufacturing", - "retail", - "software", - "telecommunication" - ], - "example": "global", - "type": "string" - }, - "name": { - "type": "string" } }, "type": "object" }, - "Organization": { + "ActivityUserNotes": { "properties": { - "access_end_at": { - "format": "date-time", - "type": "string" - }, - "access_level": { - "type": "integer" - }, - "archived_at": { - "format": "date-time", - "type": "string" - }, - "authorization_workflow_enabled": { - "type": "boolean" - }, - "file_analysis_enabled": { - "type": "boolean" - }, - "id": { - "type": "integer" - }, - "name": { - "description": "Display name", - "type": "string" - }, - "settings": { - "$ref": "#/components/schemas/OrganizationSettings" - }, - "type": { - "enum": [ - "direct", - "service-firm", - "training" - ], - "example": "direct", - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the organization.", + "notes": { "type": "string" - }, - "user_limit": { - "type": "integer" } }, "required": [ - "name" + "notes" ], "type": "object" }, - "OrganizationHSProperties": { - "type": "object" - }, - "OrganizationMember": { - "properties": { - "email": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "is_disabled": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "organization_member_permissions": { - "$ref": "#/components/schemas/OrganizationMemberPermission" - }, - "registered_at": { - "format": "date-time", - "type": "string" - }, - "surname": { - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the member.", - "type": "string" - } - }, - "type": "object" - }, - "OrganizationMemberData": { + "ActivityUserMetadata": { "properties": { - "email": { + "uid": { "type": "string" }, - "memberships": { + "tags": { "items": { - "$ref": "#/components/schemas/UserTenantMembership" + "type": "string" }, "type": "array" }, - "name": { + "risk_score_updated_at": { + "format": "date-time", "type": "string" }, - "organization_member_permissions": { - "properties": {}, - "type": "object" - }, - "send_welcome_email": { - "default": true, - "type": "boolean" + "remediated_at": { + "format": "date-time", + "type": "string" }, - "surname": { + "ignored_at": { + "format": "date-time", "type": "string" }, - "user_permissions": { - "properties": {}, - "type": "object" + "remediated_asset_uuid": { + "type": "string" } }, - "required": [ - "email", - "name", - "organization_member_permissions", - "surname" - ], "type": "object" }, - "OrganizationMemberPage": { + "ActivityUserRiskScore": { "properties": { - "members": { - "items": { - "$ref": "#/components/schemas/OrganizationMemberWithMetadata" - }, - "type": "array" + "risk_score": { + "type": "integer" } }, + "required": [ + "risk_score" + ], "type": "object" }, - "OrganizationMemberPermission": { + "ActivityUserMetadataRemediated": { "properties": { - "*": { - "additionalProperties": { - "type": "boolean" - }, - "type": "object" + "is_remediated": { + "type": "boolean" + }, + "identifier_id": { + "type": "integer" } }, + "required": [ + "is_remediated" + ], "type": "object" }, - "OrganizationMemberWithMetadata": { + "ActivityUserMetadataIgnored": { "properties": { - "tenant_count": { - "type": "integer" + "is_ignored": { + "type": "boolean" }, - "user": { - "$ref": "#/components/schemas/OrganizationMember" + "identifier_id": { + "type": "integer" } }, + "required": [ + "is_ignored" + ], "type": "object" }, - "OrganizationMonthlyUsage": { + "ActivityAiAssistance": { "properties": { - "global_search_calls_count": { - "type": "integer" + "uid": { + "type": "string" }, - "identifier_count": { - "type": "integer" + "prompt": { + "type": "string" }, - "timestamp": { + "response": { "type": "string" } }, "type": "object" }, - "OrganizationSettings": { + "ActivityUserTags": { "properties": { - "hs_takedown_properties": { - "type": "object" - }, - "permissions": { + "tags": { "items": { "type": "string" }, "type": "array" - }, - "through_distributor": { - "type": "boolean" } }, + "required": [ + "tags" + ], "type": "object" }, - "PageView": { + "UserUpdate": { "properties": { - "created_at": { - "format": "date-time", + "name": { "type": "string" }, - "route": { + "surname": { + "type": "string" + }, + "settings": { + "properties": {}, + "type": "object" + }, + "language": { + "type": "string" + }, + "color_scheme": { + "enum": [ + "auto", + "light", + "dark" + ], + "example": "auto", "type": "string" } }, "required": [ - "route" + "color_scheme", + "name", + "settings", + "surname" ], "type": "object" }, - "PaginatedCredentials": { - "properties": { - "items": { - "$ref": "#/components/schemas/LeakActivityCredential" + "UserProfile": { + "allOf": [ + { + "$ref": "#/components/schemas/User" }, - "next": { - "type": "string" + { + "properties": { + "settings": { + "$ref": "#/components/schemas/UserSettings" + }, + "feature_flags": { + "$ref": "#/components/schemas/UserProfile_allOf_feature_flags" + }, + "tenants": { + "items": { + "$ref": "#/components/schemas/Tenant" + }, + "type": "array" + }, + "is_sso_mandatory": { + "type": "boolean" + }, + "has_password": { + "type": "boolean" + }, + "urn": { + "type": "string" + }, + "cello_jwt": { + "type": "string" + }, + "needs_eusa": { + "type": "boolean" + }, + "domain": { + "type": "string" + }, + "language": { + "type": "string" + } + }, + "type": "object" } - }, - "type": "object" + ] }, - "PartialSource": { + "User": { "properties": { "id": { - "type": "string" + "type": "integer" }, "name": { - "type": "string" - } - }, - "type": "object" - }, - "PermissionData": { - "properties": { - "permission": { + "description": "Users's name", "type": "string" }, - "value": { - "type": "boolean" - } - }, - "required": [ - "permission", - "value" - ], - "type": "object" - }, - "PriorityActionHeader": { - "properties": { - "created_at": { - "format": "date-time", + "surname": { + "description": "User's surname", "type": "string" }, - "snooze_until": { - "format": "date-time", + "email": { + "description": "User's email", "type": "string" }, - "status": { - "type": "string" + "organization_id": { + "description": "ID of the owner organization", + "type": "integer" }, - "status_last_updated_at": { + "settings": { + "$ref": "#/components/schemas/UserSettings" + }, + "is_disabled": { + "type": "boolean" + }, + "feature_flags": { + "properties": {}, + "type": "object" + }, + "registered_at": { "format": "date-time", "type": "string" }, - "summary": { - "$ref": "#/components/schemas/InsightText" + "urn": { + "description": "The uniform resource name of the user.", + "type": "string" }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" + "organization_member_permissions": { + "properties": {}, + "type": "object" }, - "title": { - "$ref": "#/components/schemas/InsightText" + "language": { + "description": "User's language", + "type": "string" }, - "type": { + "color_scheme": { + "enum": [ + "auto", + "light", + "dark" + ], + "example": "auto", "type": "string" }, - "uuid": { + "flare_role": { "type": "string" } }, "required": [ - "created_at", - "snooze_until", - "status", - "status_last_updated_at", - "tags", - "title", - "type", - "uuid" + "color_scheme", + "email", + "language", + "name" ], "type": "object" }, - "PriorityActionRelatedActivity": { + "UserSettings": { "properties": { - "remediated": { - "type": "boolean" + "default_search": { + "type": "string" }, - "tenant_id": { - "type": "integer" + "permissions": { + "items": { + "type": "string" + }, + "type": "array" }, - "uid": { + "organization_member_permissions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "PaginatedCredentials": { + "properties": { + "next": { "type": "string" }, - "uuid": { - "type": "string" + "items": { + "$ref": "#/components/schemas/LeakActivityCredential" } }, - "required": [ - "remediated", - "tenant_id", - "uid", - "uuid" - ], "type": "object" }, - "RansomLeakData": { + "LeakActivityCredential": { "properties": { - "breached_at": { - "description": "Date of the ransomleak", - "format": "date-time", + "id": { + "type": "integer" + }, + "source_id": { "type": "string" }, - "country": { - "description": "Country of the victim", + "imported_at": { "type": "string" }, - "domain": { - "description": "Domain of the victim", + "identity_name": { "type": "string" }, - "employee_count": { - "description": "Number of employee of the victim", - "type": "integer" + "hash": { + "type": "string" }, - "event_created_at": { - "description": "Date of the ransomleak event in the feed", - "format": "date-time", + "domain": { "type": "string" }, - "identifiers": { - "items": { - "$ref": "#/components/schemas/RansomLeakIdentifierData" - }, - "type": "array" + "source": { + "$ref": "#/components/schemas/source" }, - "industry": { - "description": "Industry of the victim", + "remediated_at": { + "format": "date-time", "type": "string" }, - "publisher": { - "description": "Publisher of the ransomleak", + "ignored_at": { + "format": "date-time", "type": "string" }, - "risk_score": { - "description": "Computed risk of the ransomleak", + "known_password_id": { "type": "integer" }, - "uid": { - "description": "event uid of the ransomleak", - "type": "string" - }, - "user_metadata": { - "$ref": "#/components/schemas/ActivityUserMetadata" - }, - "victim": { - "description": "Victim of the ransomleak", + "credential_hash": { "type": "string" } }, "required": [ - "breached_at", - "event_created_at", - "identifiers", - "publisher", - "risk_score", - "uid", - "victim" + "id", + "identity_name", + "imported_at", + "source_id" ], "type": "object" }, - "RansomLeakIdentifierData": { + "source": { "properties": { "id": { - "type": "integer" - }, - "identifier_type": { "type": "string" }, "name": { "type": "string" - } - }, - "type": "object" - }, - "ReportElementUpdate": { - "properties": { - "enabled": { - "type": "boolean" }, - "id": { - "type": "integer" + "description_en": { + "type": "string" }, - "position": { - "type": "integer" + "description_fr": { + "type": "string" }, - "sort_by": { - "enum": [ - "custom", - "alphabetical", - "date" - ], - "example": "custom", + "breached_at": { "type": "string" }, - "time_interval": { + "leaked_at": { "type": "string" - } - }, - "type": "object" - }, - "Search": { - "properties": { - "items": { + }, + "pii_tags": { "items": { - "properties": {}, - "type": "object" + "type": "string" }, "type": "array" - }, - "links": { - "$ref": "#/components/schemas/SearchLinks" - }, - "nb_hits": { - "type": "integer" - }, - "search_after": { - "type": "string" } }, + "required": [ + "id" + ], "type": "object" }, - "SearchLinks": { + "GroupedFeedAlerts": { "properties": { - "next": { + "key": { "type": "string" + }, + "type": { + "type": "string" + }, + "params": { + "properties": {}, + "type": "object" + }, + "alerts": { + "$ref": "#/components/schemas/FeedAlert" + }, + "organization_settings": { + "$ref": "#/components/schemas/OrganizationSettings" } }, + "required": [ + "alerts", + "key", + "organization_settings", + "params", + "type" + ], "type": "object" }, - "Subdomains": { + "AlertUpdate": { "properties": { - "subdomain": { + "id": { + "type": "integer" + }, + "processed_at": { + "format": "date", + "type": "string" + }, + "last_result_date": { + "format": "date", "type": "string" } }, - "required": [ - "subdomain" - ], "type": "object" }, - "TableChartDataModel": { + "PageView": { "properties": { - "items": { - "items": { - "properties": {}, - "type": "object" - }, - "type": "array" + "route": { + "type": "string" }, - "title": { + "created_at": { + "format": "date-time", "type": "string" } }, + "required": [ + "route" + ], "type": "object" }, - "Tenant": { + "TenantIgnoredTerms": { "properties": { - "description": { - "description": "This tenant's purpose", - "type": "string" - }, - "feed_id": { - "description": "ID of the feed", - "type": "integer" - }, - "id": { - "description": "Tenant ID", - "type": "integer" - }, - "industry": { - "description": "The industry of the tenant.", + "uuid": { "type": "string" }, - "is_archived": { - "description": "Indicates if the tenant is archived", - "type": "boolean" - }, - "is_disabled": { - "description": "Indicates if the tenant is disabled", - "type": "boolean" - }, "name": { - "description": "Tenant name", "type": "string" }, - "number_of_employees": { - "description": "The number of employees for the tenant.", - "type": "integer" - }, - "organization_id": { - "description": "ID of the owner organization", - "type": "integer" + "terms": { + "items": { + "type": "string" + }, + "type": "array" }, - "permissions": { + "search_types": { "items": { + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ], + "example": "attachment", "type": "string" }, "type": "array" }, - "prevent_global_search": { - "description": "Indicates if the tenant can perform global searches", - "type": "boolean" - }, - "type": { - "description": "Tenant type", + "created_at": { + "format": "date-time", "type": "string" }, - "urn": { - "description": "The uniform resource name of the tenant.", - "type": "string" + "clean_past_events": { + "type": "boolean" } }, + "required": [ + "clean_past_events", + "created_at", + "name", + "search_types", + "uuid" + ], "type": "object" }, "TenantData": { "properties": { + "name": { + "description": "The Tenant display name", + "type": "string" + }, "description": { "description": "The Tenant's purpose / description", "type": "string" }, - "global_search_calls_limit": { - "description": "The number of API calls allowed for the tenant.", + "number_of_employees": { + "description": "The number of employees for the tenant", "type": "integer" }, "industry": { @@ -7561,12 +7305,8 @@ "example": "global", "type": "string" }, - "name": { - "description": "The Tenant display name", - "type": "string" - }, - "number_of_employees": { - "description": "The number of employees for the tenant", + "global_search_calls_limit": { + "description": "The number of API calls allowed for the tenant.", "type": "integer" }, "prevent_global_search": { @@ -7581,14 +7321,108 @@ ], "type": "object" }, - "TenantDiscoveryPolicy": { + "UserTenantAccessRequest": { "properties": { - "enabled": { + "users": { + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/UserTenantAccess" + } + ], + "description": "User given access to a tenant.", + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "UserTenantAccess": { + "properties": { + "user_id": { + "description": "The ID of the user to add to the tenant", + "type": "integer" + }, + "is_readonly": { + "description": "Access given to the user for the tenant", + "type": "boolean" + }, + "role": { + "description": "Role given to the user for the tenant", + "enum": [ + "viewer", + "editor", + "admin" + ], + "example": "viewer", + "type": "string" + } + }, + "required": [ + "user_id" + ], + "type": "object" + }, + "TenantUsers": { + "properties": { + "next": { + "type": "integer" + }, + "items": { + "$ref": "#/components/schemas/TenantUser" + } + }, + "type": "object" + }, + "TenantUser": { + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "surname": { + "type": "string" + }, + "email": { + "type": "string" + }, + "is_readonly": { "type": "boolean" }, + "role": { + "enum": [ + "viewer", + "editor", + "admin" + ], + "example": "viewer", + "type": "string" + }, + "is_disabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "TenantDiscoveryPolicy": { + "properties": { "id": { "type": "integer" }, + "tenant_id": { + "type": "integer" + }, + "type": { + "enum": [ + "auto-accept", + "ignore-pattern" + ], + "example": "auto-accept", + "type": "string" + }, "identifier_types": { "items": { "enum": [ @@ -7611,480 +7445,532 @@ }, "type": "array" }, - "tenant_id": { - "type": "integer" + "terms": { + "items": { + "type": "string" + }, + "type": "array" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "NewReport": { + "properties": { + "title": { + "type": "string" + }, + "author": { + "type": "string" + }, + "elements": { + "items": { + "$ref": "#/components/schemas/ReportElementUpdate" + }, + "type": "array" + }, + "audience": { + "enum": [ + "technical", + "general" + ], + "example": "technical", + "type": "string" + } + }, + "required": [ + "author", + "title" + ], + "type": "object" + }, + "ReportElementUpdate": { + "properties": { + "id": { + "type": "integer" + }, + "position": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "sort_by": { + "enum": [ + "custom", + "alphabetical", + "date" + ], + "example": "custom", + "type": "string" + }, + "time_interval": { + "type": "string" + } + }, + "type": "object" + }, + "UpdatedReport": { + "properties": { + "title": { + "type": "string" + }, + "author": { + "type": "string" }, - "terms": { + "elements": { "items": { - "type": "string" + "$ref": "#/components/schemas/ReportElementUpdate" }, "type": "array" }, - "type": { + "audience": { "enum": [ - "auto-accept", - "ignore-pattern" + "technical", + "general" ], - "example": "auto-accept", + "example": "technical", "type": "string" } }, "type": "object" }, - "TenantIgnoredTerms": { + "PriorityActionHeader": { "properties": { - "clean_past_events": { - "type": "boolean" + "uuid": { + "type": "string" + }, + "type": { + "type": "string" + }, + "status": { + "type": "string" }, "created_at": { "format": "date-time", "type": "string" }, - "name": { + "status_last_updated_at": { + "format": "date-time", "type": "string" }, - "search_types": { - "items": { - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "example": "attachment", - "type": "string" - }, - "type": "array" + "snooze_until": { + "format": "date-time", + "type": "string" }, - "terms": { + "title": { + "$ref": "#/components/schemas/InsightText" + }, + "summary": { + "$ref": "#/components/schemas/InsightText" + }, + "tags": { "items": { "type": "string" }, "type": "array" - }, - "uuid": { - "type": "string" } }, "required": [ - "clean_past_events", "created_at", - "name", - "search_types", + "snooze_until", + "status", + "status_last_updated_at", + "tags", + "title", + "type", "uuid" ], "type": "object" }, - "TenantUser": { + "InsightText": { "properties": { - "email": { + "text": { + "description": "Text for the insight", "type": "string" }, - "id": { - "type": "integer" - }, - "is_disabled": { - "type": "boolean" + "params": { + "description": "Relevant data related to the text", + "properties": {}, + "type": "object" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "Details": { + "properties": { + "title": { + "$ref": "#/components/schemas/InsightText" }, - "is_readonly": { - "type": "boolean" + "summary": { + "$ref": "#/components/schemas/InsightText" + } + }, + "required": [ + "title" + ], + "type": "object" + }, + "Mitre": { + "properties": { + "techniques": { + "$ref": "#/components/schemas/MitreLink" }, - "name": { + "mitigation": { + "$ref": "#/components/schemas/MitreLink" + } + }, + "required": [ + "mitigation", + "techniques" + ], + "type": "object" + }, + "MitreLink": { + "properties": { + "id": { + "description": "Mitre's id", "type": "string" }, - "role": { - "enum": [ - "viewer", - "editor", - "admin" - ], - "example": "viewer", + "text": { + "description": "Mitre's text", "type": "string" }, - "surname": { + "url": { + "description": "Link to the Mitre url page", "type": "string" } }, + "required": [ + "id", + "text", + "url" + ], "type": "object" }, - "TenantUsers": { + "PriorityActionRelatedActivity": { "properties": { - "items": { - "$ref": "#/components/schemas/TenantUser" + "uuid": { + "type": "string" }, - "next": { + "tenant_id": { "type": "integer" + }, + "uid": { + "type": "string" + }, + "remediated": { + "type": "boolean" } }, + "required": [ + "remediated", + "tenant_id", + "uid", + "uuid" + ], "type": "object" }, - "TenantWithCounts": { + "ExportPriorityActionVisualizationData": { "properties": { - "items": { - "$ref": "#/components/schemas/TenantWithCounts" + "stream": { + "type": "string" }, - "next": { + "format": { + "enum": [ + "csv" + ], + "example": "csv", "type": "string" } }, + "required": [ + "format", + "stream" + ], "type": "object" }, - "TimeChartSerie": { + "Insight": { "properties": { - "color": { + "type": { "type": "string" }, - "data": { - "items": { - "items": { - "type": "integer" - }, - "type": "array" - }, - "type": "array" - }, - "interval": { + "date": { + "format": "date-time", "type": "string" }, - "name": { - "type": "string" + "title": { + "$ref": "#/components/schemas/InsightText" + }, + "paragraph": { + "$ref": "#/components/schemas/InsightText" + }, + "analysis": { + "$ref": "#/components/schemas/InsightText" + }, + "visualization": { + "items": { + "$ref": "#/components/schemas/FootprintVisualizationChart" + }, + "type": "array" } }, + "required": [ + "analysis", + "date", + "paragraph", + "title", + "type" + ], "type": "object" }, - "UpdateGroupData": { + "FootprintVisualizationChart": { "properties": { - "name": { + "id": { "type": "string" - } - }, - "type": "object" - }, - "UpdatedPermission": { - "properties": { - "updated_value": { - "type": "boolean" - } - }, - "type": "object" - }, - "UpdatedReport": { - "properties": { - "audience": { + }, + "type": { "enum": [ - "technical", - "general" + "comparison_chart", + "tabular_chart", + "radial_chart", + "line_chart", + "bar_chart", + "radar_chart" ], - "example": "technical", - "type": "string" - }, - "author": { + "example": "comparison_chart", "type": "string" }, - "elements": { - "items": { - "$ref": "#/components/schemas/ReportElementUpdate" - }, - "type": "array" + "data": { + "properties": {}, + "type": "object" }, "title": { "type": "string" } }, + "required": [ + "data", + "id", + "type" + ], "type": "object" }, - "User": { + "RansomLeakData": { "properties": { - "color_scheme": { - "enum": [ - "auto", - "light", - "dark" - ], - "example": "auto", + "uid": { + "description": "event uid of the ransomleak", "type": "string" }, - "email": { - "description": "User's email", + "breached_at": { + "description": "Date of the ransomleak", + "format": "date-time", "type": "string" }, - "feature_flags": { - "properties": {}, - "type": "object" - }, - "flare_role": { + "event_created_at": { + "description": "Date of the ransomleak event in the feed", + "format": "date-time", "type": "string" }, - "id": { + "risk_score": { + "description": "Computed risk of the ransomleak", "type": "integer" }, - "is_disabled": { - "type": "boolean" - }, - "language": { - "description": "User's language", + "publisher": { + "description": "Publisher of the ransomleak", "type": "string" }, - "name": { - "description": "Users's name", + "victim": { + "description": "Victim of the ransomleak", "type": "string" }, - "organization_id": { - "description": "ID of the owner organization", - "type": "integer" + "domain": { + "description": "Domain of the victim", + "type": "string" }, - "organization_member_permissions": { - "properties": {}, - "type": "object" + "country": { + "description": "Country of the victim", + "type": "string" }, - "registered_at": { - "format": "date-time", + "industry": { + "description": "Industry of the victim", "type": "string" }, - "settings": { - "$ref": "#/components/schemas/UserSettings" + "employee_count": { + "description": "Number of employee of the victim", + "type": "integer" }, - "surname": { - "description": "User's surname", - "type": "string" + "user_metadata": { + "$ref": "#/components/schemas/ActivityUserMetadata" }, - "urn": { - "description": "The uniform resource name of the user.", - "type": "string" + "identifiers": { + "items": { + "$ref": "#/components/schemas/RansomLeakIdentifierData" + }, + "type": "array" } }, "required": [ - "color_scheme", - "email", - "language", - "name" + "breached_at", + "event_created_at", + "identifiers", + "publisher", + "risk_score", + "uid", + "victim" ], "type": "object" }, - "UserProfile": { - "allOf": [ - { - "$ref": "#/components/schemas/User" + "RansomLeakIdentifierData": { + "properties": { + "id": { + "type": "integer" }, - { - "properties": { - "cello_jwt": { - "type": "string" - }, - "domain": { - "type": "string" - }, - "feature_flags": { - "$ref": "#/components/schemas/UserProfile_allOf_feature_flags" - }, - "has_password": { - "type": "boolean" - }, - "is_sso_mandatory": { - "type": "boolean" - }, - "language": { - "type": "string" - }, - "needs_eusa": { - "type": "boolean" - }, - "settings": { - "$ref": "#/components/schemas/UserSettings" - }, - "tenants": { - "items": { - "$ref": "#/components/schemas/Tenant" - }, - "type": "array" - }, - "urn": { - "type": "string" - } - }, - "type": "object" + "identifier_type": { + "type": "string" + }, + "name": { + "type": "string" } - ] + }, + "type": "object" }, - "UserSettings": { + "date_count": { "properties": { - "default_search": { + "date": { + "format": "date-time", "type": "string" }, - "organization_member_permissions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "permissions": { - "items": { - "type": "string" - }, - "type": "array" + "count": { + "type": "integer" } }, "type": "object" }, - "UserTenantAccess": { + "Import": { "properties": { - "is_readonly": { - "description": "Access given to the user for the tenant", - "type": "boolean" + "id": { + "type": "integer" }, - "role": { - "description": "Role given to the user for the tenant", + "type": { "enum": [ - "viewer", - "editor", - "admin" + "identifiers" + ], + "example": "identifiers", + "type": "string" + }, + "integration": { + "enum": [ + "csv" + ], + "example": "csv", + "type": "string" + }, + "tenant_id": { + "type": "integer" + } + }, + "required": [ + "id", + "integration", + "tenant_id", + "type" + ], + "type": "object" + }, + "ImportItemFailures": { + "properties": { + "type": { + "enum": [ + "unknown_identifier_type", + "bad_identifier_query", + "above_max_group_nesting", + "unknown_identifier_source", + "identifier_not_allowed", + "identifier_type_not_allowed", + "too_many_attributes", + "invalid_attribute_format" ], - "example": "viewer", + "example": "unknown_identifier_type", "type": "string" }, - "user_id": { - "description": "The ID of the user to add to the tenant", - "type": "integer" + "message": { + "type": "string" } }, "required": [ - "user_id" + "message", + "type" ], "type": "object" }, - "UserTenantAccessRequest": { + "Subdomains": { "properties": { - "users": { - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/UserTenantAccess" - } - ], - "description": "User given access to a tenant.", - "type": "object" - }, - "type": "array" + "subdomain": { + "type": "string" } }, + "required": [ + "subdomain" + ], "type": "object" }, - "UserTenantMembership": { + "CredentialUrl": { "properties": { - "is_readonly": { - "type": "boolean" + "url": { + "type": "string" }, - "role": { - "enum": [ - "viewer", - "editor", - "admin" - ], - "example": "viewer", + "credential_hash": { "type": "string" }, - "tenant_id": { + "domain": { + "type": "string" + }, + "is_stealer_log": { + "type": "boolean" + } + }, + "type": "object" + }, + "LeakedCredential": { + "properties": { + "id": { "type": "integer" } }, - "required": [ - "tenant_id" - ], "type": "object" }, - "UserUpdate": { + "PartialSource": { "properties": { - "color_scheme": { - "enum": [ - "auto", - "light", - "dark" - ], - "example": "auto", - "type": "string" - }, - "language": { + "id": { "type": "string" }, "name": { "type": "string" - }, - "settings": { - "properties": {}, - "type": "object" - }, - "surname": { - "type": "string" } }, - "required": [ - "color_scheme", - "name", - "settings", - "surname" - ], "type": "object" }, - "V3_Refs": { + "count_by_search_type": { "properties": { - "asset_uuid": { + "search_type": { "type": "string" + }, + "values": { + "items": { + "$ref": "#/components/schemas/date_count" + }, + "type": "array" } }, "type": "object" }, - "average_by_risk_score": { + "count_by_risk_score": { "properties": { "risk_score": { "type": "integer" @@ -8112,7 +7998,7 @@ }, "type": "object" }, - "count_by_risk_score": { + "average_by_risk_score": { "properties": { "risk_score": { "type": "integer" @@ -8126,62 +8012,177 @@ }, "type": "object" }, - "count_by_search_type": { + "TimeChartSerie": { "properties": { - "search_type": { + "name": { "type": "string" }, - "values": { + "data": { "items": { - "$ref": "#/components/schemas/date_count" + "items": { + "type": "integer" + }, + "type": "array" }, "type": "array" + }, + "color": { + "type": "string" + }, + "interval": { + "type": "string" } }, "type": "object" }, - "date_count": { + "TableChartDataModel": { "properties": { - "count": { + "title": { + "type": "string" + }, + "items": { + "items": { + "properties": {}, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "IdentifierRelationData": { + "properties": { + "identifier_id": { "type": "integer" }, - "date": { + "asset_relation_uuid": { + "type": "string" + } + }, + "required": [ + "asset_relation_uuid", + "identifier_id" + ], + "type": "object" + }, + "ArchiveFile": { + "properties": { + "id": { + "type": "integer" + }, + "url": { + "type": "string" + }, + "source": { + "type": "string" + }, + "type": { + "type": "string" + }, + "password": { + "type": "string" + }, + "status": { + "type": "string" + }, + "data": { + "$ref": "#/components/schemas/ArchiveFileData" + }, + "ransomleak_uid": { + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/ArchiveFileMetadata" + }, + "status_updated_at": { + "format": "date-time", + "type": "string" + }, + "errors": { + "$ref": "#/components/schemas/ArchiveFileErrors" + }, + "retry_count": { + "type": "integer" + }, + "retry_after": { "format": "date-time", "type": "string" } }, "type": "object" }, - "source": { + "ArchiveFileData": { "properties": { - "breached_at": { + "parts": { + "items": { + "$ref": "#/components/schemas/MultiPartData" + }, + "type": "array" + } + }, + "type": "object" + }, + "MultiPartData": { + "properties": { + "url": { "type": "string" }, - "description_en": { + "size": { + "type": "integer" + } + }, + "type": "object" + }, + "ArchiveFileMetadata": { + "properties": { + "first_crawled_at": { + "format": "date-time", "type": "string" }, - "description_fr": { + "last_crawled_at": { + "format": "date-time", "type": "string" }, - "id": { + "estimated_created_at": { + "format": "date-time", "type": "string" }, - "leaked_at": { + "scraper_id": { "type": "string" }, - "name": { + "scraped_at": { + "format": "date-time", "type": "string" }, - "pii_tags": { + "event_id": { + "type": "integer" + }, + "event_id_v2": { + "type": "string" + } + }, + "type": "object" + }, + "ArchiveFileErrors": { + "properties": { + "errors": { "items": { - "type": "string" + "$ref": "#/components/schemas/ArchiveFileErrorData" }, "type": "array" } }, - "required": [ - "id" - ], + "type": "object" + }, + "ArchiveFileErrorData": { + "properties": { + "type": { + "type": "string" + }, + "traceback": { + "type": "string" + } + }, "type": "object" }, "get_activity_assistance_resource__activities__string_index___string_source___path_id__ai_assistance_200_response": { diff --git a/docs/api-reference/spec/firework-v2-swagger.json b/docs/api-reference/spec/firework-v2-swagger.json index 1c69dfb..c601800 100644 --- a/docs/api-reference/spec/firework-v2-swagger.json +++ b/docs/api-reference/spec/firework-v2-swagger.json @@ -1,3832 +1,3999 @@ { + "swagger": "2.0", "basePath": "/", - "consumes": [ - "application/json" - ], - "definitions": { - "ActivityAiAssistance": { - "properties": { - "prompt": { - "type": "string" - }, - "response": { - "type": "string" + "paths": { + "/firework/v2/activities/": { + "get": { + "responses": { + "200": { + "description": "Returns the activity" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "uid": { + "operationId": "get_activity_endpoint_/activities/", + "parameters": [ + { + "name": "uid", + "in": "query", + "type": "string", + "required": true + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/actor/profile/{actor_name}": { + "parameters": [ + { + "name": "actor_name", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" + ], + "get": { + "responses": { + "200": { + "description": "Returns the actor" + } + }, + "operationId": "get_actor_/activities/actor/profile/", + "parameters": [ + { + "name": "actor_time", + "in": "query", + "type": "string", + "description": " Limit results to those found in this time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "actor_size", + "in": "query", + "type": "integer", + "description": "Maximum number of hits returned per query.", + "default": 100 + }, + { + "name": "actor_search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `search_after` attribute for the next request to get the next page of results." + } + ], + "tags": [ + "activities" + ] + } }, - "ActivityUserMetadata": { - "properties": { - "ignored_at": { - "format": "date-time", + "/firework/v2/activities/document/{source}/{id}/extensions": { + "parameters": [ + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "notes": { - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "remediated_asset_uuid": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" + } + ], + "get": { + "responses": { + "200": { + "description": "Returns all the different file extensions that were found in the files of a ransom leak." + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "remediated_at": { - "format": "date-time", + "operationId": "get_ransom_leak_file_extensions_endpoint_/activities/document///extensions", + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/document/{source}/{id}/files": { + "parameters": [ + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "risk_score": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "risk_score_updated_at": { - "format": "date-time", + { + "name": "id", + "in": "path", + "required": true, "type": "string" - }, - "tags": { - "items": { - "type": "string" + } + ], + "get": { + "responses": { + "200": { + "description": "Returns the files in a ransom leak matching the specified query" }, - "type": "array" + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "uid": { - "type": "string" - } - }, - "type": "object" + "operationId": "get_ransom_leak_files_endpoint_/activities/document///files", + "tags": [ + "activities" + ] + } }, - "ActivityUserMetadataIgnored": { - "properties": { - "identifier_id": { - "type": "integer" + "/firework/v2/activities/leak/{source}/{keyword}": { + "parameters": [ + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "is_ignored": { - "type": "boolean" + { + "name": "keyword", + "in": "path", + "required": true, + "type": "string" } - }, - "required": [ - "is_ignored" ], - "type": "object" + "get": { + "responses": { + "200": { + "description": "Returns the leak activity" + }, + "404": { + "description": "Leak activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } + }, + "operationId": "get_leak_endpoint_/activities/leak//", + "tags": [ + "activities" + ] + } }, - "ActivityUserMetadataRemediated": { - "properties": { - "identifier_id": { - "type": "integer" + "/firework/v2/activities/leak/{source}/{keyword}/count": { + "parameters": [ + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "is_remediated": { - "type": "boolean" + { + "name": "keyword", + "in": "path", + "required": true, + "type": "string" } - }, - "required": [ - "is_remediated" ], - "type": "object" + "get": { + "responses": { + "200": { + "description": "Success" + } + }, + "operationId": "get_leak_count_/activities/leak///count", + "tags": [ + "activities" + ] + } }, - "ActivityUserNotes": { - "properties": { - "notes": { + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "source", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "id_", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "notes" ], - "type": "object" - }, - "ActivityUserRiskScore": { - "properties": { - "risk_score": { - "type": "integer" - } - }, - "required": [ - "risk_score" - ], - "type": "object" - }, - "ActivityUserTags": { - "properties": { - "tags": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "tags" - ], - "type": "object" - }, - "AlertUpdate": { - "properties": { - "id": { - "type": "integer" + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } }, - "last_result_date": { - "format": "date", + "operationId": "get_activity_user_metadata_resource_/activities////user_metadata", + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/ignored": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "processed_at": { - "format": "date", + { + "name": "source", + "in": "path", + "required": true, "type": "string" - } - }, - "type": "object" - }, - "ArchiveFile": { - "properties": { - "data": { - "$ref": "#/definitions/ArchiveFileData" }, - "errors": { - "$ref": "#/definitions/ArchiveFileErrors" - }, - "id": { - "type": "integer" - }, - "metadata": { - "$ref": "#/definitions/ArchiveFileMetadata" - }, - "password": { + { + "name": "id_", + "in": "path", + "required": true, "type": "string" + } + ], + "put": { + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } }, - "ransomleak_uid": { + "operationId": "put_activity_user_metadata_ignored_/activities////user_metadata/ignored", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/ActivityUserMetadataIgnored" + } + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/notes": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "retry_after": { - "format": "date-time", + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "retry_count": { - "type": "integer" - }, - "source": { + { + "name": "id_", + "in": "path", + "required": true, "type": "string" + } + ], + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "status": { - "type": "string" + "operationId": "delete_activity_user_metadata_notes_/activities////user_metadata/notes", + "tags": [ + "activities" + ] + }, + "put": { + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } }, - "status_updated_at": { - "format": "date-time", + "operationId": "put_activity_user_metadata_notes_/activities////user_metadata/notes", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/ActivityUserNotes" + } + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/remediated": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "type": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "url": { + { + "name": "id_", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" - }, - "ArchiveFileData": { - "properties": { - "parts": { - "items": { - "$ref": "#/definitions/MultiPartData" + ], + "put": { + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" - } - }, - "type": "object" + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } + }, + "operationId": "put_activity_user_metadata_remediated_/activities////user_metadata/remediated", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/ActivityUserMetadataRemediated" + } + } + ], + "tags": [ + "activities" + ] + } }, - "ArchiveFileErrorData": { - "properties": { - "traceback": { + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/risk_score": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "type": { + { + "name": "source", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "id_", + "in": "path", + "required": true, "type": "string" } + ], + "delete": { + "responses": { + "200": { + "description": "Success" + } + }, + "operationId": "delete_activity_user_metadata_risk_score_/activities////user_metadata/risk_score", + "tags": [ + "activities" + ] }, - "type": "object" - }, - "ArchiveFileErrors": { - "properties": { - "errors": { - "items": { - "$ref": "#/definitions/ArchiveFileErrorData" - }, - "type": "array" - } - }, - "type": "object" + "put": { + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } + }, + "operationId": "put_activity_user_metadata_risk_score_/activities////user_metadata/risk_score", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/ActivityUserRiskScore" + } + } + ], + "tags": [ + "activities" + ] + } }, - "ArchiveFileMetadata": { - "properties": { - "estimated_created_at": { - "format": "date-time", + "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/tags": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "event_id": { - "type": "integer" - }, - "event_id_v2": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "first_crawled_at": { - "format": "date-time", + { + "name": "id_", + "in": "path", + "required": true, "type": "string" + } + ], + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "last_crawled_at": { - "format": "date-time", + "operationId": "delete_activity_user_metadata_tags_/activities////user_metadata/tags", + "tags": [ + "activities" + ] + }, + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + } + }, + "operationId": "get_activity_user_metadata_tags_/activities////user_metadata/tags", + "tags": [ + "activities" + ] + }, + "put": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ActivityUserMetadata" + } + }, + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + } + }, + "operationId": "put_activity_user_metadata_tags_/activities////user_metadata/tags", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/ActivityUserTags" + } + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "scraped_at": { - "format": "date-time", + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "scraper_id": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" - }, - "AuditEvent": { - "properties": { - "actor_data": { - "type": "object" - }, - "affected_entities": { - "type": "object" + ], + "get": { + "responses": { + "200": { + "description": "Returns the activity" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "created_at": { - "format": "date-time", + "operationId": "get_activity_endpoint_deprecated_/activities///", + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/ai_assistance": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "data": { - "type": "object" - }, - "id": { - "type": "integer" - }, - "organization_id": { - "type": "integer" - }, - "original_data": { - "type": "object" + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "user_id": { - "type": "integer" + { + "name": "id", + "in": "path", + "required": true, + "type": "string" } - }, - "required": [ - "data" ], - "type": "object" + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "activity_ai_assistance": { + "$ref": "#/definitions/ActivityAiAssistance" + } + } + } + } + }, + "operationId": "get_activity_assistance_resource_/activities////ai_assistance", + "tags": [ + "activities" + ] + } }, - "CredentialUrl": { - "properties": { - "credential_hash": { + "/firework/v2/activities/{index}/{source}/{id}/enrichment": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "domain": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "is_stealer_log": { - "type": "boolean" - }, - "url": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" - }, - "Details": { - "properties": { - "summary": { - "$ref": "#/definitions/InsightText" - }, - "title": { - "$ref": "#/definitions/InsightText" - } - }, - "required": [ - "title" ], - "type": "object" - }, - "EnableState": { - "properties": { - "is_disabled": { - "type": "boolean" - } - }, - "type": "object" + "get": { + "responses": { + "200": { + "description": "Returns the activity enrichment" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } + }, + "operationId": "get_activity_enrichment_endpoint_/activities////enrichment", + "tags": [ + "activities" + ] + } }, - "ExportPriorityActionVisualizationData": { - "properties": { - "format": { - "enum": [ - "csv" - ], - "example": "csv", + "/firework/v2/activities/{index}/{source}/{id}/events": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "stream": { + { + "name": "source", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "format", - "stream" ], - "type": "object" - }, - "FeedAlert": { - "properties": { - "created_at": { - "format": "date-time", - "type": "string" + "get": { + "responses": { + "200": { + "description": "Returns events associated with the entity" + } }, - "experimental_search_types": { - "items": { - "type": "string" + "operationId": "get_entity_events_/activities////events", + "parameters": [ + { + "name": "from", + "in": "query", + "type": "integer", + "description": "Start from this key when paginating events." }, - "type": "array" + { + "name": "size", + "in": "query", + "type": "integer", + "description": "Limit the events per page.", + "default": 100 + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/highlights": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, + "type": "string" }, - "feed_target_id": { - "type": "integer" + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "feed_target_type": { - "enum": [ - "assets/groups", - "assets", - "home" - ], - "example": "assets/groups", + { + "name": "id", + "in": "path", + "required": true, "type": "string" + } + ], + "post": { + "responses": { + "200": { + "description": "Returns the highlights of an activity" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "feed_url": { + "operationId": "post_activity_highlights_/activities////highlights", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/HighlightPayload" + } + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/leaked_data": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "frequency": { - "type": "integer" + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "id": { - "type": "integer" + { + "name": "id", + "in": "path", + "required": true, + "type": "string" + } + ], + "get": { + "responses": { + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the related leaked_data" + } }, - "last_processed_at": { - "example": "nullable date", - "format": "date-time", - "type": [ - "string", - "null" - ] + "operationId": "get_leaked_data_/activities////leaked_data", + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/messages": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, + "type": "string" }, - "last_result_date": { - "example": "nullable date", - "format": "date-time", - "type": [ - "string", - "null" - ] + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "name": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" + } + ], + "get": { + "responses": { + "200": { + "description": "Returns the related messages" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "organization_id": { - "type": "integer" + "operationId": "get_activity_messages_/activities////messages", + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/parent_chat_data": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, + "type": "string" }, - "params": { - "type": "object" + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" - }, - "search_types": { - "items": { - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "example": "attachment", - "type": "string" - }, - "type": "array" - }, - "start_at": { - "format": "date-time", - "type": "string" - }, - "tenant_alert_channel_id": { - "type": "integer" - }, - "tenant_id": { - "type": "integer" - }, - "type": { - "enum": [ - "email", - "channel", - "azure_sentinel", - "azure_sentinel_v2", - "slack", - "discord", - "splunk", - "jira", - "teams", - "servicenow", - "webhook" - ], - "example": "email", + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "frequency", - "params", - "start_at", - "type" ], - "type": "object" + "get": { + "responses": { + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the related parent_uids data" + } + }, + "operationId": "get_parent_activity_data_/activities////parent_chat_data", + "tags": [ + "activities" + ] + } }, - "FootprintVisualizationChart": { - "properties": { - "data": { - "type": "object" + "/firework/v2/activities/{index}/{source}/{id}/related/{context}": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, + "type": "string" }, - "id": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "title": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" }, - "type": { - "enum": [ - "comparison_chart", - "tabular_chart", - "radial_chart", - "line_chart", - "bar_chart", - "radar_chart" - ], - "example": "comparison_chart", + { + "name": "context", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "data", - "id", - "type" ], - "type": "object" - }, - "GroupedFeedAlerts": { - "properties": { - "alerts": { - "$ref": "#/definitions/FeedAlert" + "get": { + "responses": { + "400": { + "description": "Activity have no related items", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns related activities" + } }, - "key": { + "operationId": "get_related_items_/activities////related/", + "parameters": [ + { + "name": "identifier_ids", + "in": "query", + "type": "array", + "description": "ID of an identifier.", + "items": { + "type": "integer" + }, + "collectionFormat": "multi" + } + ], + "tags": [ + "activities" + ] + } + }, + "/firework/v2/activities/{index}/{source}/{id}/translate": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "organization_settings": { - "$ref": "#/definitions/OrganizationSettings" - }, - "params": { - "type": "object" + { + "name": "source", + "in": "path", + "required": true, + "type": "string" }, - "type": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "alerts", - "key", - "organization_settings", - "params", - "type" ], - "type": "object" - }, - "HighlightPayload": { - "properties": { - "identifier_ids": { - "items": { - "type": "integer" + "post": { + "responses": { + "200": { + "description": "Returns the translation of an activity" }, - "type": "array" - }, - "query_string": { - "type": "string" - } - }, - "type": "object" - }, - "HttpError": { - "properties": { - "code": { - "type": "string" + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "message": { - "type": "string" - } - }, - "type": "object" + "operationId": "post_translate_activity_/activities////translate", + "parameters": [ + { + "name": "max_len", + "in": "query", + "type": "integer", + "description": "Set the maximum len of translated text.", + "default": 10000 + } + ], + "tags": [ + "activities" + ] + } }, - "Identifier": { - "properties": { - "assets_group_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "count": { - "type": "integer" + "/firework/v2/assets/": { + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "assets": { + "$ref": "#/definitions/Identifier" + } + } + } + } }, - "data": { - "type": "object" + "operationId": "get_assets_/assets/", + "tags": [ + "Identifiers" + ] + }, + "post": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "asset": { + "$ref": "#/definitions/Identifier" + } + } + } + }, + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "data_updated_at": { - "format": "date-time", - "type": "string" + "operationId": "post_assets_/assets/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/IdentifierCreate" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/groups/": { + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "assets_groups": { + "$ref": "#/definitions/IdentifierGroup" + } + } + } + } }, - "experimental_search_types": { - "items": { - "type": "string" + "operationId": "get_assets_groups_/assets/groups/", + "tags": [ + "Identifiers" + ] + }, + "post": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "assets_group": { + "$ref": "#/definitions/IdentifierGroup" + } + } + } }, - "type": "array" - }, - "feed_id": { - "type": "integer" + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "fetching_progress": { + "operationId": "post_assets_groups_/assets/groups/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/IdentifierGroup" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/groups/{assets_group_id}": { + "parameters": [ + { + "name": "assets_group_id", + "in": "path", + "required": true, "type": "integer" + } + ], + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "id": { - "type": "integer" + "operationId": "delete_assets_group_api_/assets/groups/", + "tags": [ + "Identifiers" + ] + }, + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "assets_group": { + "$ref": "#/definitions/IdentifierGroup" + } + } + } + } }, - "is_disabled": { - "type": "boolean" + "operationId": "get_assets_group_api_/assets/groups/", + "tags": [ + "Identifiers" + ] + }, + "put": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "assets_group": { + "$ref": "#/definitions/IdentifierGroup" + } + } + } + }, + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "monitored_at": { - "example": "nullable date", - "format": "date-time", - "type": [ - "string", - "null" - ] + "operationId": "put_assets_group_api_/assets/groups/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/UpdateGroupData" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/groups/{assets_group_id}/alerts": { + "parameters": [ + { + "name": "assets_group_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "alerts": { + "$ref": "#/definitions/FeedAlert" + } + } + } + } }, - "name": { - "minLength": 1, - "type": "string" + "operationId": "get_assets_group_alerts_/assets/groups//alerts", + "tags": [ + "Identifiers" + ] + }, + "post": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" - }, - "search_types": { - "items": { - "enum": [ - "listing", - "source_code_files", - "service", - "stealer_log", - "social_media_account", - "ransomleak", - "forum_post", - "bot", - "docker", - "chat_message", - "stack_exchange", - "forum_topic", - "paste", - "seller", - "source_code_secrets", - "blog_post", - "domain", - "google", - "bucket_object", - "financial_data", - "bucket", - "leak", - "forum_profile", - "illicit_networks", - "open_web", - "buckets", - "source_code", - "leaks", - "domains", - "forum_content", - "blog_content", - "profile", - "infected_devices", - "social_media" - ], - "example": "listing", - "type": "string" - }, - "type": "array" - }, - "source": { - "enum": [ - "USER", - "SYSTEM_RELATION", - "SELF_ONBOARDING", - "ATTRIBUTE" - ], - "example": "USER", - "type": "string" - }, - "tenant_id": { + "operationId": "post_assets_group_alerts_/assets/groups//alerts", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/groups/{assets_group_id}/alerts/{alert_id}": { + "parameters": [ + { + "name": "assets_group_id", + "in": "path", + "required": true, "type": "integer" }, - "type": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", - "type": "string" + { + "name": "alert_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "urn": { - "description": "The uniform resource name of the identifier.", - "type": "string" + "operationId": "delete_assets_group_alert_/assets/groups//alerts/", + "tags": [ + "Identifiers" + ] + }, + "put": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } }, - "v3_refs": { - "$ref": "#/definitions/V3_Refs" + "operationId": "put_assets_group_alert_/assets/groups//alerts/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/groups/{assets_group_id}/feed": { + "parameters": [ + { + "name": "assets_group_id", + "in": "path", + "required": true, + "type": "integer" } - }, - "required": [ - "data", - "name", - "search_types", - "type" ], - "type": "object" - }, - "IdentifierCreate": { - "properties": { - "data": { - "type": "object" - }, - "experimental_search_types": { - "items": { - "type": "string" + "get": { + "responses": { + "404": { + "description": "Identifier group does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "risks": { - "items": { - "type": "integer" + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } }, - "search_types": { - "items": { + "operationId": "get_assets_group_feed_/assets/groups//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", "enum": [ + "attachment", "listing", - "source_code_files", - "service", - "stealer_log", - "social_media_account", - "ad", "ransomleak", "forum_post", - "bot", - "docker", - "chat_message", - "stack_exchange", "forum_topic", - "paste", - "seller", - "source_code_secrets", + "forum_profile", "blog_post", - "domain", - "google", - "bucket_object", - "financial_data", - "bucket", + "seller", + "paste", "leak", - "forum_profile", - "illicit_networks", - "open_web", - "buckets", - "source_code", - "leaks", - "domains", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", "forum_content", "blog_content", "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", "ads", - "infected_devices", - "social_media" - ], - "example": "listing", - "type": "string" + "cookie", + "pii", + "experimental" + ] }, - "type": "array" - }, - "type": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", - "type": "string" - } - }, - "required": [ - "data", - "name", - "search_types", - "type" - ], - "type": "object" - }, - "IdentifierGroup": { - "properties": { - "feed_id": { - "type": "integer" - }, - "feed_owner_id": { - "type": "integer" - }, - "group_type": { - "enum": [ - null, - "person", - "corporate_identities" - ], - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "parent_group_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "tenant_id": { - "type": "integer" - }, - "urn": { - "description": "The uniform resource name of the identifier group.", - "type": "string" - } + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false + } + ], + "tags": [ + "Identifiers" + ] }, - "type": "object" - }, - "IdentifierRelationData": { - "properties": { - "asset_relation_uuid": { - "type": "string" + "post": { + "responses": { + "404": { + "description": "Identifier group does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } }, - "identifier_id": { - "type": "integer" - } - }, - "required": [ - "asset_relation_uuid", - "identifier_id" - ], - "type": "object" - }, - "IdentifierToggle": { - "properties": { - "is_disabled": { - "default": true, - "description": "The `is_disabled` parameter is used to toggle the asset as either enabled or disabled.", - "type": "boolean" - } - }, - "required": [ - "is_disabled" - ], - "type": "object" + "operationId": "post_assets_group_feed_/assets/groups//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false + } + ], + "tags": [ + "Identifiers" + ] + } }, - "Import": { - "properties": { - "committed_at": { - "example": "nullable date", - "format": "date-time", - "type": [ - "string", - "null" - ] - }, - "id": { - "type": "integer" - }, - "integration": { - "enum": [ - "csv" - ], - "example": "csv", - "type": "string" - }, - "tenant_id": { + "/firework/v2/assets/{asset_id}": { + "parameters": [ + { + "name": "asset_id", + "in": "path", + "required": true, "type": "integer" - }, - "type": { - "enum": [ - "identifiers" - ], - "example": "identifiers", - "type": "string" } - }, - "required": [ - "id", - "integration", - "tenant_id", - "type" ], - "type": "object" - }, - "ImportItemFailures": { - "properties": { - "message": { - "type": "string" + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "type": { - "enum": [ - "unknown_identifier_type", - "bad_identifier_query", - "above_max_group_nesting", - "unknown_identifier_source", - "identifier_not_allowed", - "identifier_type_not_allowed", - "too_many_attributes", - "invalid_attribute_format" - ], - "example": "unknown_identifier_type", - "type": "string" - } + "operationId": "delete_asset_api_/assets/", + "tags": [ + "Identifiers" + ] }, - "required": [ - "message", - "type" - ], - "type": "object" - }, - "Insight": { - "properties": { - "analysis": { - "$ref": "#/definitions/InsightText" - }, - "date": { - "format": "date-time", - "type": "string" - }, - "paragraph": { - "$ref": "#/definitions/InsightText" - }, - "title": { - "$ref": "#/definitions/InsightText" - }, - "type": { - "type": "string" + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "asset": { + "$ref": "#/definitions/Identifier" + } + } + } + } }, - "visualization": { - "items": { - "$ref": "#/definitions/FootprintVisualizationChart" - }, - "type": "array" - } + "operationId": "get_asset_api_/assets/", + "tags": [ + "Identifiers" + ] }, - "required": [ - "analysis", - "date", - "paragraph", - "title", - "type" - ], - "type": "object" - }, - "InsightText": { - "properties": { - "params": { - "description": "Relevant data related to the text", - "type": "object" + "put": { + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "properties": { + "asset": { + "$ref": "#/definitions/Identifier" + } + } + } + } }, - "text": { - "description": "Text for the insight", - "type": "string" + "operationId": "put_asset_api_/assets/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/Identifier" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/{asset_id}/alerts": { + "parameters": [ + { + "name": "asset_id", + "in": "path", + "required": true, + "type": "integer" } - }, - "required": [ - "text" ], - "type": "object" - }, - "LeakActivityCredential": { - "properties": { - "credential_hash": { - "type": "string" - }, - "domain": { - "type": "string" + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "alerts": { + "$ref": "#/definitions/FeedAlert" + } + } + } + } }, - "hash": { - "type": "string" + "operationId": "get_asset_alerts_/assets//alerts", + "tags": [ + "Identifiers" + ] + }, + "post": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } }, - "id": { + "operationId": "post_asset_alerts_/assets//alerts", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } + ], + "tags": [ + "Identifiers" + ] + } + }, + "/firework/v2/assets/{asset_id}/alerts/{alert_id}": { + "parameters": [ + { + "name": "asset_id", + "in": "path", + "required": true, "type": "integer" }, - "identity_name": { - "type": "string" - }, - "ignored_at": { - "format": "date-time", - "type": "string" - }, - "imported_at": { - "type": "string" - }, - "known_password_id": { + { + "name": "alert_id", + "in": "path", + "required": true, "type": "integer" - }, - "remediated_at": { - "format": "date-time", - "type": "string" - }, - "source": { - "$ref": "#/definitions/source" - }, - "source_id": { - "type": "string" } - }, - "required": [ - "id", - "identity_name", - "imported_at", - "source_id" ], - "type": "object" - }, - "LeakedCredential": { - "properties": { - "id": { - "type": "integer" - } - }, - "type": "object" - }, - "Mitre": { - "properties": { - "mitigation": { - "$ref": "#/definitions/MitreLink" + "delete": { + "responses": { + "200": { + "description": "Success" + } }, - "techniques": { - "$ref": "#/definitions/MitreLink" - } + "operationId": "delete_asset_alert_/assets//alerts/", + "tags": [ + "Identifiers" + ] }, - "required": [ - "mitigation", - "techniques" - ], - "type": "object" - }, - "MitreLink": { - "properties": { - "id": { - "description": "Mitre's id", - "type": "string" - }, - "text": { - "description": "Mitre's text", - "type": "string" + "put": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } }, - "url": { - "description": "Link to the Mitre url page", - "type": "string" - } - }, - "required": [ - "id", - "text", - "url" - ], - "type": "object" - }, - "MultiPartData": { - "properties": { - "size": { - "type": "integer" - }, - "url": { - "type": "string" - } - }, - "type": "object" - }, - "NewReport": { - "properties": { - "audience": { - "enum": [ - "technical", - "general" - ], - "example": "technical", - "type": "string" - }, - "author": { - "type": "string" - }, - "elements": { - "items": { - "$ref": "#/definitions/ReportElementUpdate" - }, - "type": "array" - }, - "title": { - "type": "string" - } - }, - "required": [ - "author", - "title" - ], - "type": "object" - }, - "NewTenantInfo": { - "properties": { - "description": { - "type": "string" - }, - "identifier_limit": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "industry": { - "enum": [ - "global", - "transport", - "education", - "energy", - "finance", - "healthcare", - "manufacturing", - "retail", - "software", - "telecommunication" - ], - "example": "global", - "type": "string" - }, - "name": { - "type": "string" - }, - "number_of_employees": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" + "operationId": "put_asset_alert_/assets//alerts/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/FeedAlert" + } + } + ], + "tags": [ + "Identifiers" + ] + } }, - "Organization": { - "properties": { - "access_end_at": { - "format": "date-time", - "type": "string" - }, - "access_level": { - "type": "integer" - }, - "archived_at": { - "format": "date-time", - "type": "string" - }, - "authorization_workflow_enabled": { - "type": "boolean" - }, - "domain": { - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "file_analysis_enabled": { - "type": "boolean" - }, - "hubspot_company_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "id": { - "type": "integer" - }, - "identifier_limit": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "name": { - "description": "Display name", - "type": "string" - }, - "settings": { - "$ref": "#/definitions/OrganizationSettings" - }, - "type": { - "enum": [ - "direct", - "service-firm", - "training" - ], - "example": "direct", - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the organization.", - "type": "string" - }, - "user_limit": { + "/firework/v2/assets/{asset_id}/feed": { + "parameters": [ + { + "name": "asset_id", + "in": "path", + "required": true, "type": "integer" } - }, - "required": [ - "name" ], - "type": "object" - }, - "OrganizationHSProperties": { - "properties": { - "annual_takedowns_used": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "takedowns_in_subscription": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "OrganizationMember": { - "properties": { - "email": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "is_disabled": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "organization_member_permissions": { - "$ref": "#/definitions/OrganizationMemberPermission" - }, - "registered_at": { - "format": "date-time", - "type": "string" - }, - "surname": { - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the member.", - "type": "string" - } - }, - "type": "object" - }, - "OrganizationMemberData": { - "properties": { - "email": { - "type": "string" - }, - "memberships": { - "items": { - "$ref": "#/definitions/UserTenantMembership" + "get": { + "responses": { + "404": { + "description": "Identifier does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" - }, - "name": { - "type": "string" - }, - "organization_member_permissions": { - "type": "object" - }, - "send_welcome_email": { - "default": true, - "type": "boolean" - }, - "surname": { - "type": "string" + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } }, - "user_permissions": { - "type": "object" - } - }, - "required": [ - "email", - "name", - "organization_member_permissions", - "surname" - ], - "type": "object" - }, - "OrganizationMemberPage": { - "properties": { - "members": { - "items": { - "$ref": "#/definitions/OrganizationMemberWithMetadata" + "operationId": "get_asset_feed_/assets//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" }, - "type": "array" - }, - "next": { - "example": "nullable string", - "type": [ - "string", - "null" - ] - } - }, - "type": "object" - }, - "OrganizationMemberPermission": { - "properties": { - "*": { - "additionalProperties": { - "type": "boolean" + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" }, - "type": "object" - } - }, - "type": "object" - }, - "OrganizationMemberWithMetadata": { - "properties": { - "is_mfa_enabled": { - "example": "nullable bool", - "type": [ - "string", - "null" - ] - }, - "tenant_count": { - "type": "integer" - }, - "user": { - "$ref": "#/definitions/OrganizationMember" - } - }, - "type": "object" - }, - "OrganizationMonthlyUsage": { - "properties": { - "global_search_calls_count": { - "type": "integer" - }, - "identifier_count": { - "type": "integer" - }, - "timestamp": { - "type": "string" - } - }, - "type": "object" - }, - "OrganizationSettings": { - "properties": { - "demo_tenant_limit": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "hs_takedown_properties": { - "anyOf": [ - { - "$ref": "#/definitions/OrganizationHSProperties" + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" }, - { - "type": [ - "object", - "null" - ] - } - ] - }, - "permissions": { - "items": { - "type": "string" + "collectionFormat": "multi" }, - "type": "array" - }, - "through_distributor": { - "type": "boolean" - } - }, - "type": "object" - }, - "PageView": { - "properties": { - "created_at": { - "format": "date-time", - "type": "string" - }, - "route": { - "type": "string" - } - }, - "required": [ - "route" - ], - "type": "object" - }, - "PaginatedCredentials": { - "properties": { - "items": { - "$ref": "#/definitions/LeakActivityCredential" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "PartialSource": { - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "PermissionData": { - "properties": { - "permission": { - "type": "string" - }, - "value": { - "type": "boolean" - } - }, - "required": [ - "permission", - "value" - ], - "type": "object" - }, - "PriorityActionHeader": { - "properties": { - "created_at": { - "format": "date-time", - "type": "string" - }, - "snooze_until": { - "format": "date-time", - "type": "string" - }, - "status": { - "type": "string" - }, - "status_last_updated_at": { - "format": "date-time", - "type": "string" - }, - "summary": { - "$ref": "#/definitions/InsightText" - }, - "tags": { - "items": { - "type": "string" + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" }, - "type": "array" - }, - "title": { - "$ref": "#/definitions/InsightText" - }, - "type": { - "type": "string" - }, - "uuid": { - "type": "string" - } - }, - "required": [ - "created_at", - "snooze_until", - "status", - "status_last_updated_at", - "tags", - "title", - "type", - "uuid" - ], - "type": "object" - }, - "PriorityActionRelatedActivity": { - "properties": { - "remediated": { - "type": "boolean" - }, - "tenant_id": { - "type": "integer" - }, - "uid": { - "type": "string" - }, - "uuid": { - "type": "string" - } - }, - "required": [ - "remediated", - "tenant_id", - "uid", - "uuid" - ], - "type": "object" - }, - "RansomLeakData": { - "properties": { - "breached_at": { - "description": "Date of the ransomleak", - "format": "date-time", - "type": "string" - }, - "country": { - "description": "Country of the victim", - "type": "string" - }, - "domain": { - "description": "Domain of the victim", - "type": "string" - }, - "employee_count": { - "description": "Number of employee of the victim", - "type": "integer" - }, - "event_created_at": { - "description": "Date of the ransomleak event in the feed", - "format": "date-time", - "type": "string" - }, - "identifiers": { - "items": { - "$ref": "#/definitions/RansomLeakIdentifierData" - }, - "type": "array" - }, - "industry": { - "description": "Industry of the victim", - "type": "string" - }, - "publisher": { - "description": "Publisher of the ransomleak", - "type": "string" - }, - "risk_score": { - "description": "Computed risk of the ransomleak", - "type": "integer" - }, - "uid": { - "description": "event uid of the ransomleak", - "type": "string" - }, - "user_metadata": { - "$ref": "#/definitions/ActivityUserMetadata" - }, - "victim": { - "description": "Victim of the ransomleak", - "type": "string" - } - }, - "required": [ - "breached_at", - "event_created_at", - "identifiers", - "publisher", - "risk_score", - "uid", - "victim" - ], - "type": "object" - }, - "RansomLeakIdentifierData": { - "properties": { - "id": { - "type": "integer" - }, - "identifier_type": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "ReportElementUpdate": { - "properties": { - "enabled": { - "type": "boolean" - }, - "id": { - "type": "integer" - }, - "position": { - "type": "integer" - }, - "sort_by": { - "enum": [ - "custom", - "alphabetical", - "date" - ], - "example": "custom", - "type": "string" - }, - "time_interval": { - "type": "string" - } - }, - "type": "object" - }, - "Search": { - "properties": { - "items": { - "items": { - "type": "object" - }, - "type": "array" - }, - "links": { - "$ref": "#/definitions/SearchLinks" - }, - "nb_hits": { - "type": "integer" - }, - "search_after": { - "type": "string" - } - }, - "type": "object" - }, - "SearchLinks": { - "properties": { - "next": { - "type": "string" - } - }, - "type": "object" - }, - "Subdomains": { - "properties": { - "subdomain": { - "type": "string" - } - }, - "required": [ - "subdomain" - ], - "type": "object" - }, - "TableChartDataModel": { - "properties": { - "items": { - "items": { - "type": "object" - }, - "type": "array" - }, - "title": { - "type": "string" - } - }, - "type": "object" - }, - "Tenant": { - "properties": { - "access_end_at": { - "description": "The date when tenant access ends", - "example": "nullable date", - "format": "date-time", - "type": [ - "string", - "null" - ] - }, - "description": { - "description": "This tenant's purpose", - "type": "string" - }, - "feed_id": { - "description": "ID of the feed", - "type": "integer" - }, - "id": { - "description": "Tenant ID", - "type": "integer" - }, - "identifier_limit": { - "description": "The number of identifiers allowed for the tenant.", - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "industry": { - "description": "The industry of the tenant.", - "type": "string" - }, - "is_archived": { - "description": "Indicates if the tenant is archived", - "type": "boolean" - }, - "is_disabled": { - "description": "Indicates if the tenant is disabled", - "type": "boolean" - }, - "name": { - "description": "Tenant name", - "type": "string" - }, - "number_of_employees": { - "description": "The number of employees for the tenant.", - "type": "integer" - }, - "organization_id": { - "description": "ID of the owner organization", - "type": "integer" - }, - "permissions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "prevent_global_search": { - "description": "Indicates if the tenant can perform global searches", - "type": "boolean" - }, - "type": { - "description": "Tenant type", - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the tenant.", - "type": "string" - } - }, - "type": "object" - }, - "TenantData": { - "properties": { - "description": { - "description": "The Tenant's purpose / description", - "type": "string" - }, - "global_search_calls_limit": { - "description": "The number of API calls allowed for the tenant.", - "type": "integer" - }, - "industry": { - "description": "The Tenant's industry", - "enum": [ - "global", - "transport", - "education", - "energy", - "finance", - "healthcare", - "manufacturing", - "retail", - "software", - "telecommunication" - ], - "example": "global", - "type": "string" - }, - "name": { - "description": "The Tenant display name", - "type": "string" - }, - "number_of_employees": { - "description": "The number of employees for the tenant", - "type": "integer" - }, - "prevent_global_search": { - "type": "boolean" - } - }, - "required": [ - "description", - "industry", - "name", - "number_of_employees" - ], - "type": "object" - }, - "TenantDiscoveryPolicy": { - "properties": { - "enabled": { - "type": "boolean" - }, - "id": { - "type": "integer" - }, - "identifier_types": { - "items": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", - "type": "string" - }, - "type": "array" - }, - "tenant_id": { - "type": "integer" - }, - "terms": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "auto-accept", - "ignore-pattern" - ], - "example": "auto-accept", - "type": "string" - } - }, - "type": "object" - }, - "TenantIgnoredTerms": { - "properties": { - "clean_past_events": { - "type": "boolean" - }, - "created_at": { - "format": "date-time", - "type": "string" - }, - "name": { - "type": "string" - }, - "search_types": { - "items": { - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "example": "attachment", - "type": "string" - }, - "type": "array" - }, - "terms": { - "items": { - "type": "string" - }, - "type": "array" - }, - "uuid": { - "type": "string" - } - }, - "required": [ - "clean_past_events", - "created_at", - "name", - "search_types", - "uuid" - ], - "type": "object" - }, - "TenantUser": { - "properties": { - "email": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "is_disabled": { - "type": "boolean" - }, - "is_readonly": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "role": { - "enum": [ - "viewer", - "editor", - "admin" - ], - "example": "viewer", - "type": "string" - }, - "surname": { - "type": "string" - } - }, - "type": "object" - }, - "TenantUsers": { - "properties": { - "items": { - "$ref": "#/definitions/TenantUser" - }, - "next": { - "type": "integer" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "TenantWithCounts": { - "properties": { - "items": { - "$ref": "#/definitions/TenantWithCounts" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "TimeChartSerie": { - "properties": { - "color": { - "type": "string" - }, - "data": { - "items": { + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", "items": { - "type": "integer" - }, - "type": "array" - }, - "type": "array" - }, - "interval": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "UpdateGroupData": { - "properties": { - "group_type": { - "enum": [ - null, - "person", - "corporate_identities" - ], - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "name": { - "type": "string" - }, - "parent_group_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "UpdatedPermission": { - "properties": { - "updated_value": { - "type": "boolean" - } - }, - "type": "object" - }, - "UpdatedReport": { - "properties": { - "audience": { - "enum": [ - "technical", - "general" - ], - "example": "technical", - "type": "string" - }, - "author": { - "type": "string" - }, - "elements": { - "items": { - "$ref": "#/definitions/ReportElementUpdate" - }, - "type": "array" - }, - "title": { - "type": "string" - } - }, - "type": "object" - }, - "User": { - "properties": { - "color_scheme": { - "enum": [ - "auto", - "light", - "dark" - ], - "example": "auto", - "type": "string" - }, - "email": { - "description": "User's email", - "type": "string" - }, - "feature_flags": { - "type": "object" - }, - "flare_role": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "is_disabled": { - "type": "boolean" - }, - "language": { - "description": "User's language", - "type": "string" - }, - "name": { - "description": "Users's name", - "type": "string" - }, - "organization_id": { - "description": "ID of the owner organization", - "type": "integer" - }, - "organization_member_permissions": { - "type": "object" - }, - "registered_at": { - "format": "date-time", - "type": "string" - }, - "settings": { - "$ref": "#/definitions/UserSettings" - }, - "surname": { - "description": "User's surname", - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the user.", - "type": "string" - } - }, - "required": [ - "color_scheme", - "email", - "language", - "name" - ], - "type": "object" - }, - "UserProfile": { - "allOf": [ - { - "$ref": "#/definitions/User" - }, - { - "properties": { - "cello_jwt": { - "type": "string" - }, - "default_tenant_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "domain": { - "type": "string" - }, - "feature_flags": { - "type": "object" - }, - "has_password": { - "type": "boolean" - }, - "is_sso_mandatory": { - "type": "boolean" - }, - "language": { "type": "string" }, - "needs_eusa": { - "type": "boolean" - }, - "settings": { - "$ref": "#/definitions/UserSettings" - }, - "tenants": { - "items": { - "$ref": "#/definitions/Tenant" - }, - "type": "array" - }, - "trial_source": { - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "urn": { - "type": "string" - } + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] }, - "type": "object" - } - ] - }, - "UserSettings": { - "properties": { - "default_search": { - "type": "string" - }, - "organization_member_permissions": { - "items": { - "type": "string" + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" }, - "type": "array" - }, - "permissions": { - "items": { - "type": "string" + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] }, - "type": "array" - } - }, - "type": "object" - }, - "UserTenantAccess": { - "properties": { - "is_readonly": { - "description": "Access given to the user for the tenant", - "type": "boolean" - }, - "role": { - "description": "Role given to the user for the tenant", - "enum": [ - "viewer", - "editor", - "admin" - ], - "example": "viewer", - "type": "string" - }, - "user_id": { - "description": "The ID of the user to add to the tenant", - "type": "integer" - } - }, - "required": [ - "user_id" - ], - "type": "object" - }, - "UserTenantAccessRequest": { - "properties": { - "users": { - "items": { - "allOf": [ - { - "$ref": "#/definitions/UserTenantAccess" - } - ], - "description": "User given access to a tenant." + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] }, - "type": "array" - } - }, - "type": "object" - }, - "UserTenantMembership": { - "properties": { - "is_readonly": { - "type": "boolean" - }, - "role": { - "enum": [ - "viewer", - "editor", - "admin" - ], - "example": "viewer", - "type": "string" - }, - "tenant_id": { - "type": "integer" - } - }, - "required": [ - "tenant_id" - ], - "type": "object" - }, - "UserUpdate": { - "properties": { - "color_scheme": { - "enum": [ - "auto", - "light", - "dark" - ], - "example": "auto", - "type": "string" - }, - "language": { - "type": "string" - }, - "name": { - "type": "string" - }, - "settings": { - "type": "object" - }, - "surname": { - "type": "string" - } - }, - "required": [ - "color_scheme", - "name", - "settings", - "surname" - ], - "type": "object" - }, - "V3_Refs": { - "properties": { - "asset_uuid": { - "type": "string" - } - }, - "type": "object" - }, - "average_by_risk_score": { - "properties": { - "risk_score": { - "type": "integer" - }, - "values": { - "items": { - "$ref": "#/definitions/date_count" + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] }, - "type": "array" - } - }, - "type": "object" - }, - "average_by_search_type": { - "properties": { - "search_type": { - "type": "string" - }, - "values": { - "items": { - "$ref": "#/definitions/date_count" + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] }, - "type": "array" - } - }, - "type": "object" - }, - "count_by_risk_score": { - "properties": { - "risk_score": { - "type": "integer" - }, - "values": { - "items": { - "$ref": "#/definitions/date_count" + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] }, - "type": "array" - } - }, - "type": "object" - }, - "count_by_search_type": { - "properties": { - "search_type": { - "type": "string" - }, - "values": { - "items": { - "$ref": "#/definitions/date_count" + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true }, - "type": "array" - } - }, - "type": "object" - }, - "date_count": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "properties": { - "breached_at": { - "type": "string" - }, - "description_en": { - "type": "string" - }, - "description_fr": { - "type": "string" - }, - "id": { - "type": "string" - }, - "leaked_at": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pii_tags": { - "items": { - "type": "string" + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." }, - "type": "array" - } - }, - "required": [ - "id" - ], - "type": "object" - } - }, - "host": "api.flare.io", - "info": { - "description": "\nManage and access Firework resources.\n\n### Steps to use the Api\n\n1. `Send` a POST request to `https://api.flare.systems/tokens/generate` with your **Firework** credentials using [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to get a authentication token.\n---\n2. On the current page, click on the **Authorize** button and insert the token using the following format: `Bearer {token}`\n\n Example value: `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.Et9HFtf9R3GEMA0IICOfFMVXY7kkTX1wr4qCyhIf58U`\n---\n3. You should now be able to use SwaggerUI's built-in tools to query the documented endpoints.\n", - "title": "Firework API", - "version": "v2" - }, - "paths": { - "/firework/v2/activities/": { - "get": { - "operationId": "get_activity_endpoint_/activities/", - "parameters": [ { + "name": "has_modified_risk_score", "in": "query", - "name": "uid", - "required": true, - "type": "string" + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } ], + "tags": [ + "Identifiers" + ] + }, + "post": { "responses": { - "200": { - "description": "Returns the activity" - }, "404": { - "description": "Activity not found", + "description": "Identifier does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "400": { + "description": "Query is invalid.", "schema": { "$ref": "#/definitions/HttpError" } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } } }, - "tags": [ - "activities" - ] - } - }, - "/firework/v2/activities/actor/profile/{actor_name}": { - "get": { - "operationId": "get_actor_/activities/actor/profile/", + "operationId": "post_asset_feed_/assets//feed", "parameters": [ { - "description": " Limit results to those found in this time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", + "name": "fields", "in": "query", - "name": "actor_time", - "type": "string" + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" }, { - "default": 100, - "description": "Maximum number of hits returned per query.", + "name": "time", "in": "query", - "name": "actor_size", - "type": "integer" + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" }, { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `search_after` attribute for the next request to get the next page of results.", + "name": "size", "in": "query", - "name": "actor_search_after", - "type": "string" + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } ], - "responses": { - "200": { - "description": "Returns the actor" - } - }, "tags": [ - "activities" + "Identifiers" ] - }, + } + }, + "/firework/v2/assets/{asset_id}/highlights/{index}/{source}/{id}": { "parameters": [ { + "name": "asset_id", + "in": "path", + "required": true, + "type": "integer" + }, + { + "name": "index", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "source", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "id", "in": "path", - "name": "actor_name", "required": true, "type": "string" } - ] - }, - "/firework/v2/activities/document/{source}/{id}/extensions": { + ], "get": { - "operationId": "get_ransom_leak_file_extensions_endpoint_/activities/document///extensions", "responses": { "200": { - "description": "Returns all the different file extensions that were found in the files of a ransom leak." + "description": "Returns the highlights of the identifier data matching on an activity content." }, "404": { - "description": "Activity not found", + "description": "Identifier or activity does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "400": { + "description": "Query is invalid.", "schema": { "$ref": "#/definitions/HttpError" } } }, + "operationId": "get_identifier_activity_highlights_/assets//highlights///", "tags": [ - "activities" + "Identifiers" ] - }, + } + }, + "/firework/v2/assets/{asset_id}/subdomains/{domain_name}/feed": { "parameters": [ { + "name": "asset_id", "in": "path", - "name": "source", "required": true, - "type": "string" + "type": "integer" }, { + "name": "domain_name", "in": "path", - "name": "id", "required": true, "type": "string" } - ] - }, - "/firework/v2/activities/document/{source}/{id}/files": { + ], "get": { - "operationId": "get_ransom_leak_files_endpoint_/activities/document///files", "responses": { - "200": { - "description": "Returns the files in a ransom leak matching the specified query" - }, "404": { - "description": "Activity not found", + "description": "Identifier does not exist.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "400": { + "description": "Query is invalid.", "schema": { "$ref": "#/definitions/HttpError" } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } + }, + "operationId": "get_asset_subdomain_feed_/assets//subdomains//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } - }, + ], "tags": [ - "activities" + "Identifiers" ] - }, + } + }, + "/firework/v2/assets/{asset_id}/toggle": { "parameters": [ { + "name": "asset_id", "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", "required": true, - "type": "string" + "type": "integer" } - ] - }, - "/firework/v2/activities/leak/{source}/{keyword}": { - "get": { - "operationId": "get_leak_endpoint_/activities/leak//", + ], + "post": { "responses": { "200": { - "description": "Returns the leak activity" - }, - "404": { - "description": "Leak activity not found", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "properties": { + "asset": { + "$ref": "#/definitions/Identifier" + } + } } } }, + "operationId": "post_identifier_toggle_/assets//toggle", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/IdentifierToggle" + } + } + ], "tags": [ - "activities" + "Identifiers" ] - }, - "parameters": [ - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "keyword", - "required": true, - "type": "string" - } - ] + } }, - "/firework/v2/activities/leak/{source}/{keyword}/count": { + "/firework/v2/me/feed": { "get": { - "operationId": "get_leak_count_/activities/leak///count", "responses": { "200": { - "description": "Success" + "description": "The user's home feed activities", + "schema": { + "$ref": "#/definitions/Search" + } + } + }, + "operationId": "get_current_user_home_feed_/me/feed", + "parameters": [ + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } - }, + ], "tags": [ - "activities" + "me" ] }, - "parameters": [ - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "keyword", - "required": true, - "type": "string" - } - ] - }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata": { - "get": { - "operationId": "get_activity_user_metadata_resource_/activities////user_metadata", + "post": { "responses": { "200": { - "description": "Success", + "description": "The user's home feed activities", "schema": { - "$ref": "#/definitions/ActivityUserMetadata" + "$ref": "#/definitions/Search" } } }, - "tags": [ - "activities" - ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ] - }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/ignored": { - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ], - "put": { - "operationId": "put_activity_user_metadata_ignored_/activities////user_metadata/ignored", + "operationId": "post_current_user_home_feed_/me/feed", "parameters": [ { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/ActivityUserMetadataIgnored" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/ActivityUserMetadata" - } + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] + }, + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] + }, + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - } - }, - "tags": [ - "activities" - ] - } - }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/notes": { - "delete": { - "operationId": "delete_activity_user_metadata_notes_/activities////user_metadata/notes", - "responses": { - "200": { - "description": "Success" - } - }, - "tags": [ - "activities" - ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ], - "put": { - "operationId": "put_activity_user_metadata_notes_/activities////user_metadata/notes", - "parameters": [ { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/ActivityUserNotes" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/ActivityUserMetadata" - } + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - } - }, - "tags": [ - "activities" - ] - } - }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/remediated": { - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ], - "put": { - "operationId": "put_activity_user_metadata_remediated_/activities////user_metadata/remediated", - "parameters": [ { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/ActivityUserMetadataRemediated" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/ActivityUserMetadata" - } + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - } - }, - "tags": [ - "activities" - ] - } - }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/risk_score": { - "delete": { - "operationId": "delete_activity_user_metadata_risk_score_/activities////user_metadata/risk_score", - "responses": { - "200": { - "description": "Success" - } - }, - "tags": [ - "activities" - ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ], - "put": { - "operationId": "put_activity_user_metadata_risk_score_/activities////user_metadata/risk_score", - "parameters": [ { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/ActivityUserRiskScore" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/ActivityUserMetadata" - } + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } - }, + ], "tags": [ - "activities" + "me" ] } }, - "/firework/v2/activities/{index}/{source}/{id_}/user_metadata/tags": { - "delete": { - "operationId": "delete_activity_user_metadata_tags_/activities////user_metadata/tags", - "responses": { - "200": { - "description": "Success" - } - }, - "tags": [ - "activities" - ] - }, + "/firework/v2/me/feed/credentials": { "get": { - "operationId": "get_activity_user_metadata_tags_/activities////user_metadata/tags", "responses": { "200": { "description": "Success", "schema": { - "$ref": "#/definitions/ActivityUserMetadata" + "$ref": "#/definitions/PaginatedCredentials" } } }, - "tags": [ - "activities" - ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id_", - "required": true, - "type": "string" - } - ], - "put": { - "operationId": "put_activity_user_metadata_tags_/activities////user_metadata/tags", + "operationId": "get_leaked_credentials_feed_endpoint_/me/feed/credentials", "parameters": [ { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/ActivityUserTags" - } + "name": "size", + "in": "query", + "type": "integer", + "default": 20 + }, + { + "name": "from", + "in": "query", + "type": "string" + }, + { + "name": "order_type", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] } ], + "tags": [ + "me" + ] + }, + "post": { "responses": { "200": { "description": "Success", "schema": { - "$ref": "#/definitions/ActivityUserMetadata" + "$ref": "#/definitions/PaginatedCredentials" } - }, - "400": { - "description": "Query is invalid.", + } + }, + "operationId": "post_leaked_credentials_feed_endpoint_/me/feed/credentials", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/UserUpdate" } } - }, + ], "tags": [ - "activities" + "me" ] } }, - "/firework/v2/activities/{index}/{source}/{id}": { + "/firework/v2/me/profile": { "get": { - "operationId": "get_activity_endpoint_deprecated_/activities///", "responses": { "200": { - "description": "Returns the activity" - }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" - } + "description": "Returns the current user's profile" } }, + "operationId": "get_current_user_profile_/me/profile", "tags": [ - "activities" + "me" ] }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/ai_assistance": { - "get": { - "operationId": "get_activity_assistance_resource_/activities////ai_assistance", + "put": { "responses": { + "400": { + "description": "Update is invalid", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, "200": { "description": "Success", "schema": { "properties": { - "activity_ai_assistance": { - "$ref": "#/definitions/ActivityAiAssistance" + "profile": { + "$ref": "#/definitions/UserProfile" } } } } }, + "operationId": "put_current_user_profile_/me/profile", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/UserUpdate" + } + } + ], "tags": [ - "activities" + "me" ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] + } }, - "/firework/v2/activities/{index}/{source}/{id}/enrichment": { + "/firework/v2/me/tenants": { "get": { - "operationId": "get_activity_enrichment_endpoint_/activities////enrichment", "responses": { "200": { - "description": "Returns the activity enrichment" - }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" - } + "description": "Returns the current user's tenants." } }, + "operationId": "get_current_user_tenants_/me/tenants", "tags": [ - "activities" + "me" ] - }, + } + }, + "/firework/v2/organizations/{organization_id}/members": { "parameters": [ { + "name": "organization_id", "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", "required": true, - "type": "string" + "type": "integer" } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/events": { + ], "get": { - "operationId": "get_entity_events_/activities////events", + "responses": { + "404": { + "description": "Organization not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/OrganizationMemberPage" + } + } + }, + "operationId": "get_organization_members_api_/organizations//members", "parameters": [ { - "description": "Start from this key when paginating events.", + "name": "size", "in": "query", + "type": "integer", + "default": 20 + }, + { "name": "from", - "type": "integer" + "in": "query", + "type": "string" }, { - "default": 100, - "description": "Limit the events per page.", + "name": "q", "in": "query", - "name": "size", - "type": "integer" + "type": "string" } ], - "responses": { - "200": { - "description": "Returns events associated with the entity" - } - }, "tags": [ - "activities" + "organizations" ] }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/highlights": { - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ], "post": { - "operationId": "post_activity_highlights_/activities////highlights", + "responses": { + "404": { + "description": "Organization not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Success", + "schema": { + "properties": { + "member": { + "$ref": "#/definitions/OrganizationMemberWithMetadata" + } + } + } + } + }, + "operationId": "post_organization_members_api_/organizations//members", "parameters": [ { - "in": "body", "name": "payload", "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/HighlightPayload" - } - } - ], - "responses": { - "200": { - "description": "Returns the highlights of an activity" - }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/OrganizationMemberData" } } - }, + ], "tags": [ - "activities" + "organizations" ] } }, - "/firework/v2/activities/{index}/{source}/{id}/leaked_data": { - "get": { - "operationId": "get_leaked_data_/activities////leaked_data", - "responses": { - "200": { - "description": "Returns the related leaked_data" - }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" - } - } - }, - "tags": [ - "activities" - ] - }, + "/firework/v2/organizations/{organization_id}/members/{user_id}": { "parameters": [ { + "name": "organization_id", "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", "required": true, - "type": "string" + "type": "integer" }, { + "name": "user_id", "in": "path", - "name": "id", "required": true, - "type": "string" + "type": "integer" } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/messages": { + ], "get": { - "operationId": "get_activity_messages_/activities////messages", "responses": { "200": { - "description": "Returns the related messages" - }, - "404": { - "description": "Activity not found", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "properties": { + "member": { + "$ref": "#/definitions/OrganizationMemberWithMetadata" + } + } } } }, + "operationId": "get_organization_member_api_/organizations//members/", "tags": [ - "activities" + "organizations" ] }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/parent_chat_data": { - "get": { - "operationId": "get_parent_activity_data_/activities////parent_chat_data", + "put": { "responses": { "200": { - "description": "Returns the related parent_uids data" - }, - "404": { - "description": "Activity not found", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "properties": { + "member": { + "$ref": "#/definitions/OrganizationMemberWithMetadata" + } + } } } }, + "operationId": "put_organization_member_api_/organizations//members/", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/OrganizationMember" + } + } + ], "tags": [ - "activities" + "organizations" ] - }, + } + }, + "/firework/v2/organizations/{organization_id}/members/{user_id}/disable": { "parameters": [ { + "name": "organization_id", "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", "required": true, - "type": "string" + "type": "integer" }, { + "name": "user_id", "in": "path", - "name": "id", "required": true, - "type": "string" + "type": "integer" } - ] - }, - "/firework/v2/activities/{index}/{source}/{id}/related/{context}": { - "get": { - "operationId": "get_related_items_/activities////related/", - "parameters": [ - { - "collectionFormat": "multi", - "description": "ID of an identifier.", - "in": "query", - "items": { - "type": "integer" - }, - "name": "identifier_ids", - "type": "array" - } - ], + ], + "post": { "responses": { "200": { - "description": "Returns related activities" - }, - "400": { - "description": "Activity have no related items", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Activity not found", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/EnableState" } } }, + "operationId": "post_organization_member_disable_/organizations//members//disable", "tags": [ - "activities" + "organizations" ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "context", - "required": true, - "type": "string" - } - ] + } }, - "/firework/v2/activities/{index}/{source}/{id}/translate": { + "/firework/v2/organizations/{organization_id}/members/{user_id}/enable": { "parameters": [ { + "name": "organization_id", "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", "required": true, - "type": "string" + "type": "integer" }, { + "name": "user_id", "in": "path", - "name": "id", "required": true, - "type": "string" + "type": "integer" } ], "post": { - "operationId": "post_translate_activity_/activities////translate", - "parameters": [ - { - "default": 10000, - "description": "Set the maximum len of translated text.", - "in": "query", - "name": "max_len", - "type": "integer" - } - ], "responses": { "200": { - "description": "Returns the translation of an activity" - }, - "404": { - "description": "Activity not found", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/EnableState" } } }, + "operationId": "post_organization_member_enable_/organizations//members//enable", "tags": [ - "activities" + "organizations" ] } }, - "/firework/v2/assets/": { - "get": { - "operationId": "get_assets_/assets/", + "/firework/v2/organizations/{organization_id}/members/{user_id}/permissions": { + "parameters": [ + { + "name": "organization_id", + "in": "path", + "required": true, + "type": "integer" + }, + { + "name": "user_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "post": { "responses": { "200": { "description": "Success", "schema": { - "properties": { - "assets": { - "$ref": "#/definitions/Identifier" - } - } + "$ref": "#/definitions/UpdatedPermission" } } }, - "tags": [ - "Identifiers" - ] - }, - "post": { - "operationId": "post_assets_/assets/", + "operationId": "post_organization_member_permissions_api_/organizations//members//permissions", "parameters": [ { - "in": "body", "name": "payload", "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/IdentifierCreate" + "$ref": "#/definitions/PermissionData" } } ], + "tags": [ + "organizations" + ] + } + }, + "/firework/v2/organizations/{organization_id}/members/{user_id}/tenants": { + "parameters": [ + { + "name": "organization_id", + "in": "path", + "required": true, + "type": "integer" + }, + { + "name": "user_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "get": { "responses": { "200": { "description": "Success", "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Identifier" - } - } - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/TenantWithCounts" } } }, + "operationId": "get_organization_member_tenants_/organizations//members//tenants", + "parameters": [ + { + "name": "size", + "in": "query", + "type": "integer", + "default": 20 + }, + { + "name": "from", + "in": "query", + "type": "string" + }, + { + "name": "include_disabled_demo", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "q", + "in": "query", + "type": "string" + } + ], "tags": [ - "Identifiers" + "organizations" ] } }, - "/firework/v2/assets/groups/": { + "/firework/v2/organizations/{organization_id}/tenants": { + "parameters": [ + { + "name": "organization_id", + "in": "path", + "required": true, + "type": "integer" + } + ], "get": { - "operationId": "get_assets_groups_/assets/groups/", "responses": { "200": { "description": "Success", "schema": { - "properties": { - "assets_groups": { - "$ref": "#/definitions/IdentifierGroup" - } - } + "$ref": "#/definitions/TenantWithCounts" } } }, + "operationId": "get_organization_tenants_api_/organizations//tenants", "tags": [ - "Identifiers" + "organizations" ] }, "post": { - "operationId": "post_assets_groups_/assets/groups/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/IdentifierGroup" - } - } - ], "responses": { "200": { "description": "Success", "schema": { - "properties": { - "assets_group": { - "$ref": "#/definitions/IdentifierGroup" - } - } + "$ref": "#/definitions/Tenant" } - }, - "400": { - "description": "Query is invalid.", + } + }, + "operationId": "post_organization_tenants_api_/organizations//tenants", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/NewTenantInfo" } } - }, + ], "tags": [ - "Identifiers" + "organizations" ] } }, - "/firework/v2/assets/groups/{assets_group_id}": { - "delete": { - "operationId": "delete_assets_group_api_/assets/groups/", + "/firework/v2/reporting/reports": { + "get": { "responses": { "200": { - "description": "Success" + "description": "Lists reports for the current tenant, ordered from newest to oldest." } }, + "operationId": "get_reports_endpoint_/reporting/reports", "tags": [ - "Identifiers" + "reporting" ] }, - "get": { - "operationId": "get_assets_group_api_/assets/groups/", + "post": { "responses": { "200": { - "description": "Success", + "description": "Creates a new report on the current tenant." + } + }, + "operationId": "post_reports_endpoint_/reporting/reports", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", "schema": { - "properties": { - "assets_group": { - "$ref": "#/definitions/IdentifierGroup" - } - } + "$ref": "#/definitions/NewReport" } } - }, + ], "tags": [ - "Identifiers" + "reporting" ] - }, + } + }, + "/firework/v2/reporting/reports/{report_id}": { "parameters": [ { + "name": "report_id", "in": "path", - "name": "assets_group_id", "required": true, "type": "integer" } ], - "put": { - "operationId": "put_assets_group_api_/assets/groups/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/UpdateGroupData" - } - } - ], + "delete": { "responses": { "200": { - "description": "Success", - "schema": { - "properties": { - "assets_group": { - "$ref": "#/definitions/IdentifierGroup" - } - } - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } + "description": "Deletes a report." } }, + "operationId": "delete_report_endpoint_/reporting/reports/", "tags": [ - "Identifiers" + "reporting" ] - } - }, - "/firework/v2/assets/groups/{assets_group_id}/alerts": { + }, "get": { - "operationId": "get_assets_group_alerts_/assets/groups//alerts", "responses": { "200": { - "description": "Success", - "schema": { - "properties": { - "alerts": { - "$ref": "#/definitions/FeedAlert" - } - } - } + "description": "Returns a report and its elements." } }, + "operationId": "get_report_endpoint_/reporting/reports/", "tags": [ - "Identifiers" + "reporting" ] }, - "parameters": [ - { - "in": "path", - "name": "assets_group_id", - "required": true, - "type": "integer" - } - ], - "post": { - "operationId": "post_assets_group_alerts_/assets/groups//alerts", + "patch": { + "responses": { + "200": { + "description": "Updates a report." + } + }, + "operationId": "patch_report_endpoint_/reporting/reports/", "parameters": [ { - "in": "body", "name": "payload", "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/FeedAlert" + "$ref": "#/definitions/UpdatedReport" } } ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/FeedAlert" - } - } - }, "tags": [ - "Identifiers" + "reporting" ] } }, - "/firework/v2/assets/groups/{assets_group_id}/alerts/{alert_id}": { - "delete": { - "operationId": "delete_assets_group_alert_/assets/groups//alerts/", - "responses": { - "200": { - "description": "Success" - } - }, - "tags": [ - "Identifiers" - ] - }, + "/firework/v2/reporting/reports/{report_id}/archive": { "parameters": [ { + "name": "report_id", "in": "path", - "name": "assets_group_id", "required": true, "type": "integer" + } + ], + "post": { + "responses": { + "200": { + "description": "Archives a report." + } }, + "operationId": "post_archive_report_endpoint_/reporting/reports//archive", + "tags": [ + "reporting" + ] + } + }, + "/firework/v2/reporting/reports/{report_id}/download": { + "parameters": [ { + "name": "report_id", "in": "path", - "name": "alert_id", "required": true, "type": "integer" } ], - "put": { - "operationId": "put_assets_group_alert_/assets/groups//alerts/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/FeedAlert" - } - } - ], + "get": { "responses": { "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/FeedAlert" - } + "description": "Download a report." } }, + "operationId": "get_report_download_endpoint_/reporting/reports//download", "tags": [ - "Identifiers" + "reporting" ] } }, - "/firework/v2/assets/groups/{assets_group_id}/feed": { + "/firework/v2/search/": { "get": { - "operationId": "get_assets_group_feed_/assets/groups//feed", + "responses": { + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } + }, + "operationId": "get_search_/search/", "parameters": [ { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "name": "fields", "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", "items": { "type": "string" }, - "name": "fields", - "type": "array" + "collectionFormat": "multi" }, { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", "name": "time", - "type": "string" + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" }, { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", "name": "size", - "type": "integer" + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 }, { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", "name": "search_after", - "type": "string" + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." }, { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", "name": "from", - "type": "string" + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." }, { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", + "name": "tags", "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", "items": { "type": "string" }, - "name": "tags", - "type": "array" + "collectionFormat": "multi" }, { - "description": "User defined operator to apply to tags filter", - "in": "query", "name": "tags_query_operator", - "type": "string" + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" }, { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", "enum": [ "attachment", "listing", @@ -3878,30 +4045,25 @@ "bucket", "bucket_object", "whois", - "ad", - "ads", "cookie", "pii", "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" + ] }, { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", + "name": "experimental_types", "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", "items": { "type": "string" }, - "name": "experimental_types", - "type": "array" + "collectionFormat": "multi" }, { + "name": "event_action", + "in": "query", + "type": "string", "enum": [ "default", "ignored", @@ -3909,12 +4071,15 @@ "risk_score_edited", "exclude_ignored", "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" + ] }, { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, "collectionFormat": "multi", "enum": [ "default", @@ -3923,15 +4088,15 @@ "risk_score_edited", "exclude_ignored", "ignored_or_remediated" - ], + ] + }, + { + "name": "risks", "in": "query", + "type": "array", "items": { - "type": "string" + "type": "integer" }, - "name": "event_actions", - "type": "array" - }, - { "collectionFormat": "multi", "enum": [ 1, @@ -3939,25 +4104,22 @@ 3, 4, 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" + ] }, { + "name": "order", + "in": "query", + "type": "string", "default": "desc", "enum": [ "asc", "desc" - ], - "in": "query", - "name": "order", - "type": "string" + ] }, { + "name": "sort_by", + "in": "query", + "type": "string", "default": "created", "enum": [ "created", @@ -3966,131 +4128,120 @@ "alertable-materialized", "materialized", "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" + ] }, { - "default": true, - "in": "query", "name": "use_global_policies", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": true }, { - "description": "The time zone used to compute the statistics.", - "in": "query", "name": "time_zone", - "type": "string" + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." }, { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", "name": "query", - "type": "string" + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." }, { - "default": false, - "in": "query", "name": "has_modified_risk_score", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": false }, { - "default": false, - "in": "query", "name": "has_notes", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": false } ], + "tags": [ + "search" + ] + }, + "post": { "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, "400": { "description": "Query is invalid.", "schema": { "$ref": "#/definitions/HttpError" } }, - "404": { - "description": "Identifier group does not exist.", + "200": { + "description": "Returns the search result(s).", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/Search" } } }, - "tags": [ - "Identifiers" - ] - }, - "parameters": [ - { - "in": "path", - "name": "assets_group_id", - "required": true, - "type": "integer" - } - ], - "post": { - "operationId": "post_assets_group_feed_/assets/groups//feed", + "operationId": "post_search_/search/", "parameters": [ { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "name": "fields", "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", "items": { "type": "string" }, - "name": "fields", - "type": "array" + "collectionFormat": "multi" }, { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", "name": "time", - "type": "string" + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" }, { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", "name": "size", - "type": "integer" + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 }, { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", "name": "search_after", - "type": "string" + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." }, { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", "name": "from", - "type": "string" + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." }, { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", + "name": "tags", "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", "items": { "type": "string" }, - "name": "tags", - "type": "array" + "collectionFormat": "multi" }, { - "description": "User defined operator to apply to tags filter", - "in": "query", "name": "tags_query_operator", - "type": "string" + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" }, { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: chat_message, forum_post, financial_data, listing, ransomleak, forum_topic, bot, blog_post, forum_profile, stealer_log, seller\n- open_web: stack_exchange, service, bucket, social_media_account, paste, docker, source_code_secrets, bucket_object, source_code_files, google\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", "enum": [ "attachment", "listing", @@ -4142,30 +4293,25 @@ "bucket", "bucket_object", "whois", - "ad", - "ads", "cookie", "pii", "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" + ] }, { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", + "name": "experimental_types", "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", "items": { "type": "string" }, - "name": "experimental_types", - "type": "array" + "collectionFormat": "multi" }, { + "name": "event_action", + "in": "query", + "type": "string", "enum": [ "default", "ignored", @@ -4173,12 +4319,15 @@ "risk_score_edited", "exclude_ignored", "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" + ] }, { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, "collectionFormat": "multi", "enum": [ "default", @@ -4187,15 +4336,15 @@ "risk_score_edited", "exclude_ignored", "ignored_or_remediated" - ], + ] + }, + { + "name": "risks", "in": "query", + "type": "array", "items": { - "type": "string" + "type": "integer" }, - "name": "event_actions", - "type": "array" - }, - { "collectionFormat": "multi", "enum": [ 1, @@ -4203,25 +4352,22 @@ 3, 4, 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" + ] }, { + "name": "order", + "in": "query", + "type": "string", "default": "desc", "enum": [ "asc", "desc" - ], - "in": "query", - "name": "order", - "type": "string" + ] }, { + "name": "sort_by", + "in": "query", + "type": "string", "default": "created", "enum": [ "created", @@ -4230,565 +4376,671 @@ "alertable-materialized", "materialized", "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" + ] }, { - "default": true, - "in": "query", "name": "use_global_policies", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": true }, { - "description": "The time zone used to compute the statistics.", - "in": "query", "name": "time_zone", - "type": "string" + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." }, { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", "name": "query", - "type": "string" + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." }, { - "default": false, - "in": "query", "name": "has_modified_risk_score", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": false }, { - "default": false, - "in": "query", "name": "has_notes", - "type": "boolean" + "in": "query", + "type": "boolean", + "default": false } ], + "tags": [ + "search" + ] + } + }, + "/firework/v2/sources/": { + "get": { "responses": { "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Identifier group does not exist.", - "schema": { - "$ref": "#/definitions/HttpError" - } + "description": "Returns a detailed list of monitored sources." } }, + "operationId": "get_sources_endpoint_/sources/", "tags": [ - "Identifiers" + "sources" ] } }, - "/firework/v2/assets/{asset_id}": { - "delete": { - "operationId": "delete_asset_api_/assets/", + "/firework/v2/sources/status": { + "get": { "responses": { "200": { - "description": "Success" + "description": "Returns a list of status for monitored sources." } }, + "operationId": "get_sources_status_/sources/status", "tags": [ - "Identifiers" + "sources" ] - }, + } + }, + "/firework/v2/sources/updates": { "get": { - "operationId": "get_asset_api_/assets/", "responses": { "200": { - "description": "Success", - "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Identifier" - } - } - } + "description": "Returns source updates." } }, + "operationId": "get_source_updates_/sources/updates", "tags": [ - "Identifiers" + "sources" ] - }, + } + }, + "/firework/v2/tenants/{tenant_id}": { "parameters": [ { + "name": "tenant_id", "in": "path", - "name": "asset_id", "required": true, "type": "integer" } ], + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/TenantWithCounts" + } + } + }, + "operationId": "get_tenant_api_/tenants/", + "tags": [ + "tenants" + ] + }, "put": { - "operationId": "put_asset_api_/assets/", + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/TenantWithCounts" + } + } + }, + "operationId": "put_tenant_api_/tenants/", "parameters": [ { - "in": "body", "name": "payload", "required": true, + "in": "body", "schema": { - "$ref": "#/definitions/Identifier" + "$ref": "#/definitions/TenantData" } } ], + "tags": [ + "tenants" + ] + } + }, + "/firework/v2/tenants/{tenant_id}/archive": { + "parameters": [ + { + "name": "tenant_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "post": { "responses": { "200": { - "description": "Success", - "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Identifier" - } - } - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } + "description": "Success" } }, + "operationId": "post_tenant_archive_api_/tenants//archive", "tags": [ - "Identifiers" + "tenants" ] } }, - "/firework/v2/assets/{asset_id}/alerts": { + "/firework/v2/tenants/{tenant_id}/users": { + "parameters": [ + { + "name": "tenant_id", + "in": "path", + "required": true, + "type": "integer" + } + ], "get": { - "operationId": "get_asset_alerts_/assets//alerts", "responses": { "200": { "description": "Success", "schema": { - "properties": { - "alerts": { - "$ref": "#/definitions/FeedAlert" - } - } + "$ref": "#/definitions/TenantUsers" + } + } + }, + "operationId": "get_tenant_users_api_/tenants//users", + "tags": [ + "tenants" + ] + }, + "post": { + "responses": { + "200": { + "description": "Users were successfully added to tenant." + } + }, + "operationId": "post_tenant_users_api_/tenants//users", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/UserTenantAccessRequest" } } + ], + "tags": [ + "tenants" + ] + } + }, + "/firework/v2/tenants/{tenant_id}/users/{user_id}": { + "parameters": [ + { + "name": "tenant_id", + "in": "path", + "required": true, + "type": "integer" + }, + { + "name": "user_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "delete": { + "responses": { + "200": { + "description": "User was successfully removed from the tenant." + } + }, + "operationId": "delete_tenant_users_access_api_/tenants//users/", + "tags": [ + "tenants" + ] + } + } + }, + "info": { + "title": "Firework API", + "version": "v2", + "description": "\nManage and access Firework resources.\n\n### Steps to use the Api\n\n1. `Send` a POST request to `https://api.flare.systems/tokens/generate` with your **Firework** credentials using [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to get a authentication token.\n---\n2. On the current page, click on the **Authorize** button and insert the token using the following format: `Bearer {token}`\n\n Example value: `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.Et9HFtf9R3GEMA0IICOfFMVXY7kkTX1wr4qCyhIf58U`\n---\n3. You should now be able to use SwaggerUI's built-in tools to query the documented endpoints.\n" + }, + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "securityDefinitions": { + "BearerAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, + "security": [ + { + "BearerAuth": [] + } + ], + "tags": [ + { + "name": "search", + "description": "Searches the threat activity database." + }, + { + "name": "Identifiers", + "description": "Manage a user's or organization's identifiers" + }, + { + "name": "activities", + "description": "Perform actions on activities." + }, + { + "name": "sources", + "description": "Get a detailed list of monitored sources." + }, + { + "name": "me", + "description": "Perform actions on the current user." + }, + { + "name": "tenants", + "description": "Manage tenants." + }, + { + "name": "organizations", + "description": "Admin management of organizations." + }, + { + "name": "reporting", + "description": "Manage reporting as an admin." + } + ], + "definitions": { + "HttpError": { + "properties": { + "message": { + "type": "string" + }, + "code": { + "type": "string" + } + }, + "type": "object" + }, + "Search": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "object" + } + }, + "nb_hits": { + "type": "integer" }, - "tags": [ - "Identifiers" - ] + "links": { + "$ref": "#/definitions/SearchLinks" + }, + "search_after": { + "type": "string" + } }, - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, - "type": "integer" + "type": "object" + }, + "SearchLinks": { + "properties": { + "next": { + "type": "string" } + }, + "type": "object" + }, + "IdentifierCreate": { + "required": [ + "data", + "name", + "search_types", + "type" ], - "post": { - "operationId": "post_asset_alerts_/assets//alerts", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/FeedAlert" - } + "properties": { + "name": { + "type": "string", + "minLength": 1 + }, + "type": { + "type": "string", + "example": "domain", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] + }, + "search_types": { + "type": "array", + "items": { + "type": "string", + "example": "stack_exchange", + "enum": [ + "stack_exchange", + "service", + "ad", + "forum_post", + "listing", + "docker", + "bucket_object", + "social_media_account", + "forum_topic", + "forum_profile", + "source_code_files", + "google", + "bucket", + "paste", + "ransomleak", + "source_code_secrets", + "blog_post", + "domain", + "chat_message", + "leak", + "financial_data", + "bot", + "stealer_log", + "seller", + "illicit_networks", + "open_web", + "buckets", + "source_code", + "leaks", + "domains", + "forum_content", + "blog_content", + "profile", + "ads", + "infected_devices", + "social_media" + ] } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/FeedAlert" - } + }, + "experimental_search_types": { + "type": "array", + "items": { + "type": "string" } }, - "tags": [ - "Identifiers" - ] - } - }, - "/firework/v2/assets/{asset_id}/alerts/{alert_id}": { - "delete": { - "operationId": "delete_asset_alert_/assets//alerts/", - "responses": { - "200": { - "description": "Success" + "risks": { + "type": "array", + "items": { + "type": "integer" } }, - "tags": [ - "Identifiers" - ] + "data": { + "type": "object" + } }, - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, + "type": "object" + }, + "Identifier": { + "required": [ + "data", + "name", + "search_types", + "type" + ], + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "alert_id", - "required": true, + "tenant_id": { "type": "integer" - } - ], - "put": { - "operationId": "put_asset_alert_/assets//alerts/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/FeedAlert" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/FeedAlert" - } - } }, - "tags": [ - "Identifiers" - ] - } - }, - "/firework/v2/assets/{asset_id}/feed": { - "get": { - "operationId": "get_asset_feed_/assets//feed", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "feed_id": { + "type": "integer" + }, + "type": { + "type": "string", + "example": "domain", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] + }, + "search_types": { + "type": "array", + "items": { + "type": "string", + "example": "stack_exchange", "enum": [ - "attachment", - "listing", - "ransomleak", + "stack_exchange", + "service", "forum_post", + "listing", + "docker", + "bucket_object", + "social_media_account", "forum_topic", "forum_profile", - "blog_post", - "seller", + "source_code_files", + "google", + "bucket", "paste", - "leak", - "chat_message", + "ransomleak", + "source_code_secrets", + "blog_post", "domain", + "chat_message", + "leak", + "financial_data", "bot", "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", + "seller", "illicit_networks", "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", + "source_code", + "leaks", + "domains", + "forum_content", + "blog_content", + "profile", + "infected_devices", + "social_media" + ] + } + }, + "experimental_search_types": { + "type": "array", + "items": { "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Identifier does not exist.", - "schema": { - "$ref": "#/definitions/HttpError" - } + }, + "v3_refs": { + "$ref": "#/definitions/V3_Refs" + }, + "risks": { + "type": "array", + "items": { + "type": "integer" } }, - "tags": [ - "Identifiers" - ] - }, - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, + "name": { + "type": "string", + "minLength": 1 + }, + "data": { + "type": "object" + }, + "assets_group_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "fetching_progress": { + "type": "integer" + }, + "count": { "type": "integer" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the identifier." + }, + "is_disabled": { + "type": "boolean" + }, + "source": { + "type": "string", + "example": "USER", + "enum": [ + "USER", + "SYSTEM_RELATION", + "SELF_ONBOARDING", + "ATTRIBUTE", + "IDP_SYNC" + ] + }, + "data_updated_at": { + "type": "string", + "format": "date-time" + }, + "monitored_at": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "example": "nullable date" + } + }, + "type": "object" + }, + "V3_Refs": { + "properties": { + "asset_uuid": { + "type": "string" + } + }, + "type": "object" + }, + "IdentifierToggle": { + "required": [ + "is_disabled" + ], + "properties": { + "is_disabled": { + "type": "boolean", + "description": "The `is_disabled` parameter is used to toggle the asset as either enabled or disabled.", + "default": true } + }, + "type": "object" + }, + "FeedAlert": { + "required": [ + "frequency", + "params", + "start_at", + "type" ], - "post": { - "operationId": "post_asset_feed_/assets//feed", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "properties": { + "name": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "type": { + "type": "string", + "example": "email", + "enum": [ + "email", + "channel", + "azure_sentinel", + "azure_sentinel_v2", + "slack", + "discord", + "splunk", + "jira", + "teams", + "servicenow", + "webhook" + ] + }, + "feed_url": { + "type": "string" + }, + "feed_target_type": { + "type": "string", + "example": "assets/groups", + "enum": [ + "assets/groups", + "assets", + "home" + ] + }, + "feed_target_id": { + "type": "integer" + }, + "frequency": { + "type": "integer" + }, + "start_at": { + "type": "string", + "format": "date-time" + }, + "created_at": { + "type": "string", + "format": "date-time" + }, + "last_processed_at": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "example": "nullable date" + }, + "last_result_date": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "example": "nullable date" + }, + "params": { + "type": "object" + }, + "tenant_id": { + "type": "integer" + }, + "organization_id": { + "type": "integer" + }, + "search_types": { + "type": "array", + "items": { + "type": "string", + "example": "attachment", "enum": [ "attachment", "listing", @@ -4845,2320 +5097,2090 @@ "cookie", "pii", "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" - } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Identifier does not exist.", - "schema": { - "$ref": "#/definitions/HttpError" - } + ] } }, - "tags": [ - "Identifiers" - ] - } - }, - "/firework/v2/assets/{asset_id}/highlights/{index}/{source}/{id}": { - "get": { - "operationId": "get_identifier_activity_highlights_/assets//highlights///", - "responses": { - "200": { - "description": "Returns the highlights of the identifier data matching on an activity content." - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Identifier or activity does not exist.", - "schema": { - "$ref": "#/definitions/HttpError" - } + "experimental_search_types": { + "type": "array", + "items": { + "type": "string" } }, - "tags": [ - "Identifiers" - ] + "risks": { + "type": "array", + "items": { + "type": "integer" + } + }, + "tenant_alert_channel_id": { + "type": "integer" + } }, - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, + "type": "object" + }, + "IdentifierGroup": { + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "index", - "required": true, + "tenant_id": { + "type": "integer" + }, + "feed_id": { + "type": "integer" + }, + "feed_owner_id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the identifier group." + }, + "parent_group_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "group_type": { + "type": [ + "string", + "null" + ], + "example": "nullable string", + "enum": [ + null, + "person", + "corporate_identities" + ] + } + }, + "type": "object" + }, + "UpdateGroupData": { + "properties": { + "name": { + "type": "string" + }, + "parent_group_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "group_type": { + "type": [ + "string", + "null" + ], + "example": "nullable string", + "enum": [ + null, + "person", + "corporate_identities" + ] + } + }, + "type": "object" + }, + "Organization": { + "required": [ + "name" + ], + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string", + "description": "Display name" + }, + "type": { + "type": "string", + "example": "direct", + "enum": [ + "direct", + "service-firm", + "training" + ] + }, + "settings": { + "$ref": "#/definitions/OrganizationSettings" + }, + "file_analysis_enabled": { + "type": "boolean" + }, + "user_limit": { + "type": "integer" + }, + "access_level": { + "type": "integer" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the organization." + }, + "access_end_at": { + "type": "string", + "format": "date-time" + }, + "identifier_limit": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "hubspot_company_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "domain": { + "type": [ + "string", + "null" + ], + "example": "nullable string" + }, + "archived_at": { + "type": "string", + "format": "date-time" + }, + "authorization_workflow_enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "OrganizationSettings": { + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "string" + } + }, + "through_distributor": { + "type": "boolean" + }, + "demo_tenant_limit": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "demo_identifier_limit": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "demo_duration": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "hs_takedown_properties": { + "anyOf": [ + { + "$ref": "#/definitions/OrganizationHSProperties" + }, + { + "type": [ + "object", + "null" + ] + } + ] + } + }, + "type": "object" + }, + "OrganizationHSProperties": { + "properties": { + "takedowns_in_subscription": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "annual_takedowns_used": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "NewTenantInfo": { + "properties": { + "name": { + "type": "string" + }, + "description": { "type": "string" }, - { - "in": "path", - "name": "source", - "required": true, + "industry": { + "type": "string", + "example": "global", + "enum": [ + "global", + "transport", + "education", + "energy", + "finance", + "healthcare", + "manufacturing", + "retail", + "software", + "telecommunication" + ] + }, + "number_of_employees": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "identifier_limit": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "TenantWithCounts": { + "properties": { + "next": { "type": "string" }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" + "items": { + "$ref": "#/definitions/TenantWithCounts" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" } - ] + }, + "type": "object" }, - "/firework/v2/assets/{asset_id}/subdomains/{domain_name}/feed": { - "get": { - "operationId": "get_asset_subdomain_feed_/assets//subdomains//feed", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", + "Tenant": { + "properties": { + "id": { + "type": "integer", + "description": "Tenant ID" + }, + "name": { + "type": "string", + "description": "Tenant name" + }, + "type": { + "type": "string", + "description": "Tenant type" + }, + "description": { + "type": "string", + "description": "This tenant's purpose" + }, + "organization_id": { + "type": "integer", + "description": "ID of the owner organization" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the tenant." + }, + "number_of_employees": { + "type": "integer", + "description": "The number of employees for the tenant." + }, + "industry": { + "type": "string", + "description": "The industry of the tenant." + }, + "is_disabled": { + "type": "boolean", + "description": "Indicates if the tenant is disabled" + }, + "is_archived": { + "type": "boolean", + "description": "Indicates if the tenant is archived" + }, + "feed_id": { + "type": "integer", + "description": "ID of the feed" + }, + "identifier_limit": { + "type": [ + "integer", + "null" + ], + "description": "The number of identifiers allowed for the tenant.", + "example": "nullable integer" + }, + "permissions": { + "type": "array", + "items": { "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" - } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "404": { - "description": "Identifier does not exist.", - "schema": { - "$ref": "#/definitions/HttpError" - } } }, - "tags": [ - "Identifiers" - ] + "prevent_global_search": { + "type": "boolean", + "description": "Indicates if the tenant can perform global searches" + }, + "access_end_at": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "description": "The date when tenant access ends", + "example": "nullable date" + } }, - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, + "type": "object" + }, + "UpdatedPermission": { + "properties": { + "updated_value": { + "type": "boolean" + } + }, + "type": "object" + }, + "AuditEvent": { + "required": [ + "data" + ], + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "domain_name", - "required": true, + "user_id": { + "type": "integer" + }, + "organization_id": { + "type": "integer" + }, + "created_at": { + "type": "string", + "format": "date-time" + }, + "data": { + "type": "object" + }, + "original_data": { + "type": "object" + }, + "affected_entities": { + "type": "object" + }, + "actor_data": { + "type": "object" + } + }, + "type": "object" + }, + "OrganizationMemberData": { + "required": [ + "email", + "name", + "organization_member_permissions", + "surname" + ], + "properties": { + "name": { + "type": "string" + }, + "surname": { + "type": "string" + }, + "email": { "type": "string" + }, + "organization_member_permissions": { + "type": "object" + }, + "user_permissions": { + "type": "object" + }, + "memberships": { + "type": "array", + "items": { + "$ref": "#/definitions/UserTenantMembership" + } + }, + "send_welcome_email": { + "type": "boolean", + "default": true } - ] + }, + "type": "object" }, - "/firework/v2/assets/{asset_id}/toggle": { - "parameters": [ - { - "in": "path", - "name": "asset_id", - "required": true, + "UserTenantMembership": { + "required": [ + "tenant_id" + ], + "properties": { + "tenant_id": { "type": "integer" + }, + "is_readonly": { + "type": "boolean" + }, + "role": { + "type": "string", + "example": "viewer", + "enum": [ + "viewer", + "editor", + "admin" + ] } - ], - "post": { - "operationId": "post_identifier_toggle_/assets//toggle", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/IdentifierToggle" - } + }, + "type": "object" + }, + "OrganizationMemberPage": { + "properties": { + "members": { + "type": "array", + "items": { + "$ref": "#/definitions/OrganizationMemberWithMetadata" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Identifier" - } - } - } + }, + "next": { + "type": [ + "string", + "null" + ], + "example": "nullable string" + } + }, + "type": "object" + }, + "OrganizationMemberWithMetadata": { + "properties": { + "user": { + "$ref": "#/definitions/OrganizationMember" + }, + "tenant_count": { + "type": "integer" + }, + "is_mfa_enabled": { + "type": [ + "string", + "null" + ], + "example": "nullable bool" + } + }, + "type": "object" + }, + "OrganizationMember": { + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "surname": { + "type": "string" + }, + "email": { + "type": "string" + }, + "organization_member_permissions": { + "$ref": "#/definitions/OrganizationMemberPermission" + }, + "is_disabled": { + "type": "boolean" + }, + "registered_at": { + "type": "string", + "format": "date-time" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the member." + } + }, + "type": "object" + }, + "OrganizationMemberPermission": { + "properties": { + "*": { + "type": "object", + "additionalProperties": { + "type": "boolean" } + } + }, + "type": "object" + }, + "EnableState": { + "properties": { + "is_disabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "PermissionData": { + "required": [ + "permission", + "value" + ], + "properties": { + "permission": { + "type": "string" }, - "tags": [ - "Identifiers" - ] - } + "value": { + "type": "boolean" + } + }, + "type": "object" }, - "/firework/v2/me/feed": { - "get": { - "operationId": "get_current_user_home_feed_/me/feed", - "parameters": [ - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", + "OrganizationMonthlyUsage": { + "properties": { + "timestamp": { + "type": "string" + }, + "identifier_count": { + "type": "integer" + }, + "global_search_calls_count": { + "type": "integer" + } + }, + "type": "object" + }, + "HighlightPayload": { + "properties": { + "query_string": { + "type": "string" + }, + "identifier_ids": { + "type": "array", + "items": { "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" } - ], - "responses": { - "200": { - "description": "The user's home feed activities", - "schema": { - "$ref": "#/definitions/Search" - } + } + }, + "type": "object" + }, + "ActivityUserNotes": { + "required": [ + "notes" + ], + "properties": { + "notes": { + "type": "string" + } + }, + "type": "object" + }, + "ActivityUserMetadata": { + "properties": { + "uid": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "type": "string" } }, - "tags": [ - "me" - ] + "risk_score": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "notes": { + "type": [ + "string", + "null" + ], + "example": "nullable string" + }, + "risk_score_updated_at": { + "type": "string", + "format": "date-time" + }, + "remediated_at": { + "type": "string", + "format": "date-time" + }, + "ignored_at": { + "type": "string", + "format": "date-time" + }, + "remediated_asset_uuid": { + "type": "string" + } }, - "post": { - "operationId": "post_current_user_home_feed_/me/feed", - "parameters": [ - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", + "type": "object" + }, + "ActivityUserRiskScore": { + "required": [ + "risk_score" + ], + "properties": { + "risk_score": { + "type": "integer" + } + }, + "type": "object" + }, + "ActivityUserMetadataRemediated": { + "required": [ + "is_remediated" + ], + "properties": { + "is_remediated": { + "type": "boolean" + }, + "identifier_id": { + "type": "integer" + } + }, + "type": "object" + }, + "ActivityUserMetadataIgnored": { + "required": [ + "is_ignored" + ], + "properties": { + "is_ignored": { + "type": "boolean" + }, + "identifier_id": { + "type": "integer" + } + }, + "type": "object" + }, + "ActivityAiAssistance": { + "properties": { + "uid": { + "type": "string" + }, + "prompt": { + "type": "string" + }, + "response": { + "type": "string" + } + }, + "type": "object" + }, + "ActivityUserTags": { + "required": [ + "tags" + ], + "properties": { + "tags": { + "type": "array", + "items": { "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { + } + } + }, + "type": "object" + }, + "UserUpdate": { + "required": [ + "color_scheme", + "name", + "settings", + "surname" + ], + "properties": { + "name": { + "type": "string" + }, + "surname": { + "type": "string" + }, + "settings": { + "type": "object" + }, + "language": { + "type": "string" + }, + "color_scheme": { + "type": "string", + "example": "auto", + "enum": [ + "auto", + "light", + "dark" + ] + } + }, + "type": "object" + }, + "UserProfile": { + "allOf": [ + { + "$ref": "#/definitions/User" + }, + { + "properties": { + "settings": { + "$ref": "#/definitions/UserSettings" + }, + "feature_flags": { + "type": "object" + }, + "tenants": { + "type": "array", + "items": { + "$ref": "#/definitions/Tenant" + } + }, + "default_tenant_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "is_sso_mandatory": { + "type": "boolean" + }, + "has_password": { + "type": "boolean" + }, + "urn": { "type": "string" }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { + "cello_jwt": { "type": "string" }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" + "needs_eusa": { + "type": "boolean" }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { + "domain": { "type": "string" }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" + "language": { + "type": "string" }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" + "trial_source": { + "type": [ + "string", + "null" + ], + "example": "nullable string" + } }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", + "type": "object" + } + ] + }, + "User": { + "required": [ + "color_scheme", + "email", + "language", + "name" + ], + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string", + "description": "Users's name" + }, + "surname": { + "type": "string", + "description": "User's surname" + }, + "email": { + "type": "string", + "description": "User's email" + }, + "organization_id": { + "type": "integer", + "description": "ID of the owner organization" + }, + "settings": { + "$ref": "#/definitions/UserSettings" + }, + "is_disabled": { + "type": "boolean" + }, + "feature_flags": { + "type": "object" + }, + "registered_at": { + "type": "string", + "format": "date-time" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the user." + }, + "organization_member_permissions": { + "type": "object" + }, + "language": { + "type": "string", + "description": "User's language" + }, + "color_scheme": { + "type": "string", + "example": "auto", + "enum": [ + "auto", + "light", + "dark" + ] + }, + "flare_role": { + "type": "string" + } + }, + "type": "object" + }, + "UserSettings": { + "properties": { + "default_search": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" } - ], - "responses": { - "200": { - "description": "The user's home feed activities", - "schema": { - "$ref": "#/definitions/Search" - } + }, + "organization_member_permissions": { + "type": "array", + "items": { + "type": "string" } }, - "tags": [ - "me" - ] - } - }, - "/firework/v2/me/feed/credentials": { - "get": { - "operationId": "get_leaked_credentials_feed_endpoint_/me/feed/credentials", - "parameters": [ - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", - "type": "string" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order_type", + "should_show_guided_tenant_wizard": { + "type": [ + "string", + "null" + ], + "example": "nullable bool" + } + }, + "type": "object" + }, + "PaginatedCredentials": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/LeakActivityCredential" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "LeakActivityCredential": { + "required": [ + "id", + "identity_name", + "imported_at", + "source_id" + ], + "properties": { + "id": { + "type": "integer" + }, + "source_id": { + "type": "string" + }, + "imported_at": { + "type": "string" + }, + "identity_name": { + "type": "string" + }, + "hash": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "source": { + "$ref": "#/definitions/source" + }, + "remediated_at": { + "type": "string", + "format": "date-time" + }, + "ignored_at": { + "type": "string", + "format": "date-time" + }, + "known_password_id": { + "type": "integer" + }, + "credential_hash": { + "type": "string" + } + }, + "type": "object" + }, + "source": { + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "description_en": { + "type": "string" + }, + "description_fr": { + "type": "string" + }, + "breached_at": { + "type": "string" + }, + "leaked_at": { + "type": "string" + }, + "pii_tags": { + "type": "array", + "items": { "type": "string" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedCredentials" - } - } - }, - "tags": [ - "me" - ] + } }, - "post": { - "operationId": "post_leaked_credentials_feed_endpoint_/me/feed/credentials", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/UserUpdate" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedCredentials" - } - } - }, - "tags": [ - "me" - ] - } + "type": "object" }, - "/firework/v2/me/profile": { - "get": { - "operationId": "get_current_user_profile_/me/profile", - "responses": { - "200": { - "description": "Returns the current user's profile" - } + "GroupedFeedAlerts": { + "required": [ + "alerts", + "key", + "organization_settings", + "params", + "type" + ], + "properties": { + "key": { + "type": "string" }, - "tags": [ - "me" - ] + "type": { + "type": "string" + }, + "params": { + "type": "object" + }, + "alerts": { + "$ref": "#/definitions/FeedAlert" + }, + "organization_settings": { + "$ref": "#/definitions/OrganizationSettings" + } }, - "put": { - "operationId": "put_current_user_profile_/me/profile", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/UserUpdate" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "profile": { - "$ref": "#/definitions/UserProfile" - } - } - } - }, - "400": { - "description": "Update is invalid", - "schema": { - "$ref": "#/definitions/HttpError" - } - } + "type": "object" + }, + "AlertUpdate": { + "properties": { + "id": { + "type": "integer" }, - "tags": [ - "me" - ] - } + "processed_at": { + "type": "string", + "format": "date" + }, + "last_result_date": { + "type": "string", + "format": "date" + } + }, + "type": "object" }, - "/firework/v2/me/tenants": { - "get": { - "operationId": "get_current_user_tenants_/me/tenants", - "responses": { - "200": { - "description": "Returns the current user's tenants." - } + "PageView": { + "required": [ + "route" + ], + "properties": { + "route": { + "type": "string" }, - "tags": [ - "me" - ] - } + "created_at": { + "type": "string", + "format": "date-time" + } + }, + "type": "object" }, - "/firework/v2/organizations/{organization_id}/members": { - "get": { - "operationId": "get_organization_members_api_/organizations//members", - "parameters": [ - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", - "type": "string" - }, - { - "in": "query", - "name": "q", + "TenantIgnoredTerms": { + "required": [ + "clean_past_events", + "created_at", + "name", + "search_types", + "uuid" + ], + "properties": { + "uuid": { + "type": "string" + }, + "name": { + "type": "string" + }, + "terms": { + "type": "array", + "items": { "type": "string" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/OrganizationMemberPage" - } - }, - "404": { - "description": "Organization not found", - "schema": { - "$ref": "#/definitions/HttpError" - } + }, + "search_types": { + "type": "array", + "items": { + "type": "string", + "example": "attachment", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] } }, - "tags": [ - "organizations" - ] - }, - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, - "type": "integer" + "created_at": { + "type": "string", + "format": "date-time" + }, + "clean_past_events": { + "type": "boolean" } + }, + "type": "object" + }, + "TenantData": { + "required": [ + "description", + "industry", + "name", + "number_of_employees" ], - "post": { - "operationId": "post_organization_members_api_/organizations//members", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationMemberData" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "member": { - "$ref": "#/definitions/OrganizationMemberWithMetadata" - } - } - } - }, - "404": { - "description": "Organization not found", - "schema": { - "$ref": "#/definitions/HttpError" - } - } + "properties": { + "name": { + "type": "string", + "description": "The Tenant display name" }, - "tags": [ - "organizations" - ] - } - }, - "/firework/v2/organizations/{organization_id}/members/{user_id}": { - "get": { - "operationId": "get_organization_member_api_/organizations//members/", - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "member": { - "$ref": "#/definitions/OrganizationMemberWithMetadata" - } - } - } - } + "description": { + "type": "string", + "description": "The Tenant's purpose / description" }, - "tags": [ - "organizations" - ] - }, - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, - "type": "integer" + "number_of_employees": { + "type": "integer", + "description": "The number of employees for the tenant" }, - { - "in": "path", - "name": "user_id", - "required": true, - "type": "integer" + "industry": { + "type": "string", + "description": "The Tenant's industry", + "example": "global", + "enum": [ + "global", + "transport", + "education", + "energy", + "finance", + "healthcare", + "manufacturing", + "retail", + "software", + "telecommunication" + ] + }, + "global_search_calls_limit": { + "type": "integer", + "description": "The number of API calls allowed for the tenant." + }, + "prevent_global_search": { + "type": "boolean" } - ], - "put": { - "operationId": "put_organization_member_api_/organizations//members/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationMember" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "member": { - "$ref": "#/definitions/OrganizationMemberWithMetadata" - } + }, + "type": "object" + }, + "UserTenantAccessRequest": { + "properties": { + "users": { + "type": "array", + "items": { + "description": "User given access to a tenant.", + "allOf": [ + { + "$ref": "#/definitions/UserTenantAccess" } - } + ] } + } + }, + "type": "object" + }, + "UserTenantAccess": { + "required": [ + "user_id" + ], + "properties": { + "user_id": { + "type": "integer", + "description": "The ID of the user to add to the tenant" }, - "tags": [ - "organizations" - ] - } + "is_readonly": { + "type": "boolean", + "description": "Access given to the user for the tenant" + }, + "role": { + "type": "string", + "description": "Role given to the user for the tenant", + "example": "viewer", + "enum": [ + "viewer", + "editor", + "admin" + ] + } + }, + "type": "object" }, - "/firework/v2/organizations/{organization_id}/members/{user_id}/disable": { - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, + "TenantUsers": { + "properties": { + "next": { "type": "integer" }, - { - "in": "path", - "name": "user_id", - "required": true, - "type": "integer" - } - ], - "post": { - "operationId": "post_organization_member_disable_/organizations//members//disable", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/EnableState" - } - } + "items": { + "$ref": "#/definitions/TenantUser" }, - "tags": [ - "organizations" - ] - } + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" }, - "/firework/v2/organizations/{organization_id}/members/{user_id}/enable": { - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, + "TenantUser": { + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "user_id", - "required": true, - "type": "integer" + "name": { + "type": "string" + }, + "surname": { + "type": "string" + }, + "email": { + "type": "string" + }, + "is_readonly": { + "type": "boolean" + }, + "role": { + "type": "string", + "example": "viewer", + "enum": [ + "viewer", + "editor", + "admin" + ] + }, + "is_disabled": { + "type": "boolean" } - ], - "post": { - "operationId": "post_organization_member_enable_/organizations//members//enable", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/EnableState" - } - } - }, - "tags": [ - "organizations" - ] - } + }, + "type": "object" }, - "/firework/v2/organizations/{organization_id}/members/{user_id}/permissions": { - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, + "TenantDiscoveryPolicy": { + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "user_id", - "required": true, + "tenant_id": { "type": "integer" - } - ], - "post": { - "operationId": "post_organization_member_permissions_api_/organizations//members//permissions", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/PermissionData" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/UpdatedPermission" - } + }, + "type": { + "type": "string", + "example": "auto-accept", + "enum": [ + "auto-accept", + "ignore-pattern" + ] + }, + "identifier_types": { + "type": "array", + "items": { + "type": "string", + "example": "domain", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] } }, - "tags": [ - "organizations" - ] - } - }, - "/firework/v2/organizations/{organization_id}/members/{user_id}/tenants": { - "get": { - "operationId": "get_organization_member_tenants_/organizations//members//tenants", - "parameters": [ - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "include_disabled_demo", - "type": "boolean" - }, - { - "in": "query", - "name": "q", + "terms": { + "type": "array", + "items": { "type": "string" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/TenantWithCounts" - } + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "NewReport": { + "required": [ + "author", + "title" + ], + "properties": { + "title": { + "type": "string" + }, + "author": { + "type": "string" + }, + "elements": { + "type": "array", + "items": { + "$ref": "#/definitions/ReportElementUpdate" } }, - "tags": [ - "organizations" - ] + "audience": { + "type": "string", + "example": "technical", + "enum": [ + "technical", + "general" + ] + } }, - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, + "type": "object" + }, + "ReportElementUpdate": { + "properties": { + "id": { "type": "integer" }, - { - "in": "path", - "name": "user_id", - "required": true, + "position": { "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "sort_by": { + "type": "string", + "example": "custom", + "enum": [ + "custom", + "alphabetical", + "date" + ] + }, + "time_interval": { + "type": "string" } - ] + }, + "type": "object" }, - "/firework/v2/organizations/{organization_id}/tenants": { - "get": { - "operationId": "get_organization_tenants_api_/organizations//tenants", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/TenantWithCounts" - } + "UpdatedReport": { + "properties": { + "title": { + "type": "string" + }, + "author": { + "type": "string" + }, + "elements": { + "type": "array", + "items": { + "$ref": "#/definitions/ReportElementUpdate" } }, - "tags": [ - "organizations" - ] + "audience": { + "type": "string", + "example": "technical", + "enum": [ + "technical", + "general" + ] + } }, - "parameters": [ - { - "in": "path", - "name": "organization_id", - "required": true, - "type": "integer" + "type": "object" + }, + "PriorityActionHeader": { + "required": [ + "created_at", + "snooze_until", + "status", + "status_last_updated_at", + "tags", + "title", + "type", + "uuid" + ], + "properties": { + "uuid": { + "type": "string" + }, + "type": { + "type": "string" + }, + "status": { + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time" + }, + "status_last_updated_at": { + "type": "string", + "format": "date-time" + }, + "snooze_until": { + "type": "string", + "format": "date-time" + }, + "title": { + "$ref": "#/definitions/InsightText" + }, + "summary": { + "$ref": "#/definitions/InsightText" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + } } + }, + "type": "object" + }, + "InsightText": { + "required": [ + "text" ], - "post": { - "operationId": "post_organization_tenants_api_/organizations//tenants", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/NewTenantInfo" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/Tenant" - } - } + "properties": { + "text": { + "type": "string", + "description": "Text for the insight" }, - "tags": [ - "organizations" - ] - } + "params": { + "type": "object", + "description": "Relevant data related to the text" + } + }, + "type": "object" }, - "/firework/v2/reporting/reports": { - "get": { - "operationId": "get_reports_endpoint_/reporting/reports", - "responses": { - "200": { - "description": "Lists reports for the current tenant, ordered from newest to oldest." - } + "Details": { + "required": [ + "title" + ], + "properties": { + "title": { + "$ref": "#/definitions/InsightText" }, - "tags": [ - "reporting" - ] + "summary": { + "$ref": "#/definitions/InsightText" + } }, - "post": { - "operationId": "post_reports_endpoint_/reporting/reports", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/NewReport" - } - } - ], - "responses": { - "200": { - "description": "Creates a new report on the current tenant." - } - }, - "tags": [ - "reporting" - ] - } + "type": "object" }, - "/firework/v2/reporting/reports/{report_id}": { - "delete": { - "operationId": "delete_report_endpoint_/reporting/reports/", - "responses": { - "200": { - "description": "Deletes a report." - } + "Mitre": { + "required": [ + "mitigation", + "techniques" + ], + "properties": { + "techniques": { + "$ref": "#/definitions/MitreLink" }, - "tags": [ - "reporting" - ] + "mitigation": { + "$ref": "#/definitions/MitreLink" + } }, - "get": { - "operationId": "get_report_endpoint_/reporting/reports/", - "responses": { - "200": { - "description": "Returns a report and its elements." - } + "type": "object" + }, + "MitreLink": { + "required": [ + "id", + "text", + "url" + ], + "properties": { + "id": { + "type": "string", + "description": "Mitre's id" }, - "tags": [ - "reporting" - ] - }, - "parameters": [ - { - "in": "path", - "name": "report_id", - "required": true, - "type": "integer" + "text": { + "type": "string", + "description": "Mitre's text" + }, + "url": { + "type": "string", + "description": "Link to the Mitre url page" } + }, + "type": "object" + }, + "PriorityActionRelatedActivity": { + "required": [ + "remediated", + "tenant_id", + "uid", + "uuid" ], - "patch": { - "operationId": "patch_report_endpoint_/reporting/reports/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/UpdatedReport" - } - } - ], - "responses": { - "200": { - "description": "Updates a report." - } + "properties": { + "uuid": { + "type": "string" }, - "tags": [ - "reporting" - ] - } - }, - "/firework/v2/reporting/reports/{report_id}/archive": { - "parameters": [ - { - "in": "path", - "name": "report_id", - "required": true, + "tenant_id": { "type": "integer" + }, + "uid": { + "type": "string" + }, + "remediated": { + "type": "boolean" } + }, + "type": "object" + }, + "ExportPriorityActionVisualizationData": { + "required": [ + "format", + "stream" ], - "post": { - "operationId": "post_archive_report_endpoint_/reporting/reports//archive", - "responses": { - "200": { - "description": "Archives a report." - } + "properties": { + "stream": { + "type": "string" }, - "tags": [ - "reporting" - ] - } + "format": { + "type": "string", + "example": "csv", + "enum": [ + "csv" + ] + } + }, + "type": "object" }, - "/firework/v2/reporting/reports/{report_id}/download": { - "get": { - "operationId": "get_report_download_endpoint_/reporting/reports//download", - "responses": { - "200": { - "description": "Download a report." + "Insight": { + "required": [ + "analysis", + "date", + "paragraph", + "title", + "type" + ], + "properties": { + "type": { + "type": "string" + }, + "date": { + "type": "string", + "format": "date-time" + }, + "title": { + "$ref": "#/definitions/InsightText" + }, + "paragraph": { + "$ref": "#/definitions/InsightText" + }, + "analysis": { + "$ref": "#/definitions/InsightText" + }, + "visualization": { + "type": "array", + "items": { + "$ref": "#/definitions/FootprintVisualizationChart" } + } + }, + "type": "object" + }, + "FootprintVisualizationChart": { + "required": [ + "data", + "id", + "type" + ], + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string", + "example": "comparison_chart", + "enum": [ + "comparison_chart", + "tabular_chart", + "radial_chart", + "line_chart", + "bar_chart", + "radar_chart" + ] }, - "tags": [ - "reporting" - ] - }, - "parameters": [ - { - "in": "path", - "name": "report_id", - "required": true, - "type": "integer" + "data": { + "type": "object" + }, + "title": { + "type": "string" } - ] + }, + "type": "object" }, - "/firework/v2/search/": { - "get": { - "operationId": "get_search_/search/", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" - } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } + "RansomLeakData": { + "required": [ + "breached_at", + "event_created_at", + "identifiers", + "publisher", + "risk_score", + "uid", + "victim" + ], + "properties": { + "uid": { + "type": "string", + "description": "event uid of the ransomleak" + }, + "breached_at": { + "type": "string", + "format": "date-time", + "description": "Date of the ransomleak" + }, + "event_created_at": { + "type": "string", + "format": "date-time", + "description": "Date of the ransomleak event in the feed" + }, + "risk_score": { + "type": "integer", + "description": "Computed risk of the ransomleak" + }, + "publisher": { + "type": "string", + "description": "Publisher of the ransomleak" + }, + "victim": { + "type": "string", + "description": "Victim of the ransomleak" + }, + "domain": { + "type": "string", + "description": "Domain of the victim" + }, + "country": { + "type": "string", + "description": "Country of the victim" + }, + "industry": { + "type": "string", + "description": "Industry of the victim" + }, + "employee_count": { + "type": "integer", + "description": "Number of employee of the victim" + }, + "user_metadata": { + "$ref": "#/definitions/ActivityUserMetadata" + }, + "identifiers": { + "type": "array", + "items": { + "$ref": "#/definitions/RansomLeakIdentifierData" } + } + }, + "type": "object" + }, + "RansomLeakIdentifierData": { + "properties": { + "id": { + "type": "integer" }, - "tags": [ - "search" - ] + "identifier_type": { + "type": "string" + }, + "name": { + "type": "string" + } }, - "post": { - "operationId": "post_search_/search/", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", - "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "event_actions", - "type": "array" - }, - { - "collectionFormat": "multi", - "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", + "type": "object" + }, + "date_count": { + "properties": { + "date": { + "type": "string", + "format": "date-time" + }, + "count": { + "type": "integer" + } + }, + "type": "object" + }, + "Import": { + "required": [ + "id", + "integration", + "tenant_id", + "type" + ], + "properties": { + "id": { + "type": "integer" + }, + "type": { + "type": "string", + "example": "identifiers", + "enum": [ + "identifiers" + ] + }, + "integration": { + "type": "string", + "example": "csv", + "enum": [ + "csv" + ] + }, + "tenant_id": { + "type": "integer" + }, + "committed_at": { + "type": [ + "string", + "null" + ], + "format": "date-time", + "example": "nullable date" + } + }, + "type": "object" + }, + "ImportItemFailures": { + "required": [ + "message", + "type" + ], + "properties": { + "type": { + "type": "string", + "example": "unknown_identifier_type", + "enum": [ + "unknown_identifier_type", + "bad_identifier_query", + "above_max_group_nesting", + "unknown_identifier_source", + "identifier_not_allowed", + "identifier_type_not_allowed", + "too_many_attributes", + "invalid_attribute_format" + ] + }, + "message": { + "type": "string" + } + }, + "type": "object" + }, + "Subdomains": { + "required": [ + "subdomain" + ], + "properties": { + "subdomain": { + "type": "string" + } + }, + "type": "object" + }, + "CredentialUrl": { + "properties": { + "url": { + "type": "string" + }, + "credential_hash": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "is_stealer_log": { + "type": "boolean" + } + }, + "type": "object" + }, + "LeakedCredential": { + "properties": { + "id": { + "type": "integer" + } + }, + "type": "object" + }, + "PartialSource": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "count_by_search_type": { + "properties": { + "search_type": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "$ref": "#/definitions/date_count" + } + } + }, + "type": "object" + }, + "count_by_risk_score": { + "properties": { + "risk_score": { + "type": "integer" + }, + "values": { + "type": "array", + "items": { + "$ref": "#/definitions/date_count" + } + } + }, + "type": "object" + }, + "average_by_search_type": { + "properties": { + "search_type": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "$ref": "#/definitions/date_count" + } + } + }, + "type": "object" + }, + "average_by_risk_score": { + "properties": { + "risk_score": { + "type": "integer" + }, + "values": { + "type": "array", + "items": { + "$ref": "#/definitions/date_count" + } + } + }, + "type": "object" + }, + "TimeChartSerie": { + "properties": { + "name": { + "type": "string" + }, + "data": { + "type": "array", + "items": { + "type": "array", "items": { "type": "integer" - }, - "name": "risks", - "type": "array" - }, - { - "default": "desc", - "enum": [ - "asc", - "desc" - ], - "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" - }, - { - "default": true, - "in": "query", - "name": "use_global_policies", - "type": "boolean" - }, - { - "description": "The time zone used to compute the statistics.", - "in": "query", - "name": "time_zone", - "type": "string" - }, - { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", - "in": "query", - "name": "query", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "has_notes", - "type": "boolean" - } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" } } }, - "tags": [ - "search" - ] - } + "color": { + "type": "string" + }, + "interval": { + "type": "string" + } + }, + "type": "object" }, - "/firework/v2/sources/": { - "get": { - "operationId": "get_sources_endpoint_/sources/", - "responses": { - "200": { - "description": "Returns a detailed list of monitored sources." + "TableChartDataModel": { + "properties": { + "title": { + "type": "string" + }, + "items": { + "type": "array", + "items": { + "type": "object" } + } + }, + "type": "object" + }, + "IdentifierRelationData": { + "required": [ + "asset_relation_uuid", + "identifier_id" + ], + "properties": { + "identifier_id": { + "type": "integer" + }, + "asset_relation_uuid": { + "type": "string" + } + }, + "type": "object" + }, + "ArchiveFile": { + "properties": { + "id": { + "type": "integer" + }, + "url": { + "type": "string" + }, + "source": { + "type": "string" + }, + "type": { + "type": "string" + }, + "password": { + "type": "string" + }, + "status": { + "type": "string" + }, + "data": { + "$ref": "#/definitions/ArchiveFileData" + }, + "ransomleak_uid": { + "type": "string" }, - "tags": [ - "sources" - ] - } - }, - "/firework/v2/sources/status": { - "get": { - "operationId": "get_sources_status_/sources/status", - "responses": { - "200": { - "description": "Returns a list of status for monitored sources." - } + "metadata": { + "$ref": "#/definitions/ArchiveFileMetadata" }, - "tags": [ - "sources" - ] - } - }, - "/firework/v2/sources/updates": { - "get": { - "operationId": "get_source_updates_/sources/updates", - "responses": { - "200": { - "description": "Returns source updates." - } + "status_updated_at": { + "type": "string", + "format": "date-time" }, - "tags": [ - "sources" - ] - } - }, - "/firework/v2/tenants/{tenant_id}": { - "get": { - "operationId": "get_tenant_api_/tenants/", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/TenantWithCounts" - } - } + "errors": { + "$ref": "#/definitions/ArchiveFileErrors" }, - "tags": [ - "tenants" - ] - }, - "parameters": [ - { - "in": "path", - "name": "tenant_id", - "required": true, + "retry_count": { "type": "integer" + }, + "retry_after": { + "type": "string", + "format": "date-time" } - ], - "put": { - "operationId": "put_tenant_api_/tenants/", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/TenantData" - } - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/TenantWithCounts" - } + }, + "type": "object" + }, + "ArchiveFileData": { + "properties": { + "parts": { + "type": "array", + "items": { + "$ref": "#/definitions/MultiPartData" } - }, - "tags": [ - "tenants" - ] - } + } + }, + "type": "object" }, - "/firework/v2/tenants/{tenant_id}/archive": { - "parameters": [ - { - "in": "path", - "name": "tenant_id", - "required": true, + "MultiPartData": { + "properties": { + "url": { + "type": "string" + }, + "size": { "type": "integer" } - ], - "post": { - "operationId": "post_tenant_archive_api_/tenants//archive", - "responses": { - "200": { - "description": "Success" - } - }, - "tags": [ - "tenants" - ] - } + }, + "type": "object" }, - "/firework/v2/tenants/{tenant_id}/users": { - "get": { - "operationId": "get_tenant_users_api_/tenants//users", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/TenantUsers" - } - } + "ArchiveFileMetadata": { + "properties": { + "first_crawled_at": { + "type": "string", + "format": "date-time" }, - "tags": [ - "tenants" - ] - }, - "parameters": [ - { - "in": "path", - "name": "tenant_id", - "required": true, + "last_crawled_at": { + "type": "string", + "format": "date-time" + }, + "estimated_created_at": { + "type": "string", + "format": "date-time" + }, + "scraper_id": { + "type": "string" + }, + "scraped_at": { + "type": "string", + "format": "date-time" + }, + "event_id": { "type": "integer" - } - ], - "post": { - "operationId": "post_tenant_users_api_/tenants//users", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/UserTenantAccessRequest" - } - } - ], - "responses": { - "200": { - "description": "Users were successfully added to tenant." - } }, - "tags": [ - "tenants" - ] - } + "event_id_v2": { + "type": "string" + } + }, + "type": "object" }, - "/firework/v2/tenants/{tenant_id}/users/{user_id}": { - "delete": { - "operationId": "delete_tenant_users_access_api_/tenants//users/", - "responses": { - "200": { - "description": "User was successfully removed from the tenant." + "ArchiveFileErrors": { + "properties": { + "errors": { + "type": "array", + "items": { + "$ref": "#/definitions/ArchiveFileErrorData" } - }, - "tags": [ - "tenants" - ] + } }, - "parameters": [ - { - "in": "path", - "name": "tenant_id", - "required": true, - "type": "integer" + "type": "object" + }, + "ArchiveFileErrorData": { + "properties": { + "type": { + "type": "string" }, - { - "in": "path", - "name": "user_id", - "required": true, - "type": "integer" + "traceback": { + "type": "string" } - ] + }, + "type": "object" } }, - "produces": [ - "application/json" - ], "responses": { - "HTTPException": { - "description": "" + "ParseError": { + "description": "When a mask can't be parsed" }, "MaskError": { "description": "When any error occurs on mask" }, - "ParseError": { - "description": "When a mask can't be parsed" + "HTTPException": { + "description": "" } }, + "host": "api.flare.io", "schemes": [ "https" - ], - "security": [ - { - "BearerAuth": [] - } - ], - "securityDefinitions": { - "BearerAuth": { - "in": "header", - "name": "Authorization", - "type": "apiKey" - } - }, - "swagger": "2.0", - "tags": [ - { - "description": "Searches the threat activity database.", - "name": "search" - }, - { - "description": "Manage a user's or organization's identifiers", - "name": "Identifiers" - }, - { - "description": "Perform actions on activities.", - "name": "activities" - }, - { - "description": "Get a detailed list of monitored sources.", - "name": "sources" - }, - { - "description": "Perform actions on the current user.", - "name": "me" - }, - { - "description": "Manage tenants.", - "name": "tenants" - }, - { - "description": "Admin management of organizations.", - "name": "organizations" - }, - { - "description": "Manage reporting as an admin.", - "name": "reporting" - } ] } diff --git a/docs/api-reference/spec/firework-v3-openapi.json b/docs/api-reference/spec/firework-v3-openapi.json index 944c8e5..63a70af 100644 --- a/docs/api-reference/spec/firework-v3-openapi.json +++ b/docs/api-reference/spec/firework-v3-openapi.json @@ -160,10 +160,6 @@ } ], "responses": { - "200": { - "content": {}, - "description": "Returns the activity" - }, "404": { "content": { "application/json": { @@ -173,6 +169,10 @@ } }, "description": "Activity not found" + }, + "200": { + "content": {}, + "description": "Returns the activity" } }, "tags": [ @@ -483,7 +483,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: stealer_log, forum_post, forum_profile, listing, chat_message, ransomleak, seller, forum_topic, blog_post, bot, financial_data\n- open_web: paste, stack_exchange, social_media_account, source_code_files, service, google, docker, source_code_secrets, bucket, bucket_object\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -689,15 +689,15 @@ } ], "responses": { - "200": { + "403": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Forbidden." }, "400": { "content": { @@ -709,15 +709,15 @@ }, "description": "Query is invalid." }, - "403": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Forbidden." + "description": "Returns the search result(s)." } }, "tags": [ @@ -803,7 +803,7 @@ } }, { - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: stealer_log, forum_post, forum_profile, listing, chat_message, ransomleak, seller, forum_topic, blog_post, bot, financial_data\n- open_web: paste, stack_exchange, social_media_account, source_code_files, service, google, docker, source_code_secrets, bucket, bucket_object\n- leaks: leak\n- domains: domain\n", "explode": true, "in": "query", "name": "types", @@ -1009,15 +1009,15 @@ } ], "responses": { - "200": { + "403": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Search" + "$ref": "#/components/schemas/HttpError" } } }, - "description": "Returns the search result(s)." + "description": "Forbidden." }, "400": { "content": { @@ -1029,15 +1029,15 @@ }, "description": "Query is invalid." }, - "403": { + "200": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/HttpError" + "$ref": "#/components/schemas/Search" } } }, - "description": "Forbidden." + "description": "Returns the search result(s)." } }, "tags": [ @@ -1211,6 +1211,7 @@ "enum": [ "ALL", "USER", + "COUNTED", "SYSTEM", "USER_AND_ATTRIBUTE" ], @@ -1354,6 +1355,7 @@ "enum": [ "ALL", "USER", + "COUNTED", "SYSTEM", "USER_AND_ATTRIBUTE" ], @@ -1748,22 +1750,25 @@ }, "components": { "responses": { - "HTTPException": { + "ParseError": { "content": {}, - "description": "" + "description": "When a mask can't be parsed" }, "MaskError": { "content": {}, "description": "When any error occurs on mask" }, - "ParseError": { + "HTTPException": { "content": {}, - "description": "When a mask can't be parsed" + "description": "" } }, "schemas": { "Asset": { "properties": { + "uuid": { + "type": "string" + }, "asset_type": { "enum": [ "github_repository", @@ -1792,9 +1797,6 @@ "example": "github_repository", "type": "string" }, - "cursor": { - "type": "string" - }, "data": { "$ref": "#/components/schemas/AssetData" }, @@ -1802,7 +1804,7 @@ "properties": {}, "type": "object" }, - "uuid": { + "cursor": { "type": "string" } }, @@ -1813,55 +1815,69 @@ }, "AssetData": { "properties": { - "asset_url": { + "repo_name": { "type": "string" }, - "bin": { - "type": "integer" + "repo_owner": { + "type": "string" }, - "email": { + "fqdn": { "type": "string" }, - "first_name": { + "name": { "type": "string" }, - "fqdn": { + "first_name": { "type": "string" }, - "id": { - "type": "integer" + "last_name": { + "type": "string" }, - "ip": { + "email": { "type": "string" }, "keyword": { "type": "string" }, - "last_name": { + "search_query": { "type": "string" }, - "name": { - "type": "string" + "id": { + "type": "integer" }, - "profile_url": { - "type": "string" + "bin": { + "type": "integer" }, - "repo_name": { + "ip": { "type": "string" }, - "repo_owner": { + "asset_url": { "type": "string" }, - "search_query": { + "username": { "type": "string" }, "site": { "type": "string" }, + "profile_url": { + "type": "string" + }, "tenant_id": { "type": "string" + } + }, + "type": "object" + }, + "AssetRelations": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/AssetRelation" + }, + "type": "array" }, - "username": { + "next": { "type": "string" } }, @@ -1869,23 +1885,14 @@ }, "AssetRelation": { "properties": { - "metadata": { - "$ref": "#/components/schemas/AssetRelationMetadata" - }, - "params": { - "$ref": "#/components/schemas/AssetRelationParams" - }, - "source_data": { - "$ref": "#/components/schemas/AssetData" - }, - "source_type": { + "uuid": { "type": "string" }, "source_uuid": { "type": "string" }, - "target_data": { - "$ref": "#/components/schemas/AssetData" + "source_type": { + "type": "string" }, "target_type": { "type": "string" @@ -1893,6 +1900,12 @@ "target_uuid": { "type": "string" }, + "target_data": { + "$ref": "#/components/schemas/AssetData" + }, + "source_data": { + "$ref": "#/components/schemas/AssetData" + }, "type": { "enum": [ "subdomain_of", @@ -1914,8 +1927,11 @@ "example": "subdomain_of", "type": "string" }, - "uuid": { - "type": "string" + "metadata": { + "$ref": "#/components/schemas/AssetRelationMetadata" + }, + "params": { + "$ref": "#/components/schemas/AssetRelationParams" } }, "required": [ @@ -1938,169 +1954,128 @@ }, "AssetRelationParams": { "properties": { + "number_of_leaked_secrets": { + "type": "integer" + }, "number_of_commits": { "type": "integer" }, - "number_of_domain_commits": { + "number_of_mentions": { "type": "integer" }, - "number_of_domain_emails": { + "number_of_domain_commits": { "type": "integer" }, "number_of_email_commits": { "type": "integer" }, - "number_of_github_projects": { + "number_of_domain_emails": { "type": "integer" }, - "number_of_leaked_secrets": { + "number_of_github_projects": { "type": "integer" + } + }, + "type": "object" + }, + "HttpError": { + "properties": { + "message": { + "type": "string" }, - "number_of_mentions": { - "type": "integer" + "code": { + "type": "string" } }, "type": "object" }, - "AssetRelations": { + "Search": { "properties": { "items": { "items": { - "$ref": "#/components/schemas/AssetRelation" + "properties": {}, + "type": "object" }, "type": "array" }, - "next": { + "nb_hits": { + "type": "integer" + }, + "links": { + "$ref": "#/components/schemas/SearchLinks" + }, + "search_after": { "type": "string" } }, "type": "object" }, - "BulkActionFilters": { + "SearchLinks": { "properties": { - "q": { - "type": "string" - }, - "recommendation_state": { - "enum": [ - "recommended", - "accepted", - "rejected" - ], - "example": "recommended", - "type": "string" - }, - "types": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", + "next": { "type": "string" } }, "type": "object" }, - "CollectionUpdate": { + "IdentifierChildren": { "properties": { - "content": { - "type": "string" - }, - "date": { - "type": "string" + "items": { + "items": { + "$ref": "#/components/schemas/IdentifierChild" + }, + "type": "array" }, - "type": { + "next": { "type": "string" } }, "type": "object" }, - "HttpError": { + "IdentifierChild": { "properties": { - "code": { - "type": "string" + "metadata": { + "$ref": "#/components/schemas/AssetRelationMetadata" }, - "message": { - "type": "string" + "child_identifier": { + "$ref": "#/components/schemas/Identifier" } }, "type": "object" }, "Identifier": { "properties": { - "asset_uuid": { - "type": "string" - }, - "count": { + "id": { "type": "integer" }, - "data": { - "properties": {}, - "type": "object" - }, - "data_updated_at": { - "format": "date-time", - "type": "string" - }, - "enrichments": { - "properties": {}, - "type": "object" - }, - "event_count": { + "tenant_id": { "type": "integer" }, - "experimental_search_types": { - "items": { - "type": "string" - }, - "type": "array" - }, "feed_id": { "type": "integer" }, "feed_owner_id": { "type": "integer" }, - "fetching_progress": { - "type": "integer" - }, - "first_rate_limited_at": { - "format": "date-time", - "type": "string" - }, - "id": { - "type": "integer" - }, - "is_critical": { - "type": "boolean" - }, - "is_disabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, + "type": { + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ], + "example": "domain", "type": "string" }, - "rate_limits": { - "$ref": "#/components/schemas/IdentifierRateLimits" - }, - "risks": { - "items": { - "type": "integer" - }, - "type": "array" - }, "search_types": { "items": { "enum": [ @@ -2163,41 +2138,73 @@ }, "type": "array" }, + "experimental_search_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "risks": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "asset_uuid": { + "type": "string" + }, + "data": { + "properties": {}, + "type": "object" + }, + "fetching_progress": { + "type": "integer" + }, + "count": { + "type": "integer" + }, + "urn": { + "description": "The uniform resource name of the identifier.", + "type": "string" + }, + "is_disabled": { + "type": "boolean" + }, + "is_critical": { + "type": "boolean" + }, "source": { "enum": [ "USER", "SYSTEM_RELATION", "SELF_ONBOARDING", - "ATTRIBUTE" + "ATTRIBUTE", + "IDP_SYNC" ], "example": "USER", "type": "string" }, - "tenant_id": { - "type": "integer" + "enrichments": { + "properties": {}, + "type": "object" }, - "type": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", + "data_updated_at": { + "format": "date-time", "type": "string" }, - "urn": { - "description": "The uniform resource name of the identifier.", + "event_count": { + "type": "integer" + }, + "first_rate_limited_at": { + "format": "date-time", "type": "string" + }, + "rate_limits": { + "$ref": "#/components/schemas/IdentifierRateLimits" } }, "required": [ @@ -2211,249 +2218,209 @@ ], "type": "object" }, - "IdentifierChild": { + "IdentifierRateLimits": { "properties": { - "child_identifier": { - "$ref": "#/components/schemas/Identifier" + "first_rate_limited_at": { + "format": "date-time", + "type": "string" }, - "metadata": { - "$ref": "#/components/schemas/AssetRelationMetadata" + "last_rate_limited_at": { + "format": "date-time", + "type": "string" + }, + "activity_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "items": { + "items": { + "$ref": "#/components/schemas/IdentifierRateLimit" + }, + "type": "array" } }, "type": "object" }, - "IdentifierChildren": { + "IdentifierRateLimit": { "properties": { - "items": { - "items": { - "$ref": "#/components/schemas/IdentifierChild" - }, - "type": "array" + "first_rate_limited_at": { + "format": "date-time", + "type": "string" }, - "next": { + "last_rate_limited_at": { + "format": "date-time", + "type": "string" + }, + "activity_type": { "type": "string" } }, + "required": [ + "activity_type", + "first_rate_limited_at", + "last_rate_limited_at" + ], "type": "object" }, - "IdentifierGroup": { + "PaginatedIdentifiers": { "properties": { - "feed_id": { - "type": "integer" - }, - "feed_owner_id": { - "type": "integer" - }, - "id": { - "type": "integer" - }, - "name": { + "next": { "type": "string" }, - "tenant_id": { - "type": "integer" - }, - "urn": { - "description": "The uniform resource name of the identifier group.", + "items": { + "$ref": "#/components/schemas/Identifier" + } + }, + "type": "object" + }, + "PaginatedIdentifierGroupsWithCounts": { + "properties": { + "next": { "type": "string" + }, + "items": { + "$ref": "#/components/schemas/IdentifierGroupWithCounts" } }, "type": "object" }, "IdentifierGroupWithCounts": { "properties": { - "event_count": { - "type": "integer" - }, "group": { "$ref": "#/components/schemas/IdentifierGroup" }, "identifier_count": { "type": "integer" }, + "total_identifier_count": { + "type": "integer" + }, "rate_limited_identifiers_count": { "type": "integer" }, - "total_identifier_count": { + "event_count": { "type": "integer" } }, "type": "object" }, - "IdentifierRateLimit": { + "IdentifierGroup": { "properties": { - "activity_type": { - "type": "string" + "id": { + "type": "integer" }, - "first_rate_limited_at": { - "format": "date-time", + "tenant_id": { + "type": "integer" + }, + "feed_id": { + "type": "integer" + }, + "feed_owner_id": { + "type": "integer" + }, + "name": { "type": "string" }, - "last_rate_limited_at": { - "format": "date-time", + "urn": { + "description": "The uniform resource name of the identifier group.", "type": "string" } }, - "required": [ - "activity_type", - "first_rate_limited_at", - "last_rate_limited_at" - ], "type": "object" }, - "IdentifierRateLimits": { + "PaginatedIdentifierRelations": { "properties": { - "activity_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "first_rate_limited_at": { - "format": "date-time", + "next": { "type": "string" }, "items": { - "items": { - "$ref": "#/components/schemas/IdentifierRateLimit" - }, - "type": "array" - }, - "last_rate_limited_at": { - "format": "date-time", - "type": "string" + "$ref": "#/components/schemas/Identifier" } }, "type": "object" }, - "IdentifierRecommendation": { + "BulkActionFilters": { "properties": { - "asset": { - "$ref": "#/components/schemas/Asset" - }, - "asset_id": { - "type": "integer" - }, - "asset_name": { + "recommendation_state": { + "enum": [ + "recommended", + "accepted", + "rejected" + ], + "example": "recommended", "type": "string" }, - "id": { - "type": "integer" - }, - "reasons": { - "items": { - "$ref": "#/components/schemas/Reason" - }, - "type": "array" - }, - "recommendation_group_id": { - "type": "integer" - }, - "state": { + "types": { "enum": [ - "recommended", - "accepted", - "rejected" + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" ], - "example": "recommended", + "example": "domain", "type": "string" }, - "tenant_id": { - "type": "integer" - }, - "updated_at": { - "format": "date-time", + "q": { "type": "string" } }, "type": "object" }, - "IdentifierRecommendationGroup": { + "PaginatedCredentials": { "properties": { - "asset_id": { - "type": "integer" - }, - "id": { - "type": "integer" - }, - "name": { + "next": { "type": "string" }, - "tenant_id": { - "type": "integer" + "items": { + "$ref": "#/components/schemas/LeakActivityCredential" } }, "type": "object" }, - "IdentifierRecommendationGroupWithEnrichments": { + "LeakActivityCredential": { "properties": { - "asset_id": { - "type": "integer" - }, - "asset_type": { - "type": "string" - }, - "available_asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "filtered_recommendations_count": { - "type": "integer" - }, "id": { "type": "integer" }, - "last_updated_at": { - "format": "date-time", + "source_id": { "type": "string" }, - "name": { + "imported_at": { "type": "string" }, - "tenant_id": { - "type": "integer" - }, - "total_recommendations_count": { - "type": "integer" - } - }, - "type": "object" - }, - "LeakActivityCredential": { - "properties": { - "domain": { + "identity_name": { "type": "string" }, "hash": { "type": "string" }, - "id": { - "type": "integer" - }, - "identity_name": { + "domain": { "type": "string" }, - "ignored_at": { + "source": { + "$ref": "#/components/schemas/source" + }, + "remediated_at": { "format": "date-time", "type": "string" }, - "imported_at": { + "ignored_at": { + "format": "date-time", "type": "string" }, "known_password_id": { "type": "integer" - }, - "remediated_at": { - "format": "date-time", - "type": "string" - }, - "source": { - "$ref": "#/components/schemas/source" - }, - "source_id": { - "type": "string" } }, "required": [ @@ -2464,111 +2431,88 @@ ], "type": "object" }, - "MonitoredChannel": { + "source": { "properties": { - "category": { + "id": { "type": "string" }, - "conversation_id": { - "type": "integer" - }, - "conversation_uid": { + "name": { "type": "string" }, - "description": { + "description_en": { "type": "string" }, - "last_crawled_at": { - "format": "date-time", + "description_fr": { "type": "string" }, - "member_count": { - "type": "integer" - }, - "message_count": { - "type": "integer" - }, - "source": { + "breached_at": { "type": "string" }, - "subcategory": { + "leaked_at": { "type": "string" }, - "title": { - "type": "string" + "pii_tags": { + "items": { + "type": "string" + }, + "type": "array" } }, + "required": [ + "id" + ], "type": "object" }, - "PaginatedCredentials": { + "IdentifierRecommendation": { "properties": { - "items": { - "$ref": "#/components/schemas/LeakActivityCredential" + "id": { + "type": "integer" }, - "next": { - "type": "string" - } - }, - "type": "object" - }, - "PaginatedCursoredCredentials": { - "properties": { - "cursors": { + "asset_id": { + "type": "integer" + }, + "asset": { + "$ref": "#/components/schemas/Asset" + }, + "tenant_id": { + "type": "integer" + }, + "reasons": { "items": { - "type": "string" + "$ref": "#/components/schemas/Reason" }, "type": "array" }, - "items": { - "$ref": "#/components/schemas/LeakActivityCredential" - }, - "next": { + "state": { + "enum": [ + "recommended", + "accepted", + "rejected" + ], + "example": "recommended", "type": "string" - } - }, - "type": "object" - }, - "PaginatedIdentifierGroupsWithCounts": { - "properties": { - "items": { - "$ref": "#/components/schemas/IdentifierGroupWithCounts" }, - "next": { + "updated_at": { + "format": "date-time", "type": "string" - } - }, - "type": "object" - }, - "PaginatedIdentifierRelations": { - "properties": { - "items": { - "$ref": "#/components/schemas/Identifier" }, - "next": { + "asset_name": { "type": "string" - } - }, - "type": "object" - }, - "PaginatedIdentifiers": { - "properties": { - "items": { - "$ref": "#/components/schemas/Identifier" }, - "next": { - "type": "string" + "recommendation_group_id": { + "type": "integer" } }, "type": "object" }, "Reason": { "properties": { - "from_asset_name": { - "type": "string" - }, "from_identifier_id": { "type": "integer" }, + "from_asset_name": { + "type": "string" + }, "recommendation_pipeline_id": { "enum": [ "email_from_domain", @@ -2589,65 +2533,124 @@ }, "type": "object" }, - "Search": { + "IdentifierRecommendationGroupWithEnrichments": { "properties": { - "items": { + "id": { + "type": "integer" + }, + "tenant_id": { + "type": "integer" + }, + "asset_id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "asset_type": { + "type": "string" + }, + "filtered_recommendations_count": { + "type": "integer" + }, + "total_recommendations_count": { + "type": "integer" + }, + "available_asset_types": { "items": { - "properties": {}, - "type": "object" + "type": "string" }, "type": "array" }, - "links": { - "$ref": "#/components/schemas/SearchLinks" + "last_updated_at": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "IdentifierRecommendationGroup": { + "properties": { + "id": { + "type": "integer" }, - "nb_hits": { + "tenant_id": { "type": "integer" }, - "search_after": { + "asset_id": { + "type": "integer" + }, + "name": { "type": "string" } }, "type": "object" }, - "SearchLinks": { + "CollectionUpdate": { "properties": { - "next": { + "type": { + "type": "string" + }, + "date": { + "type": "string" + }, + "content": { "type": "string" } }, "type": "object" }, - "source": { + "MonitoredChannel": { "properties": { - "breached_at": { + "conversation_id": { + "type": "integer" + }, + "conversation_uid": { "type": "string" }, - "description_en": { + "source": { "type": "string" }, - "description_fr": { + "title": { "type": "string" }, - "id": { + "description": { "type": "string" }, - "leaked_at": { + "category": { "type": "string" }, - "name": { + "subcategory": { "type": "string" }, - "pii_tags": { + "last_crawled_at": { + "format": "date-time", + "type": "string" + }, + "message_count": { + "type": "integer" + }, + "member_count": { + "type": "integer" + } + }, + "type": "object" + }, + "PaginatedCursoredCredentials": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/components/schemas/LeakActivityCredential" + }, + "cursors": { "items": { "type": "string" }, "type": "array" } }, - "required": [ - "id" - ], "type": "object" }, "post_asset_by_data_api__assets__by_data_200_response": { diff --git a/docs/api-reference/spec/firework-v3-swagger.json b/docs/api-reference/spec/firework-v3-swagger.json index 09d1912..183b1ae 100644 --- a/docs/api-reference/spec/firework-v3-swagger.json +++ b/docs/api-reference/spec/firework-v3-swagger.json @@ -1,354 +1,411 @@ { + "swagger": "2.0", "basePath": "/", - "consumes": [ - "application/json" - ], - "definitions": { - "Asset": { - "properties": { - "asset_type": { - "enum": [ - "github_repository", - "username", - "user_id", - "domain", - "brand", - "name", - "keyword", - "search_query", - "bin", - "ip", - "email", - "account", - "secret", - "credentials", - "favicon", - "screenshot", - "azure_tenant", - "thread", - "actor", - "cve", - "identity", - "forum_thread" - ], - "example": "github_repository", + "paths": { + "/firework/v3/activities/{index}/{source}/{id}": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "cursor": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "data": { - "$ref": "#/definitions/AssetData" - }, - "enrichments": { - "type": "object" - }, - "uuid": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "asset_type" ], - "type": "object" - }, - "AssetData": { - "properties": { - "asset_url": { - "type": "string" - }, - "bin": { - "type": "integer" - }, - "email": { - "type": "string" - }, - "first_name": { - "type": "string" - }, - "fqdn": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "ip": { - "type": "string" - }, - "keyword": { - "type": "string" - }, - "last_name": { - "type": "string" - }, - "name": { - "type": "string" - }, - "profile_url": { - "type": "string" - }, - "repo_name": { - "type": "string" - }, - "repo_owner": { - "type": "string" - }, - "search_query": { - "type": "string" - }, - "site": { - "type": "string" - }, - "tenant_id": { - "type": "string" + "get": { + "responses": { + "200": { + "description": "Returns the activity" + }, + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + } }, - "username": { - "type": "string" - } - }, - "type": "object" + "operationId": "get_activity_endpoint_/activities///", + "tags": [ + "activities" + ] + } }, - "AssetRelation": { - "properties": { - "metadata": { - "$ref": "#/definitions/AssetRelationMetadata" - }, - "params": { - "$ref": "#/definitions/AssetRelationParams" - }, - "source_data": { - "$ref": "#/definitions/AssetData" - }, - "source_type": { + "/firework/v3/activities/{index}/{source}/{id}/credentials": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "source_uuid": { + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "target_data": { - "$ref": "#/definitions/AssetData" - }, - "target_type": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" + } + ], + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/PaginatedCursoredCredentials" + } + } }, - "target_uuid": { + "operationId": "get_activity_credentials_endpoint_/activities////credentials", + "tags": [ + "activities" + ] + } + }, + "/firework/v3/activities/{index}/{source}/{id}/icon": { + "parameters": [ + { + "name": "index", + "in": "path", + "required": true, "type": "string" }, - "type": { - "enum": [ - "subdomain_of", - "mentioned_in", - "contributed_to", - "commits_with", - "found_from", - "resolves_to", - "has_account_on", - "has_favicon", - "has_screenshot", - "looks_like", - "links_to_azure_tenant", - "owns", - "uses", - "consists_of", - "related_to" - ], - "example": "subdomain_of", + { + "name": "source", + "in": "path", + "required": true, "type": "string" }, - "uuid": { + { + "name": "id", + "in": "path", + "required": true, "type": "string" } - }, - "required": [ - "type" ], - "type": "object" - }, - "AssetRelationMetadata": { - "properties": { - "first_seen_at": { - "format": "date-time", - "type": "string" + "get": { + "responses": { + "404": { + "description": "Activity not found", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the activity" + } }, - "last_seen_at": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" + "operationId": "get_activity_icon_endpoint_/activities////icon", + "tags": [ + "activities" + ] + } }, - "AssetRelationParams": { - "properties": { - "number_of_commits": { - "type": "integer" - }, - "number_of_domain_commits": { - "type": "integer" - }, - "number_of_domain_emails": { - "type": "integer" - }, - "number_of_email_commits": { - "type": "integer" - }, - "number_of_github_projects": { - "type": "integer" - }, - "number_of_leaked_secrets": { - "type": "integer" + "/firework/v3/assets/_by_data": { + "post": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "asset": { + "$ref": "#/definitions/Asset" + } + } + } + } }, - "number_of_mentions": { - "type": "integer" - } - }, - "type": "object" + "operationId": "post_asset_by_data_api_/assets/_by_data", + "parameters": [ + { + "name": "payload", + "required": true, + "in": "body", + "schema": { + "$ref": "#/definitions/Asset" + } + } + ], + "tags": [ + "assets" + ] + } }, - "AssetRelations": { - "properties": { - "items": { - "items": { - "$ref": "#/definitions/AssetRelation" - }, - "type": "array" + "/firework/v3/assets/_relations": { + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/AssetRelations" + } + } }, - "next": { - "type": "string" - } - }, - "type": "object" + "operationId": "get_assets_relations_api_/assets/_relations", + "parameters": [ + { + "name": "target_uuid", + "in": "query", + "type": "string", + "description": "The `target_uuid` parameter is used to get source assets related to this asset uuid \n\n" + }, + { + "name": "source_uuid", + "in": "query", + "type": "string", + "description": "The `source_uuid` parameter is used to get target assets related to this asset uuid \n\n" + }, + { + "name": "type", + "in": "query", + "type": "string", + "description": "The `type` parameter is used to filter which type of relation we want to list \n\n", + "enum": [ + "subdomain_of", + "mentioned_in", + "contributed_to", + "commits_with", + "found_from", + "resolves_to", + "has_account_on", + "has_favicon", + "has_screenshot", + "looks_like", + "links_to_azure_tenant", + "owns", + "uses", + "consists_of", + "related_to" + ] + }, + { + "name": "target_type", + "in": "query", + "type": "string", + "description": "The `target_type` parameter is used to filter which type of target assets related we want to list \n\nUsed only with `source_uuid` \n\n", + "enum": [ + "github_repository", + "username", + "user_id", + "domain", + "brand", + "name", + "keyword", + "search_query", + "bin", + "ip", + "email", + "account", + "secret", + "credentials", + "favicon", + "screenshot", + "azure_tenant", + "thread", + "actor", + "cve", + "identity", + "forum_thread" + ] + }, + { + "name": "source_type", + "in": "query", + "type": "string", + "description": "The `source_type` parameter is used to filter which type of source assets related we want to list \n\nUsed only with `target_uuid` \n\n", + "enum": [ + "github_repository", + "username", + "user_id", + "domain", + "brand", + "name", + "keyword", + "search_query", + "bin", + "ip", + "email", + "account", + "secret", + "credentials", + "favicon", + "screenshot", + "azure_tenant", + "thread", + "actor", + "cve", + "identity", + "forum_thread" + ] + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is the maximum results returned \n\n", + "default": 10 + }, + { + "name": "order", + "in": "query", + "type": "string", + "description": "The `order` parameter is used to define the order of the results. \n\nResults are ordered by the time the relation was first found. By default the results are ordered from the most recent to the oldest (desc)", + "default": "desc" + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `next` attribute for the next `from` value to use to get the next page of results." + }, + { + "name": "include_data", + "in": "query", + "type": "boolean", + "description": "The `include_data` parameter is to include asset data in the response \n\n", + "default": true + } + ], + "tags": [ + "assets" + ] + } }, - "BulkActionFilters": { - "properties": { - "q": { - "type": "string" - }, - "recommendation_state": { - "enum": [ - "recommended", - "accepted", - "rejected" - ], - "example": "recommended", - "type": "string" - }, - "types": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", + "/firework/v3/assets/{asset_uuid}": { + "parameters": [ + { + "name": "asset_uuid", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" - }, - "CollectionUpdate": { - "properties": { - "content": { - "type": "string" - }, - "date": { - "type": "string" + ], + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "properties": { + "asset": { + "$ref": "#/definitions/Asset" + } + } + } + } }, - "type": { - "type": "string" - } - }, - "type": "object" + "operationId": "get_asset_api_/assets/", + "tags": [ + "assets" + ] + } }, - "HttpError": { - "properties": { - "code": { - "type": "string" - }, - "message": { + "/firework/v3/assets/{asset_uuid}/feed": { + "parameters": [ + { + "name": "asset_uuid", + "in": "path", + "required": true, "type": "string" } - }, - "type": "object" - }, - "Identifier": { - "properties": { - "asset_uuid": { - "type": "string" - }, - "count": { - "type": "integer" - }, - "data": { - "type": "object" - }, - "data_updated_at": { - "format": "date-time", - "type": "string" - }, - "enrichments": { - "type": "object" - }, - "event_count": { - "type": "integer" - }, - "experimental_search_types": { - "items": { - "type": "string" + ], + "post": { + "responses": { + "403": { + "description": "Forbidden.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" - }, - "feed_id": { - "type": "integer" - }, - "feed_owner_id": { - "type": "integer" - }, - "fetching_progress": { - "type": "integer" - }, - "first_rate_limited_at": { - "format": "date-time", - "type": "string" - }, - "id": { - "type": "integer" - }, - "identifier_group_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "is_critical": { - "type": "boolean" - }, - "is_disabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "rate_limits": { - "$ref": "#/definitions/IdentifierRateLimits" - }, - "risks": { - "items": { - "type": "integer" + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } }, - "type": "array" + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } }, - "search_types": { - "items": { + "operationId": "post_asset_feeds_api_/assets//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" + }, + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: stealer_log, forum_post, forum_profile, listing, chat_message, ransomleak, seller, forum_topic, blog_post, bot, financial_data\n- open_web: paste, stack_exchange, social_media_account, source_code_files, service, google, docker, source_code_secrets, bucket, bucket_object\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", "enum": [ "attachment", "listing", @@ -400,724 +457,409 @@ "bucket", "bucket_object", "whois", + "ad", + "ads", "cookie", "pii", "experimental" - ], - "example": "attachment", - "type": "string" + ] }, - "type": "array" - }, - "source": { - "enum": [ - "USER", - "SYSTEM_RELATION", - "SELF_ONBOARDING", - "ATTRIBUTE" - ], - "example": "USER", - "type": "string" - }, - "tenant_id": { - "type": "integer" - }, - "type": { - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "example": "domain", - "type": "string" - }, - "urn": { - "description": "The uniform resource name of the identifier.", - "type": "string" - } - }, - "required": [ - "asset_uuid", - "data", - "data_updated_at", - "name", - "search_types", - "source", - "type" - ], - "type": "object" - }, - "IdentifierChild": { - "properties": { - "child_identifier": { - "$ref": "#/definitions/Identifier" - }, - "metadata": { - "$ref": "#/definitions/AssetRelationMetadata" - } - }, - "type": "object" - }, - "IdentifierChildren": { - "properties": { - "items": { - "items": { - "$ref": "#/definitions/IdentifierChild" + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" }, - "type": "array" - }, - "next": { - "type": "string" - } - }, - "type": "object" - }, - "IdentifierGroup": { - "properties": { - "feed_id": { - "type": "integer" - }, - "feed_owner_id": { - "type": "integer" - }, - "group_type": { - "enum": [ - null, - "person", - "corporate_identities" - ], - "example": "nullable string", - "type": [ - "string", - "null" - ] - }, - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "parent_group_id": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - }, - "tenant_id": { - "type": "integer" - }, - "urn": { - "description": "The uniform resource name of the identifier group.", - "type": "string" - } - }, - "type": "object" - }, - "IdentifierGroupWithCounts": { - "properties": { - "event_count": { - "type": "integer" - }, - "group": { - "$ref": "#/definitions/IdentifierGroup" - }, - "identifier_count": { - "type": "integer" - }, - "rate_limited_identifiers_count": { - "type": "integer" - }, - "total_identifier_count": { - "type": "integer" - } - }, - "type": "object" - }, - "IdentifierRateLimit": { - "properties": { - "activity_type": { - "type": "string" - }, - "first_rate_limited_at": { - "format": "date-time", - "type": "string" - }, - "last_rate_limited_at": { - "format": "date-time", - "type": "string" - } - }, - "required": [ - "activity_type", - "first_rate_limited_at", - "last_rate_limited_at" - ], - "type": "object" - }, - "IdentifierRateLimits": { - "properties": { - "activity_types": { - "items": { - "type": "string" + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] }, - "type": "array" - }, - "first_rate_limited_at": { - "format": "date-time", - "type": "string" - }, - "items": { - "items": { - "$ref": "#/definitions/IdentifierRateLimit" + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] }, - "type": "array" - }, - "last_rate_limited_at": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "IdentifierRecommendation": { - "properties": { - "asset": { - "$ref": "#/definitions/Asset" - }, - "asset_id": { - "type": "integer" - }, - "asset_name": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "reasons": { - "items": { - "$ref": "#/definitions/Reason" + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] }, - "type": "array" - }, - "recommendation_group_id": { - "type": "integer" - }, - "state": { - "enum": [ - "recommended", - "accepted", - "rejected" - ], - "example": "recommended", - "type": "string" - }, - "tenant_id": { - "type": "integer" - }, - "updated_at": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "IdentifierRecommendationGroup": { - "properties": { - "asset_id": { - "type": "integer" - }, - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "tenant_id": { - "type": "integer" - } - }, - "type": "object" - }, - "IdentifierRecommendationGroupWithEnrichments": { - "properties": { - "asset_id": { - "type": "integer" - }, - "asset_type": { - "type": "string" - }, - "available_asset_types": { - "items": { - "type": "string" + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] }, - "type": "array" - }, - "filtered_recommendations_count": { - "type": "integer" - }, - "id": { - "type": "integer" - }, - "last_updated_at": { - "format": "date-time", - "type": "string" - }, - "name": { - "type": "string" - }, - "tenant_id": { - "type": "integer" - }, - "total_recommendations_count": { - "type": "integer" - } + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false + } + ], + "tags": [ + "assets" + ] }, - "type": "object" - }, - "LeakActivityCredential": { - "properties": { - "domain": { - "type": "string" - }, - "hash": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "identity_name": { - "type": "string" - }, - "ignored_at": { - "format": "date-time", - "type": "string" + "get": { + "responses": { + "403": { + "description": "Forbidden.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "400": { + "description": "Query is invalid.", + "schema": { + "$ref": "#/definitions/HttpError" + } + }, + "200": { + "description": "Returns the search result(s).", + "schema": { + "$ref": "#/definitions/Search" + } + } }, - "imported_at": { - "type": "string" - }, - "known_password_id": { - "type": "integer" - }, - "remediated_at": { - "format": "date-time", - "type": "string" - }, - "source": { - "$ref": "#/definitions/source" - }, - "source_id": { - "type": "string" - } - }, - "required": [ - "id", - "identity_name", - "imported_at", - "source_id" - ], - "type": "object" - }, - "MonitoredChannel": { - "properties": { - "category": { - "type": "string" - }, - "conversation_id": { - "type": "integer" - }, - "conversation_uid": { - "type": "string" - }, - "description": { - "type": "string" - }, - "last_crawled_at": { - "format": "date-time", - "type": "string" - }, - "member_count": { - "type": "integer" - }, - "message_count": { - "type": "integer" - }, - "source": { - "type": "string" - }, - "subcategory": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "type": "object" - }, - "PaginatedCredentials": { - "properties": { - "items": { - "$ref": "#/definitions/LeakActivityCredential" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "PaginatedCursoredCredentials": { - "properties": { - "cursors": { - "items": { - "type": "string" + "operationId": "get_asset_feeds_api_/assets//feed", + "parameters": [ + { + "name": "fields", + "in": "query", + "type": "array", + "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "items": { + "type": "string" + }, + "collectionFormat": "multi" }, - "type": "array" - }, - "items": { - "$ref": "#/definitions/LeakActivityCredential" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "PaginatedIdentifierGroupsWithCounts": { - "properties": { - "items": { - "$ref": "#/definitions/IdentifierGroupWithCounts" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "PaginatedIdentifierRelations": { - "properties": { - "items": { - "$ref": "#/definitions/Identifier" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "PaginatedIdentifiers": { - "properties": { - "items": { - "$ref": "#/definitions/Identifier" - }, - "next": { - "type": "string" - }, - "total_count": { - "example": "nullable integer", - "type": [ - "integer", - "null" - ] - } - }, - "type": "object" - }, - "Reason": { - "properties": { - "from_asset_name": { - "type": "string" - }, - "from_identifier_id": { - "type": "integer" - }, - "recommendation_pipeline_id": { - "enum": [ - "email_from_domain", - "username_from_email", - "email_from_username", - "activity_discovery", - "subdomain_from_domain", - "azure_tenant_from_domain", - "domain_from_azure_tenant" - ], - "example": "email_from_domain", - "type": "string" - }, - "seen_at": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "Search": { - "properties": { - "items": { - "items": { - "type": "object" + { + "name": "time", + "in": "query", + "type": "string", + "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z" }, - "type": "array" - }, - "links": { - "$ref": "#/definitions/SearchLinks" - }, - "nb_hits": { - "type": "integer" - }, - "search_after": { - "type": "string" - } - }, - "type": "object" - }, - "SearchLinks": { - "properties": { - "next": { - "type": "string" - } - }, - "type": "object" - }, - "source": { - "properties": { - "breached_at": { - "type": "string" - }, - "description_en": { - "type": "string" - }, - "description_fr": { - "type": "string" - }, - "id": { - "type": "string" - }, - "leaked_at": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pii_tags": { - "items": { - "type": "string" + { + "name": "size", + "in": "query", + "type": "integer", + "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "default": 10 + }, + { + "name": "search_after", + "in": "query", + "type": "string", + "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results." + }, + { + "name": "from", + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results." + }, + { + "name": "tags", + "in": "query", + "type": "array", + "description": "User defined tags used to filter search results", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "tags_query_operator", + "in": "query", + "type": "string", + "description": "User defined operator to apply to tags filter" + }, + { + "name": "types", + "in": "query", + "type": "array", + "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: stealer_log, forum_post, forum_profile, listing, chat_message, ransomleak, seller, forum_topic, blog_post, bot, financial_data\n- open_web: paste, stack_exchange, social_media_account, source_code_files, service, google, docker, source_code_secrets, bucket, bucket_object\n- leaks: leak\n- domains: domain\n", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", + "domain", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", + "account", + "actor", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "ad", + "ads", + "cookie", + "pii", + "experimental" + ] + }, + { + "name": "experimental_types", + "in": "query", + "type": "array", + "description": "Type of experimental activities to search through.", + "items": { + "type": "string" + }, + "collectionFormat": "multi" + }, + { + "name": "event_action", + "in": "query", + "type": "string", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "event_actions", + "in": "query", + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "default", + "ignored", + "remediated", + "risk_score_edited", + "exclude_ignored", + "ignored_or_remediated" + ] + }, + { + "name": "risks", + "in": "query", + "type": "array", + "items": { + "type": "integer" + }, + "collectionFormat": "multi", + "enum": [ + 1, + 2, + 3, + 4, + 5 + ] }, - "type": "array" - } - }, - "required": [ - "id" - ], - "type": "object" - } - }, - "host": "api.flare.io", - "info": { - "description": "\nManage and access Firework resources.\n\n### Steps to use the Api\n\n1. `Send` a POST request to `https://api.flare.systems/tokens/generate` with your **Firework** credentials using [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to get a authentication token.\n---\n2. On the current page, click on the **Authorize** button and insert the token using the following format: `Bearer {token}`\n\n Example value: `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.Et9HFtf9R3GEMA0IICOfFMVXY7kkTX1wr4qCyhIf58U`\n---\n3. You should now be able to use SwaggerUI's built-in tools to query the documented endpoints.\n", - "title": "Firework API", - "version": "v3" - }, - "paths": { - "/firework/v3/activities/{index}/{source}/{id}": { - "get": { - "operationId": "get_activity_endpoint_/activities///", - "responses": { - "200": { - "description": "Returns the activity" + { + "name": "order", + "in": "query", + "type": "string", + "default": "desc", + "enum": [ + "asc", + "desc" + ] }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" - } + { + "name": "sort_by", + "in": "query", + "type": "string", + "default": "created", + "enum": [ + "created", + "indexed", + "updated", + "alertable-materialized", + "materialized", + "searchable" + ] + }, + { + "name": "use_global_policies", + "in": "query", + "type": "boolean", + "default": true + }, + { + "name": "time_zone", + "in": "query", + "type": "string", + "description": "The time zone used to compute the statistics." + }, + { + "name": "query", + "in": "query", + "type": "string", + "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax." + }, + { + "name": "has_modified_risk_score", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "has_notes", + "in": "query", + "type": "boolean", + "default": false } - }, + ], "tags": [ - "activities" + "assets" ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] + } }, - "/firework/v3/activities/{index}/{source}/{id}/credentials": { - "get": { - "operationId": "get_activity_credentials_endpoint_/activities////credentials", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedCursoredCredentials" - } - } - }, - "tags": [ - "activities" - ] - }, + "/firework/v3/assets/{asset_uuid}/relations": { "parameters": [ { + "name": "asset_uuid", "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", "required": true, "type": "string" } - ] - }, - "/firework/v3/activities/{index}/{source}/{id}/icon": { + ], "get": { - "operationId": "get_activity_icon_endpoint_/activities////icon", - "responses": { - "200": { - "description": "Returns the activity" - }, - "404": { - "description": "Activity not found", - "schema": { - "$ref": "#/definitions/HttpError" - } - } - }, - "tags": [ - "activities" - ] - }, - "parameters": [ - { - "in": "path", - "name": "index", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "source", - "required": true, - "type": "string" - }, - { - "in": "path", - "name": "id", - "required": true, - "type": "string" - } - ] - }, - "/firework/v3/assets/_by_data": { - "post": { - "operationId": "post_asset_by_data_api_/assets/_by_data", - "parameters": [ - { - "in": "body", - "name": "payload", - "required": true, - "schema": { - "$ref": "#/definitions/Asset" - } - } - ], "responses": { "200": { "description": "Success", "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Asset" - } - } + "$ref": "#/definitions/AssetRelations" } } }, - "tags": [ - "assets" - ] - } - }, - "/firework/v3/assets/_relations": { - "get": { - "operationId": "get_assets_relations_api_/assets/_relations", + "operationId": "get_asset_relations_api_/assets//relations", "parameters": [ { - "description": "The `target_uuid` parameter is used to get source assets related to this asset uuid \n\n", - "in": "query", - "name": "target_uuid", - "type": "string" - }, - { - "description": "The `source_uuid` parameter is used to get target assets related to this asset uuid \n\n", + "name": "type", "in": "query", - "name": "source_uuid", - "type": "string" - }, - { + "type": "string", "description": "The `type` parameter is used to filter which type of relation we want to list \n\n", "enum": [ "subdomain_of", @@ -1135,43 +877,13 @@ "uses", "consists_of", "related_to" - ], - "in": "query", - "name": "type", - "type": "string" + ] }, { - "description": "The `target_type` parameter is used to filter which type of target assets related we want to list \n\nUsed only with `source_uuid` \n\n", - "enum": [ - "github_repository", - "username", - "user_id", - "domain", - "brand", - "name", - "keyword", - "search_query", - "bin", - "ip", - "email", - "account", - "secret", - "credentials", - "favicon", - "screenshot", - "azure_tenant", - "thread", - "actor", - "cve", - "identity", - "forum_thread" - ], + "name": "related_type", "in": "query", - "name": "target_type", - "type": "string" - }, - { - "description": "The `source_type` parameter is used to filter which type of source assets related we want to list \n\nUsed only with `target_uuid` \n\n", + "type": "string", + "description": "The `related_type` parameter is used to filter which type of assets related we want to list \n\n", "enum": [ "github_repository", "username", @@ -1195,1224 +907,1515 @@ "cve", "identity", "forum_thread" - ], - "in": "query", - "name": "source_type", - "type": "string" + ] }, { - "default": 10, - "description": "The `size` parameter is the maximum results returned \n\n", - "in": "query", "name": "size", - "type": "integer" + "in": "query", + "type": "integer", + "description": "The `size` parameter is the maximum results returned \n\n", + "default": 10 }, { - "default": "desc", - "description": "The `order` parameter is used to define the order of the results. \n\nResults are ordered by the time the relation was first found. By default the results are ordered from the most recent to the oldest (desc)", - "in": "query", "name": "order", - "type": "string" + "in": "query", + "type": "string", + "description": "The `order` parameter is used to define the order of the results. \n\nResults are ordered by the time the relation was first found. By default the results are ordered from the most recent to the oldest (desc)", + "default": "desc" }, { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `next` attribute for the next `from` value to use to get the next page of results.", - "in": "query", "name": "from", - "type": "string" + "in": "query", + "type": "string", + "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `next` attribute for the next `from` value to use to get the next page of results." }, { - "default": true, - "description": "The `include_data` parameter is to include asset data in the response \n\n", - "in": "query", "name": "include_data", - "type": "boolean" + "in": "query", + "type": "boolean", + "description": "The `include_data` parameter is to include asset data in the response \n\n", + "default": true } ], + "tags": [ + "assets" + ] + } + }, + "/firework/v3/batch/chat_message/telegram/{conversation_id}/{batch_id}": { + "parameters": [ + { + "name": "conversation_id", + "in": "path", + "required": true, + "type": "string" + }, + { + "name": "batch_id", + "in": "path", + "required": true, + "type": "string" + } + ], + "get": { "responses": { "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/AssetRelations" - } + "description": "Returns a list of messages matching a conversation id and batch id" } }, + "operationId": "get_chat_message_batch_endpoint_/batch/chat_message/telegram//", "tags": [ - "assets" + "batch" ] } }, - "/firework/v3/assets/{asset_uuid}": { + "/firework/v3/identifiers/": { "get": { - "operationId": "get_asset_api_/assets/", "responses": { "200": { "description": "Success", "schema": { - "properties": { - "asset": { - "$ref": "#/definitions/Asset" - } - } + "$ref": "#/definitions/PaginatedIdentifiers" } } }, - "tags": [ - "assets" - ] - }, - "parameters": [ - { - "in": "path", - "name": "asset_uuid", - "required": true, - "type": "string" - } - ] - }, - "/firework/v3/assets/{asset_uuid}/feed": { - "get": { - "operationId": "get_asset_feeds_api_/assets//feed", + "operationId": "get_identifiers_endpoint_/identifiers/", "parameters": [ { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", + "name": "source_group", + "in": "query", + "type": "string", + "default": "ALL", + "enum": [ + "ALL", + "USER", + "COUNTED", + "SYSTEM", + "USER_AND_ATTRIBUTE" + ] + }, + { + "name": "order_by", + "in": "query", + "type": "string", + "default": "id", + "enum": [ + "id", + "name", + "type" + ] + }, + { + "name": "properties", "in": "query", + "type": "array", + "default": [], "items": { "type": "string" }, - "name": "fields", - "type": "array" + "collectionFormat": "multi", + "enum": [ + "recent", + "interest", + "resolves", + "reachable", + "unresolvable", + "unreachable" + ] }, { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", + "name": "types", "in": "query", - "name": "time", - "type": "string" + "type": "array", + "default": [], + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] }, { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", + "name": "is_disabled", "in": "query", - "name": "size", - "type": "integer" + "type": "boolean", + "default": false }, { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", + "name": "q", "in": "query", - "name": "search_after", "type": "string" }, { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", + "name": "exact_matches_only", + "in": "query", + "type": "boolean", + "default": false + }, + { + "name": "parent_group_id", "in": "query", - "name": "from", "type": "string" }, { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", + "name": "size", "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" + "type": "integer", + "default": 20 }, { - "description": "User defined operator to apply to tags filter", + "name": "from", "in": "query", - "name": "tags_query_operator", "type": "string" - }, + } + ], + "tags": [ + "identifiers" + ] + } + }, + "/firework/v3/identifiers/groups": { + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/PaginatedIdentifierGroupsWithCounts" + } + } + }, + "operationId": "get_identifier_groups_endpoint_/identifiers/groups", + "parameters": [ { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", + "name": "source_group", + "in": "query", + "type": "string", + "default": "ALL", "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], + "ALL", + "USER", + "COUNTED", + "SYSTEM", + "USER_AND_ATTRIBUTE" + ] + }, + { + "name": "order_by", "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" + "type": "string", + "default": "id", + "enum": [ + "id", + "name", + "type" + ] }, { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", + "name": "properties", "in": "query", + "type": "array", + "default": [], "items": { "type": "string" }, - "name": "experimental_types", - "type": "array" - }, - { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], - "in": "query", - "name": "event_action", - "type": "string" - }, - { "collectionFormat": "multi", "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], + "recent", + "interest", + "resolves", + "reachable", + "unresolvable", + "unreachable" + ] + }, + { + "name": "types", "in": "query", + "type": "array", + "default": [], "items": { "type": "string" }, - "name": "event_actions", - "type": "array" - }, - { "collectionFormat": "multi", "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] }, { - "default": "desc", - "enum": [ - "asc", - "desc" - ], + "name": "ignore_empty_groups", "in": "query", - "name": "order", - "type": "string" + "type": "boolean", + "default": false }, { - "default": "created", - "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], + "name": "is_disabled", "in": "query", - "name": "sort_by", - "type": "string" + "type": "boolean", + "default": false }, { - "default": true, + "name": "q", "in": "query", - "name": "use_global_policies", - "type": "boolean" + "type": "string" }, { - "description": "The time zone used to compute the statistics.", + "name": "exact_matches_only", "in": "query", - "name": "time_zone", - "type": "string" + "type": "boolean", + "default": false }, { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", + "name": "parent_group_id", "in": "query", - "name": "query", "type": "string" }, { - "default": false, + "name": "size", "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" + "type": "integer", + "default": 20 }, { - "default": false, + "name": "from", "in": "query", - "name": "has_notes", - "type": "boolean" + "type": "string" } ], + "tags": [ + "identifiers" + ] + } + }, + "/firework/v3/identifiers/{identifier_id}": { + "parameters": [ + { + "name": "identifier_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "get": { "responses": { "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "properties": { + "identifier": { + "$ref": "#/definitions/Identifier" + } + } } - }, - "403": { - "description": "Forbidden.", + } + }, + "operationId": "get_identifier_endpoint_/identifiers/", + "tags": [ + "identifiers" + ] + } + }, + "/firework/v3/identifiers/{identifier_id}/children": { + "parameters": [ + { + "name": "identifier_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "get": { + "responses": { + "200": { + "description": "Success", "schema": { - "$ref": "#/definitions/HttpError" + "$ref": "#/definitions/IdentifierChildren" } } }, + "operationId": "get_identifier_children_api_/identifiers//children", "tags": [ - "assets" + "identifiers" ] - }, + } + }, + "/firework/v3/identifiers/{identifier_id}/feed/credentials": { "parameters": [ { + "name": "identifier_id", "in": "path", - "name": "asset_uuid", "required": true, - "type": "string" + "type": "integer" } ], "post": { - "operationId": "post_asset_feeds_api_/assets//feed", - "parameters": [ - { - "collectionFormat": "multi", - "description": "Fields to includes in the results in a dotted form. For example, \"data.actor_name\" will include items similar to:```json\n \"items\": [{\n \"data\": {\n \"actor_name\": \"Seller123\"\n }\n }]\n ```\n\n By default, all fields are included in the response.\n ", - "in": "query", - "items": { - "type": "string" - }, - "name": "fields", - "type": "array" - }, - { - "description": " The `time` parameter is used to limit results to those found in the provided time span. \n\n *Expected format* : from@to \n\n *Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z", - "in": "query", - "name": "time", - "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is used to limit the number of results returned for the search query.", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The `search_after` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `search_after` parameter in your next request with the latest response's `search_after` value to get the next page of results.", - "in": "query", - "name": "search_after", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, include the `from` parameter in your next request with the latest response's `next` value to get the next page of results.", - "in": "query", - "name": "from", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "User defined tags used to filter search results", - "in": "query", - "items": { - "type": "string" - }, - "name": "tags", - "type": "array" - }, - { - "description": "User defined operator to apply to tags filter", - "in": "query", - "name": "tags_query_operator", - "type": "string" - }, - { - "collectionFormat": "multi", - "description": "\nType of activities to search through.\n\n*Expected values* : attachment, listing, ransomleak, forum_post, forum_topic, forum_profile, blog_post, seller, paste, leak, chat_message, domain, bot, stealer_log, infected_devices, driller, driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin, financial_data, leaked_data, leaked_file, document, account, actor, forum_content, blog_content, profile, leaked_credential, illicit_networks, open_web, domains, leaks, social_media_account, social_media, source_code, source_code_secrets_np, source_code_secrets, source_code_files, docker, stack_exchange, google, service, driller_host, buckets, bucket, bucket_object, whois, cookie, pii, experimental\n\n*Some search types contain others*\n- illicit_networks: listing, forum_topic, seller, stealer_log, blog_post, ransomleak, forum_post, bot, financial_data, chat_message, forum_profile\n- open_web: stack_exchange, paste, source_code_files, service, source_code_secrets, social_media_account, google, bucket_object, docker, bucket\n- leaks: leak\n- domains: domain\n", - "enum": [ - "attachment", - "listing", - "ransomleak", - "forum_post", - "forum_topic", - "forum_profile", - "blog_post", - "seller", - "paste", - "leak", - "chat_message", - "domain", - "bot", - "stealer_log", - "infected_devices", - "driller", - "driller_forum_topic", - "driller_forum_post", - "driller_profile", - "cc", - "ccbin", - "financial_data", - "leaked_data", - "leaked_file", - "document", - "account", - "actor", - "forum_content", - "blog_content", - "profile", - "leaked_credential", - "illicit_networks", - "open_web", - "domains", - "leaks", - "social_media_account", - "social_media", - "source_code", - "source_code_secrets_np", - "source_code_secrets", - "source_code_files", - "docker", - "stack_exchange", - "google", - "service", - "driller_host", - "buckets", - "bucket", - "bucket_object", - "whois", - "ad", - "ads", - "cookie", - "pii", - "experimental" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/PaginatedCredentials" + } + } + }, + "operationId": "post_leaked_credentials_feed_endpoint_/identifiers//feed/credentials", + "tags": [ + "identifiers" + ] + }, + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/PaginatedCredentials" + } + } + }, + "operationId": "get_leaked_credentials_feed_endpoint_/identifiers//feed/credentials", + "parameters": [ { - "collectionFormat": "multi", - "description": "Type of experimental activities to search through.", + "name": "size", "in": "query", - "items": { - "type": "string" - }, - "name": "experimental_types", - "type": "array" + "type": "integer", + "default": 20 }, { - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], + "name": "from", "in": "query", - "name": "event_action", "type": "string" - }, + } + ], + "tags": [ + "identifiers" + ] + } + }, + "/firework/v3/identifiers/{identifier_id}/relations": { + "parameters": [ + { + "name": "identifier_id", + "in": "path", + "required": true, + "type": "integer" + } + ], + "get": { + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/PaginatedIdentifierRelations" + } + } + }, + "operationId": "get_identifier_relations_endpoint_/identifiers//relations", + "parameters": [ { - "collectionFormat": "multi", - "enum": [ - "default", - "ignored", - "remediated", - "risk_score_edited", - "exclude_ignored", - "ignored_or_remediated" - ], + "name": "properties", "in": "query", + "type": "array", + "default": [], "items": { "type": "string" }, - "name": "event_actions", - "type": "array" - }, - { "collectionFormat": "multi", "enum": [ - 1, - 2, - 3, - 4, - 5 - ], - "in": "query", - "items": { - "type": "integer" - }, - "name": "risks", - "type": "array" + "recent", + "interest", + "resolves", + "reachable", + "unresolvable", + "unreachable" + ] }, { - "default": "desc", - "enum": [ - "asc", - "desc" - ], + "name": "types", "in": "query", - "name": "order", - "type": "string" - }, - { - "default": "created", + "type": "array", + "default": [], + "items": { + "type": "string" + }, + "collectionFormat": "multi", "enum": [ - "created", - "indexed", - "updated", - "alertable-materialized", - "materialized", - "searchable" - ], - "in": "query", - "name": "sort_by", - "type": "string" + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] }, { - "default": true, + "name": "is_disabled", "in": "query", - "name": "use_global_policies", - "type": "boolean" + "type": "boolean", + "default": false }, { - "description": "The time zone used to compute the statistics.", + "name": "q", "in": "query", - "name": "time_zone", "type": "string" }, { - "description": "Query used to filter results. Search query uses the [Lucene query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax) syntax.", + "name": "exact_matches_only", "in": "query", - "name": "query", - "type": "string" + "type": "boolean", + "default": false }, { - "default": false, + "name": "size", "in": "query", - "name": "has_modified_risk_score", - "type": "boolean" + "type": "integer", + "description": "How many children to fetch", + "default": 10 }, { - "default": false, + "name": "from", "in": "query", - "name": "has_notes", - "type": "boolean" + "type": "string", + "description": "The reversed fqdn to start searching from" + } + ], + "tags": [ + "identifiers" + ] + } + } + }, + "info": { + "title": "Firework API", + "version": "v3", + "description": "\nManage and access Firework resources.\n\n### Steps to use the Api\n\n1. `Send` a POST request to `https://api.flare.systems/tokens/generate` with your **Firework** credentials using [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to get a authentication token.\n---\n2. On the current page, click on the **Authorize** button and insert the token using the following format: `Bearer {token}`\n\n Example value: `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.Et9HFtf9R3GEMA0IICOfFMVXY7kkTX1wr4qCyhIf58U`\n---\n3. You should now be able to use SwaggerUI's built-in tools to query the documented endpoints.\n" + }, + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "securityDefinitions": { + "BearerAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, + "security": [ + { + "BearerAuth": [] + } + ], + "tags": [ + { + "name": "identifiers", + "description": "Read and manage a tenant's identifiers" + }, + { + "name": "activities", + "description": "Perform actions on activities." + }, + { + "name": "batch", + "description": "Get batches of activities." + }, + { + "name": "assets", + "description": "Manage and query assets." + } + ], + "definitions": { + "Asset": { + "required": [ + "asset_type" + ], + "properties": { + "uuid": { + "type": "string" + }, + "asset_type": { + "type": "string", + "example": "github_repository", + "enum": [ + "github_repository", + "username", + "user_id", + "domain", + "brand", + "name", + "keyword", + "search_query", + "bin", + "ip", + "email", + "account", + "secret", + "credentials", + "favicon", + "screenshot", + "azure_tenant", + "thread", + "actor", + "cve", + "identity", + "forum_thread" + ] + }, + "data": { + "$ref": "#/definitions/AssetData" + }, + "enrichments": { + "type": "object" + }, + "cursor": { + "type": "string" + } + }, + "type": "object" + }, + "AssetData": { + "properties": { + "repo_name": { + "type": "string" + }, + "repo_owner": { + "type": "string" + }, + "fqdn": { + "type": "string" + }, + "name": { + "type": "string" + }, + "first_name": { + "type": "string" + }, + "last_name": { + "type": "string" + }, + "email": { + "type": "string" + }, + "keyword": { + "type": "string" + }, + "search_query": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "bin": { + "type": "integer" + }, + "ip": { + "type": "string" + }, + "asset_url": { + "type": "string" + }, + "username": { + "type": "string" + }, + "site": { + "type": "string" + }, + "profile_url": { + "type": "string" + }, + "tenant_id": { + "type": "string" + } + }, + "type": "object" + }, + "AssetRelations": { + "properties": { + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/AssetRelation" } - ], - "responses": { - "200": { - "description": "Returns the search result(s).", - "schema": { - "$ref": "#/definitions/Search" - } - }, - "400": { - "description": "Query is invalid.", - "schema": { - "$ref": "#/definitions/HttpError" - } - }, - "403": { - "description": "Forbidden.", - "schema": { - "$ref": "#/definitions/HttpError" - } + }, + "next": { + "type": "string" + } + }, + "type": "object" + }, + "AssetRelation": { + "required": [ + "type" + ], + "properties": { + "uuid": { + "type": "string" + }, + "source_uuid": { + "type": "string" + }, + "source_type": { + "type": "string" + }, + "target_type": { + "type": "string" + }, + "target_uuid": { + "type": "string" + }, + "target_data": { + "$ref": "#/definitions/AssetData" + }, + "source_data": { + "$ref": "#/definitions/AssetData" + }, + "type": { + "type": "string", + "example": "subdomain_of", + "enum": [ + "subdomain_of", + "mentioned_in", + "contributed_to", + "commits_with", + "found_from", + "resolves_to", + "has_account_on", + "has_favicon", + "has_screenshot", + "looks_like", + "links_to_azure_tenant", + "owns", + "uses", + "consists_of", + "related_to" + ] + }, + "metadata": { + "$ref": "#/definitions/AssetRelationMetadata" + }, + "params": { + "$ref": "#/definitions/AssetRelationParams" + } + }, + "type": "object" + }, + "AssetRelationMetadata": { + "properties": { + "first_seen_at": { + "type": "string", + "format": "date-time" + }, + "last_seen_at": { + "type": "string", + "format": "date-time" + } + }, + "type": "object" + }, + "AssetRelationParams": { + "properties": { + "number_of_leaked_secrets": { + "type": "integer" + }, + "number_of_commits": { + "type": "integer" + }, + "number_of_mentions": { + "type": "integer" + }, + "number_of_domain_commits": { + "type": "integer" + }, + "number_of_email_commits": { + "type": "integer" + }, + "number_of_domain_emails": { + "type": "integer" + }, + "number_of_github_projects": { + "type": "integer" + } + }, + "type": "object" + }, + "HttpError": { + "properties": { + "message": { + "type": "string" + }, + "code": { + "type": "string" + } + }, + "type": "object" + }, + "Search": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "object" } }, - "tags": [ - "assets" - ] - } + "nb_hits": { + "type": "integer" + }, + "links": { + "$ref": "#/definitions/SearchLinks" + }, + "search_after": { + "type": "string" + } + }, + "type": "object" }, - "/firework/v3/assets/{asset_uuid}/relations": { - "get": { - "operationId": "get_asset_relations_api_/assets//relations", - "parameters": [ - { - "description": "The `type` parameter is used to filter which type of relation we want to list \n\n", - "enum": [ - "subdomain_of", - "mentioned_in", - "contributed_to", - "commits_with", - "found_from", - "resolves_to", - "has_account_on", - "has_favicon", - "has_screenshot", - "looks_like", - "links_to_azure_tenant", - "owns", - "uses", - "consists_of", - "related_to" - ], - "in": "query", - "name": "type", - "type": "string" - }, - { - "description": "The `related_type` parameter is used to filter which type of assets related we want to list \n\n", + "SearchLinks": { + "properties": { + "next": { + "type": "string" + } + }, + "type": "object" + }, + "IdentifierChildren": { + "properties": { + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/IdentifierChild" + } + }, + "next": { + "type": "string" + } + }, + "type": "object" + }, + "IdentifierChild": { + "properties": { + "metadata": { + "$ref": "#/definitions/AssetRelationMetadata" + }, + "child_identifier": { + "$ref": "#/definitions/Identifier" + } + }, + "type": "object" + }, + "Identifier": { + "required": [ + "asset_uuid", + "data", + "data_updated_at", + "name", + "search_types", + "source", + "type" + ], + "properties": { + "id": { + "type": "integer" + }, + "tenant_id": { + "type": "integer" + }, + "feed_id": { + "type": "integer" + }, + "feed_owner_id": { + "type": "integer" + }, + "type": { + "type": "string", + "example": "domain", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] + }, + "search_types": { + "type": "array", + "items": { + "type": "string", + "example": "attachment", "enum": [ - "github_repository", - "username", - "user_id", + "attachment", + "listing", + "ransomleak", + "forum_post", + "forum_topic", + "forum_profile", + "blog_post", + "seller", + "paste", + "leak", + "chat_message", "domain", - "brand", - "name", - "keyword", - "search_query", - "bin", - "ip", - "email", + "bot", + "stealer_log", + "infected_devices", + "driller", + "driller_forum_topic", + "driller_forum_post", + "driller_profile", + "cc", + "ccbin", + "financial_data", + "leaked_data", + "leaked_file", + "document", "account", - "secret", - "credentials", - "favicon", - "screenshot", - "azure_tenant", - "thread", "actor", - "cve", - "identity", - "forum_thread" - ], - "in": "query", - "name": "related_type", + "forum_content", + "blog_content", + "profile", + "leaked_credential", + "illicit_networks", + "open_web", + "domains", + "leaks", + "social_media_account", + "social_media", + "source_code", + "source_code_secrets_np", + "source_code_secrets", + "source_code_files", + "docker", + "stack_exchange", + "google", + "service", + "driller_host", + "buckets", + "bucket", + "bucket_object", + "whois", + "cookie", + "pii", + "experimental" + ] + } + }, + "experimental_search_types": { + "type": "array", + "items": { "type": "string" - }, - { - "default": 10, - "description": "The `size` parameter is the maximum results returned \n\n", - "in": "query", - "name": "size", + } + }, + "risks": { + "type": "array", + "items": { "type": "integer" - }, - { - "default": "desc", - "description": "The `order` parameter is used to define the order of the results. \n\nResults are ordered by the time the relation was first found. By default the results are ordered from the most recent to the oldest (desc)", - "in": "query", - "name": "order", - "type": "string" - }, - { - "description": "The `from` parameter is used to paginate through results. \n\nTo get the first page of results, omit this parameter. Afterward, use the latest response's `next` attribute for the next `from` value to use to get the next page of results.", - "in": "query", - "name": "from", + } + }, + "name": { + "type": "string", + "minLength": 1 + }, + "asset_uuid": { + "type": "string" + }, + "data": { + "type": "object" + }, + "identifier_group_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "fetching_progress": { + "type": "integer" + }, + "count": { + "type": "integer" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the identifier." + }, + "is_disabled": { + "type": "boolean" + }, + "is_critical": { + "type": "boolean" + }, + "source": { + "type": "string", + "example": "USER", + "enum": [ + "USER", + "SYSTEM_RELATION", + "SELF_ONBOARDING", + "ATTRIBUTE", + "IDP_SYNC" + ] + }, + "enrichments": { + "type": "object" + }, + "data_updated_at": { + "type": "string", + "format": "date-time" + }, + "event_count": { + "type": "integer" + }, + "first_rate_limited_at": { + "type": "string", + "format": "date-time" + }, + "rate_limits": { + "$ref": "#/definitions/IdentifierRateLimits" + } + }, + "type": "object" + }, + "IdentifierRateLimits": { + "properties": { + "first_rate_limited_at": { + "type": "string", + "format": "date-time" + }, + "last_rate_limited_at": { + "type": "string", + "format": "date-time" + }, + "activity_types": { + "type": "array", + "items": { "type": "string" - }, - { - "default": true, - "description": "The `include_data` parameter is to include asset data in the response \n\n", - "in": "query", - "name": "include_data", - "type": "boolean" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/AssetRelations" - } + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/IdentifierRateLimit" } + } + }, + "type": "object" + }, + "IdentifierRateLimit": { + "required": [ + "activity_type", + "first_rate_limited_at", + "last_rate_limited_at" + ], + "properties": { + "first_rate_limited_at": { + "type": "string", + "format": "date-time" + }, + "last_rate_limited_at": { + "type": "string", + "format": "date-time" + }, + "activity_type": { + "type": "string" + } + }, + "type": "object" + }, + "PaginatedIdentifiers": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/Identifier" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "PaginatedIdentifierGroupsWithCounts": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/IdentifierGroupWithCounts" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "IdentifierGroupWithCounts": { + "properties": { + "group": { + "$ref": "#/definitions/IdentifierGroup" + }, + "identifier_count": { + "type": "integer" + }, + "total_identifier_count": { + "type": "integer" + }, + "rate_limited_identifiers_count": { + "type": "integer" }, - "tags": [ - "assets" - ] + "event_count": { + "type": "integer" + } }, - "parameters": [ - { - "in": "path", - "name": "asset_uuid", - "required": true, + "type": "object" + }, + "IdentifierGroup": { + "properties": { + "id": { + "type": "integer" + }, + "tenant_id": { + "type": "integer" + }, + "feed_id": { + "type": "integer" + }, + "feed_owner_id": { + "type": "integer" + }, + "name": { "type": "string" + }, + "urn": { + "type": "string", + "description": "The uniform resource name of the identifier group." + }, + "parent_group_id": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + }, + "group_type": { + "type": [ + "string", + "null" + ], + "example": "nullable string", + "enum": [ + null, + "person", + "corporate_identities" + ] } - ] + }, + "type": "object" }, - "/firework/v3/batch/chat_message/telegram/{conversation_id}/{batch_id}": { - "get": { - "operationId": "get_chat_message_batch_endpoint_/batch/chat_message/telegram//", - "responses": { - "200": { - "description": "Returns a list of messages matching a conversation id and batch id" - } + "PaginatedIdentifierRelations": { + "properties": { + "next": { + "type": "string" }, - "tags": [ - "batch" - ] + "items": { + "$ref": "#/definitions/Identifier" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } }, - "parameters": [ - { - "in": "path", - "name": "conversation_id", - "required": true, - "type": "string" + "type": "object" + }, + "BulkActionFilters": { + "properties": { + "recommendation_state": { + "type": "string", + "example": "recommended", + "enum": [ + "recommended", + "accepted", + "rejected" + ] }, - { - "in": "path", - "name": "batch_id", - "required": true, + "types": { + "type": "string", + "example": "domain", + "enum": [ + "domain", + "brand", + "name", + "keyword", + "github_repository", + "username", + "email", + "search_query", + "bin", + "ip", + "secret", + "azure_tenant", + "identity" + ] + }, + "q": { "type": "string" } - ] + }, + "type": "object" }, - "/firework/v3/identifiers/": { - "get": { - "operationId": "get_identifiers_endpoint_/identifiers/", - "parameters": [ - { - "default": "ALL", - "enum": [ - "ALL", - "USER", - "SYSTEM", - "USER_AND_ATTRIBUTE" - ], - "in": "query", - "name": "source_group", - "type": "string" - }, - { - "default": "id", - "enum": [ - "id", - "name", - "type" - ], - "in": "query", - "name": "order_by", - "type": "string" - }, - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "recent", - "interest", - "resolves", - "reachable", - "unresolvable", - "unreachable" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "properties", - "type": "array" - }, - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "default": false, - "in": "query", - "name": "is_disabled", - "type": "boolean" - }, - { - "in": "query", - "name": "q", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "exact_matches_only", - "type": "boolean" - }, - { - "in": "query", - "name": "parent_group_id", - "type": "string" - }, - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", - "type": "string" - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedIdentifiers" - } - } + "PaginatedCredentials": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/LeakActivityCredential" + }, + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" + } + }, + "type": "object" + }, + "LeakActivityCredential": { + "required": [ + "id", + "identity_name", + "imported_at", + "source_id" + ], + "properties": { + "id": { + "type": "integer" + }, + "source_id": { + "type": "string" + }, + "imported_at": { + "type": "string" + }, + "identity_name": { + "type": "string" + }, + "hash": { + "type": "string" + }, + "domain": { + "type": "string" }, - "tags": [ - "identifiers" - ] - } + "source": { + "$ref": "#/definitions/source" + }, + "remediated_at": { + "type": "string", + "format": "date-time" + }, + "ignored_at": { + "type": "string", + "format": "date-time" + }, + "known_password_id": { + "type": "integer" + } + }, + "type": "object" }, - "/firework/v3/identifiers/groups": { - "get": { - "operationId": "get_identifier_groups_endpoint_/identifiers/groups", - "parameters": [ - { - "default": "ALL", - "enum": [ - "ALL", - "USER", - "SYSTEM", - "USER_AND_ATTRIBUTE" - ], - "in": "query", - "name": "source_group", - "type": "string" - }, - { - "default": "id", - "enum": [ - "id", - "name", - "type" - ], - "in": "query", - "name": "order_by", - "type": "string" - }, - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "recent", - "interest", - "resolves", - "reachable", - "unresolvable", - "unreachable" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "properties", - "type": "array" - }, - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "default": false, - "in": "query", - "name": "ignore_empty_groups", - "type": "boolean" - }, - { - "default": false, - "in": "query", - "name": "is_disabled", - "type": "boolean" - }, - { - "in": "query", - "name": "q", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "exact_matches_only", - "type": "boolean" - }, - { - "in": "query", - "name": "parent_group_id", - "type": "string" - }, - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", + "source": { + "required": [ + "id" + ], + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "description_en": { + "type": "string" + }, + "description_fr": { + "type": "string" + }, + "breached_at": { + "type": "string" + }, + "leaked_at": { + "type": "string" + }, + "pii_tags": { + "type": "array", + "items": { "type": "string" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedIdentifierGroupsWithCounts" - } - } - }, - "tags": [ - "identifiers" - ] - } + } + }, + "type": "object" }, - "/firework/v3/identifiers/{identifier_id}": { - "get": { - "operationId": "get_identifier_endpoint_/identifiers/", - "responses": { - "200": { - "description": "Success", - "schema": { - "properties": { - "identifier": { - "$ref": "#/definitions/Identifier" - } - } - } + "IdentifierRecommendation": { + "properties": { + "id": { + "type": "integer" + }, + "asset_id": { + "type": "integer" + }, + "asset": { + "$ref": "#/definitions/Asset" + }, + "tenant_id": { + "type": "integer" + }, + "reasons": { + "type": "array", + "items": { + "$ref": "#/definitions/Reason" } }, - "tags": [ - "identifiers" - ] + "state": { + "type": "string", + "example": "recommended", + "enum": [ + "recommended", + "accepted", + "rejected" + ] + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "asset_name": { + "type": "string" + }, + "recommendation_group_id": { + "type": "integer" + } }, - "parameters": [ - { - "in": "path", - "name": "identifier_id", - "required": true, + "type": "object" + }, + "Reason": { + "properties": { + "from_identifier_id": { "type": "integer" + }, + "from_asset_name": { + "type": "string" + }, + "recommendation_pipeline_id": { + "type": "string", + "example": "email_from_domain", + "enum": [ + "email_from_domain", + "username_from_email", + "email_from_username", + "activity_discovery", + "subdomain_from_domain", + "azure_tenant_from_domain", + "domain_from_azure_tenant" + ] + }, + "seen_at": { + "type": "string", + "format": "date-time" } - ] + }, + "type": "object" }, - "/firework/v3/identifiers/{identifier_id}/children": { - "get": { - "operationId": "get_identifier_children_api_/identifiers//children", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/IdentifierChildren" - } + "IdentifierRecommendationGroupWithEnrichments": { + "properties": { + "id": { + "type": "integer" + }, + "tenant_id": { + "type": "integer" + }, + "asset_id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "asset_type": { + "type": "string" + }, + "filtered_recommendations_count": { + "type": "integer" + }, + "total_recommendations_count": { + "type": "integer" + }, + "available_asset_types": { + "type": "array", + "items": { + "type": "string" } }, - "tags": [ - "identifiers" - ] + "last_updated_at": { + "type": "string", + "format": "date-time" + } }, - "parameters": [ - { - "in": "path", - "name": "identifier_id", - "required": true, + "type": "object" + }, + "IdentifierRecommendationGroup": { + "properties": { + "id": { "type": "integer" + }, + "tenant_id": { + "type": "integer" + }, + "asset_id": { + "type": "integer" + }, + "name": { + "type": "string" } - ] + }, + "type": "object" }, - "/firework/v3/identifiers/{identifier_id}/feed/credentials": { - "get": { - "operationId": "get_leaked_credentials_feed_endpoint_/identifiers//feed/credentials", - "parameters": [ - { - "default": 20, - "in": "query", - "name": "size", - "type": "integer" - }, - { - "in": "query", - "name": "from", - "type": "string" - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedCredentials" - } - } + "CollectionUpdate": { + "properties": { + "type": { + "type": "string" }, - "tags": [ - "identifiers" - ] + "date": { + "type": "string" + }, + "content": { + "type": "string" + } }, - "parameters": [ - { - "in": "path", - "name": "identifier_id", - "required": true, + "type": "object" + }, + "MonitoredChannel": { + "properties": { + "conversation_id": { "type": "integer" - } - ], - "post": { - "operationId": "post_leaked_credentials_feed_endpoint_/identifiers//feed/credentials", - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedCredentials" - } - } }, - "tags": [ - "identifiers" - ] - } + "conversation_uid": { + "type": "string" + }, + "source": { + "type": "string" + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "category": { + "type": "string" + }, + "subcategory": { + "type": "string" + }, + "last_crawled_at": { + "type": "string", + "format": "date-time" + }, + "message_count": { + "type": "integer" + }, + "member_count": { + "type": "integer" + } + }, + "type": "object" }, - "/firework/v3/identifiers/{identifier_id}/relations": { - "get": { - "operationId": "get_identifier_relations_endpoint_/identifiers//relations", - "parameters": [ - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "recent", - "interest", - "resolves", - "reachable", - "unresolvable", - "unreachable" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "properties", - "type": "array" - }, - { - "collectionFormat": "multi", - "default": [], - "enum": [ - "domain", - "brand", - "name", - "keyword", - "github_repository", - "username", - "email", - "search_query", - "bin", - "ip", - "secret", - "azure_tenant", - "identity" - ], - "in": "query", - "items": { - "type": "string" - }, - "name": "types", - "type": "array" - }, - { - "default": false, - "in": "query", - "name": "is_disabled", - "type": "boolean" - }, - { - "in": "query", - "name": "q", - "type": "string" - }, - { - "default": false, - "in": "query", - "name": "exact_matches_only", - "type": "boolean" - }, - { - "default": 10, - "description": "How many children to fetch", - "in": "query", - "name": "size", - "type": "integer" - }, - { - "description": "The reversed fqdn to start searching from", - "in": "query", - "name": "from", + "PaginatedCursoredCredentials": { + "properties": { + "next": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/LeakActivityCredential" + }, + "cursors": { + "type": "array", + "items": { "type": "string" } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/PaginatedIdentifierRelations" - } - } }, - "tags": [ - "identifiers" - ] - }, - "parameters": [ - { - "in": "path", - "name": "identifier_id", - "required": true, - "type": "integer" + "total_count": { + "type": [ + "integer", + "null" + ], + "example": "nullable integer" } - ] + }, + "type": "object" } }, - "produces": [ - "application/json" - ], "responses": { - "HTTPException": { - "description": "" + "ParseError": { + "description": "When a mask can't be parsed" }, "MaskError": { "description": "When any error occurs on mask" }, - "ParseError": { - "description": "When a mask can't be parsed" + "HTTPException": { + "description": "" } }, + "host": "api.flare.io", "schemes": [ "https" - ], - "security": [ - { - "BearerAuth": [] - } - ], - "securityDefinitions": { - "BearerAuth": { - "in": "header", - "name": "Authorization", - "type": "apiKey" - } - }, - "swagger": "2.0", - "tags": [ - { - "description": "Read and manage a tenant's identifiers", - "name": "identifiers" - }, - { - "description": "Perform actions on activities.", - "name": "activities" - }, - { - "description": "Get batches of activities.", - "name": "batch" - }, - { - "description": "Manage and query assets.", - "name": "assets" - } ] } diff --git a/docs/api-reference/spec/firework-v4-openapi.json b/docs/api-reference/spec/firework-v4-openapi.json index a46a712..d09351e 100644 --- a/docs/api-reference/spec/firework-v4-openapi.json +++ b/docs/api-reference/spec/firework-v4-openapi.json @@ -894,6 +894,33 @@ "type": "integer", "title": "Tenant Id" } + }, + { + "name": "from", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "From" + } + }, + { + "name": "size", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "default": 10, + "title": "Size" + } } ], "responses": { @@ -902,15 +929,7 @@ "content": { "application/json": { "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/InviteLinkResponse" - }, - { - "type": "null" - } - ], - "title": "Response Get Tenant Flare Community Invite Link Admin Tenants Tenant Id Flare Community Invite Link Get" + "$ref": "#/components/schemas/PaginatedResults_InviteLinkResponse__datetime_" } } } @@ -960,7 +979,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InviteLinkResponse" + "$ref": "#/components/schemas/CreateInviteLinkResponse" } } } @@ -1192,7 +1211,7 @@ "in": "query", "required": false, "schema": { - "$ref": "#/components/schemas/pyro__threat_flow__core__reports__report_store__SortType", + "$ref": "#/components/schemas/SortType", "default": "id" } }, @@ -1329,6 +1348,109 @@ } } }, + "/firework/v4/admin/hubspot/sync": { + "post": { + "tags": [ + "public", + "team=experience" + ], + "summary": "Hubspot Force Sync For Organization", + "operationId": "hubspot_force_sync_for_organization_admin_hubspot_sync_post", + "parameters": [ + { + "name": "hubspot_company_id", + "in": "query", + "required": true, + "schema": { + "type": "integer", + "title": "Hubspot Company Id" + } + }, + { + "name": "domain", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Domain" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "boolean", + "title": "Response Hubspot Force Sync For Organization Admin Hubspot Sync Post" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/admin/hubspot/do_sync": { + "post": { + "tags": [ + "public", + "team=experience" + ], + "summary": "Hubspot Do Sync", + "operationId": "hubspot_do_sync_admin_hubspot_do_sync_post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HubspotDoSyncRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "type": "boolean", + "title": "Response Hubspot Do Sync Admin Hubspot Do Sync Post" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, "/firework/v4/actors/{actor_name}/profile": { "get": { "tags": [ @@ -1347,22 +1469,28 @@ } }, { - "name": "sources", + "name": "actor_id", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Actor Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" } } ], @@ -1372,7 +1500,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActorMetadata" + "$ref": "#/components/schemas/FrontendActorMetadata" } } } @@ -1407,6 +1535,22 @@ "title": "Actor Name" } }, + { + "name": "aggregate_by", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/StatsAggregates" + }, + { + "type": "null" + } + ], + "title": "Aggregate By" + } + }, { "name": "times", "in": "query", @@ -1478,38 +1622,28 @@ } }, { - "name": "sources", + "name": "actor_id", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Actor Id" } }, { - "name": "aggregate_by", + "name": "source", "in": "query", - "required": false, + "required": true, "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/StatsAggregates" - }, - { - "type": "null" - } - ], - "title": "Aggregate By" + "type": "string", + "title": "Source" } } ], @@ -1625,22 +1759,28 @@ } }, { - "name": "sources", + "name": "actor_id", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Actor Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" } } ], @@ -1690,22 +1830,28 @@ } }, { - "name": "sources", + "name": "actor_id", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Actor Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" } } ], @@ -1898,26 +2044,23 @@ } }, { - "name": "sources", + "name": "times", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Times" } }, { - "name": "times", + "name": "time_zone", "in": "query", "required": false, "schema": { @@ -1929,49 +2072,96 @@ "type": "null" } ], - "title": "Times" + "title": "Time Zone" } }, { - "name": "time_zone", + "name": "search_types", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "string" + "type": "array", + "items": { + "$ref": "#/components/schemas/SearchType" + } }, { "type": "null" } ], - "title": "Time Zone" - } - } - ], - "responses": { - "200": { - "description": "Successful Response", - "content": { - "application/json": { - "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/ActorHeatmapData" - }, - { - "type": "null" - } - ], - "title": "Response Get Actor Heatmap Actors Actor Name Heatmap Get" - } - } + "title": "Search Types" } }, - "422": { - "description": "Validation Error", - "content": { - "application/json": { + { + "name": "risk_scores", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/RiskScore" + } + }, + { + "type": "null" + } + ], + "title": "Risk Scores" + } + }, + { + "name": "actor_id", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Actor Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/ActorHeatmapData" + }, + { + "type": "null" + } + ], + "title": "Response Get Actor Heatmap Actors Actor Name Heatmap Get" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { "schema": { "$ref": "#/components/schemas/HTTPValidationError" } @@ -1999,22 +2189,28 @@ } }, { - "name": "sources", + "name": "actor_id", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "array", - "items": { - "type": "string" - } + "type": "string" }, { "type": "null" } ], - "title": "Sources" + "title": "Actor Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" } } ], @@ -2780,7 +2976,7 @@ "$ref": "#/components/schemas/UsernameData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Input" }, { "$ref": "#/components/schemas/SecretData" @@ -3192,21 +3388,127 @@ } } }, - "/firework/v4/events/": { + "/firework/v4/entities": { "get": { "tags": [ - "public" + "private" ], - "summary": "Get Event", - "operationId": "get_event_events__get", + "summary": "List Entities", + "operationId": "list_entities_entities_get", "parameters": [ { - "name": "uid", + "name": "query", "in": "query", - "required": true, + "required": false, "schema": { "type": "string", - "title": "Uid" + "default": "", + "title": "Query" + } + }, + { + "name": "types", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/EntityType" + } + }, + { + "type": "null" + } + ], + "title": "Types" + } + }, + { + "name": "updated_at_time_range", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/TimeRangeType" + }, + { + "type": "null" + } + ], + "title": "Updated At Time Range" + } + }, + { + "name": "sources", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "null" + } + ], + "title": "Sources" + } + }, + { + "name": "sort_by_key", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Sort By Key" + } + }, + { + "name": "sort_by_direction", + "in": "query", + "required": false, + "schema": { + "$ref": "#/components/schemas/OrderType", + "default": "desc" + } + }, + { + "name": "search_after", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Search After" + } + }, + { + "name": "size", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "default": 10, + "title": "Size" } } ], @@ -3216,26 +3518,7 @@ "content": { "application/json": { "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/pyro__events__firework__stealerlog__StealerLogEvent" - }, - { - "$ref": "#/components/schemas/RansomLeakEvent" - }, - { - "$ref": "#/components/schemas/LookalikeDomainEvent" - } - ], - "discriminator": { - "propertyName": "event_type", - "mapping": { - "stealer_log": "#/components/schemas/pyro__events__firework__stealerlog__StealerLogEvent", - "ransomleak": "#/components/schemas/RansomLeakEvent", - "lookalike": "#/components/schemas/LookalikeDomainEvent" - } - }, - "title": "Response Get Event Events Get" + "$ref": "#/components/schemas/PaginatedResults_EntityBrowserResponse__str_" } } } @@ -3253,48 +3536,76 @@ } } }, - "/firework/v4/events/ui": { + "/firework/v4/entities/count": { "get": { "tags": [ "private" ], - "summary": "Get Event Ui", - "operationId": "get_event_ui_events_ui_get", + "summary": "Count Entities", + "operationId": "count_entities_entities_count_get", "parameters": [ { - "name": "uid", + "name": "query", "in": "query", - "required": true, + "required": false, "schema": { "type": "string", - "title": "Uid" + "default": "", + "title": "Query" } }, { - "name": "reveal_full_contents", + "name": "types", "in": "query", "required": false, "schema": { - "type": "boolean", - "default": false, - "title": "Reveal Full Contents" + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/EntityType" + } + }, + { + "type": "null" + } + ], + "title": "Types" } }, { - "name": "search_term", + "name": "updated_at_time_range", "in": "query", "required": false, "schema": { "anyOf": [ { - "type": "string", - "format": "base64url" + "$ref": "#/components/schemas/TimeRangeType" }, { "type": "null" } ], - "title": "Search Term" + "title": "Updated At Time Range" + } + }, + { + "name": "sources", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "null" + } + ], + "title": "Sources" } } ], @@ -3304,7 +3615,8 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StealerLogEvent" + "type": "integer", + "title": "Response Count Entities Entities Count Get" } } } @@ -3322,7 +3634,149 @@ } } }, - "/firework/v4/events/tenant/_search": { + "/firework/v4/events/": { + "get": { + "tags": [ + "public" + ], + "summary": "Get Event", + "operationId": "get_event_events__get", + "parameters": [ + { + "name": "uid", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Uid" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/FinancialEvent" + }, + { + "$ref": "#/components/schemas/LookalikeDomainEvent" + }, + { + "$ref": "#/components/schemas/RansomLeakEvent" + }, + { + "$ref": "#/components/schemas/BucketEvent" + }, + { + "$ref": "#/components/schemas/BlogPostEvent" + }, + { + "$ref": "#/components/schemas/pyro__findings__stealerlogs__datamodels__StealerLogEvent" + } + ], + "discriminator": { + "propertyName": "event_type", + "mapping": { + "cc": "#/components/schemas/FinancialEvent", + "lookalike": "#/components/schemas/LookalikeDomainEvent", + "ransomleak": "#/components/schemas/RansomLeakEvent", + "bucket": "#/components/schemas/BucketEvent", + "blog_post": "#/components/schemas/BlogPostEvent", + "stealer_log": "#/components/schemas/pyro__findings__stealerlogs__datamodels__StealerLogEvent" + } + }, + "title": "Response Get Event Events Get" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/events/ui": { + "get": { + "tags": [ + "private" + ], + "summary": "Get Event Ui", + "operationId": "get_event_ui_events_ui_get", + "parameters": [ + { + "name": "uid", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Uid" + } + }, + { + "name": "reveal_full_contents", + "in": "query", + "required": false, + "schema": { + "type": "boolean", + "default": false, + "title": "Reveal Full Contents" + } + }, + { + "name": "search_term", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string", + "format": "base64url" + }, + { + "type": "null" + } + ], + "title": "Search Term" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StealerLogEvent" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/events/tenant/_search": { "post": { "tags": [ "public" @@ -3833,6 +4287,119 @@ } } }, + "/firework/v4/events/_expand": { + "get": { + "tags": [ + "public", + "team=experience" + ], + "summary": "Expand Event Field", + "operationId": "expand_event_field_events__expand_get", + "parameters": [ + { + "name": "field", + "in": "query", + "required": true, + "schema": { + "$ref": "#/components/schemas/ExpandableField" + } + }, + { + "name": "uid", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Uid" + } + }, + { + "name": "from", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "From" + } + }, + { + "name": "size", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "maximum": 20, + "exclusiveMinimum": 0, + "default": 20, + "title": "Size" + } + }, + { + "name": "reveal_full_contents", + "in": "query", + "required": false, + "schema": { + "type": "boolean", + "default": false, + "title": "Reveal Full Contents" + } + }, + { + "name": "search_term", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Search Term" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/PaginatedResults_StealerLogCredential__str_" + }, + { + "$ref": "#/components/schemas/PaginatedResults_StealerLogCookie__str_" + } + ], + "title": "Response Expand Event Field Events Expand Get" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, "/firework/v4/file_analysis/submit": { "post": { "tags": [ @@ -3872,30 +4439,22 @@ } } }, - "/firework/v4/forum-threads/{forum_thread_id}/metadata": { + "/firework/v4/forum-threads/{uuid}/topic-uid-and-title": { "get": { "tags": [ "private" ], - "summary": "Get Forum Thread Metadata", - "operationId": "get_forum_thread_metadata_forum_threads__forum_thread_id__metadata_get", + "summary": "Get Forum Thread Topic Uid And Title", + "description": "This endpoint is temporary until we migrate all forum thread services to use the asset uuid.", + "operationId": "get_forum_thread_topic_uid_and_title_forum_threads__uuid__topic_uid_and_title_get", "parameters": [ { - "name": "forum_thread_id", + "name": "uuid", "in": "path", "required": true, "schema": { "type": "string", - "title": "Forum Thread Id" - } - }, - { - "name": "source", - "in": "query", - "required": true, - "schema": { - "type": "string", - "title": "Source" + "title": "Uuid" } } ], @@ -3905,7 +4464,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ForumThreadMetadata" + "$ref": "#/components/schemas/ForumThreadTopicUidAndTitlePayload" } } } @@ -3923,12 +4482,63 @@ } } }, - "/firework/v4/forum-threads/{forum_thread_id}/analysis/metadata": { + "/firework/v4/forum-threads/{forum_thread_id}/metadata": { "get": { "tags": [ "private" ], - "summary": "Get Forum Thread Analysis Metadata", + "summary": "Get Forum Thread Metadata", + "operationId": "get_forum_thread_metadata_forum_threads__forum_thread_id__metadata_get", + "parameters": [ + { + "name": "forum_thread_id", + "in": "path", + "required": true, + "schema": { + "type": "string", + "title": "Forum Thread Id" + } + }, + { + "name": "source", + "in": "query", + "required": true, + "schema": { + "type": "string", + "title": "Source" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ForumThreadMetadata" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/forum-threads/{forum_thread_id}/analysis/metadata": { + "get": { + "tags": [ + "private" + ], + "summary": "Get Forum Thread Analysis Metadata", "operationId": "get_forum_thread_analysis_metadata_forum_threads__forum_thread_id__analysis_metadata_get", "parameters": [ { @@ -5129,7 +5739,7 @@ "$ref": "#/components/schemas/CredentialsData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Input" }, { "$ref": "#/components/schemas/UsernameData" @@ -5154,7 +5764,7 @@ "search_query": "#/components/schemas/SearchQueryData", "github_repository": "#/components/schemas/GithubRepositoryData", "credentials": "#/components/schemas/CredentialsData", - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Input", "username": "#/components/schemas/UsernameData", "secret": "#/components/schemas/SecretData", "name": "#/components/schemas/NameData" @@ -7382,7 +7992,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/pyro__firework__backend__api4__reports__report_groups__reports__report_datamodels__ReportResponse" + "$ref": "#/components/schemas/ReportResponse" } } } @@ -7432,7 +8042,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/pyro__firework__backend__api4__reports__report_groups__reports__report_datamodels__ReportResponse" + "$ref": "#/components/schemas/ReportResponse" } } } @@ -7472,7 +8082,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/pyro__firework__backend__api4__reports__report_groups__reports__report_datamodels__ReportResponse" + "$ref": "#/components/schemas/ReportResponse" } } } @@ -7540,7 +8150,7 @@ "in": "query", "required": false, "schema": { - "$ref": "#/components/schemas/SortType", + "$ref": "#/components/schemas/pyro__reports__report_store__SortType", "default": "updated_at" } }, @@ -7767,7 +8377,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/pyro__firework__backend__api4__reports__report_groups__reports__report_datamodels__ReportResponse" + "$ref": "#/components/schemas/ReportResponse" } } } @@ -9294,7 +9904,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ReportResponse" + "$ref": "#/components/schemas/pyro__threat_flow__web__v4__reports__models__ReportResponse" } } } @@ -9384,7 +9994,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ReportResponse" + "$ref": "#/components/schemas/pyro__threat_flow__web__v4__reports__models__ReportResponse" } } } @@ -10035,6 +10645,196 @@ } } } + }, + "/firework/v4/hubspot/flare_sync_webhook": { + "post": { + "tags": [ + "public", + "team=experience" + ], + "summary": "Handle Hubspot Flare Sync Webhook", + "operationId": "handle_hubspot_flare_sync_webhook_hubspot_flare_sync_webhook_post", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HubspotWebhookFlareSyncEvent" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": {} + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/usage/global_search/by_feature": { + "get": { + "tags": [ + "private", + "team=experience" + ], + "summary": "Get Global Search Usage By Feature", + "operationId": "get_global_search_usage_by_feature_usage_global_search_by_feature_get", + "parameters": [ + { + "name": "time", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Time" + } + }, + { + "name": "tenant_id", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Tenant Id" + } + }, + { + "name": "source", + "in": "query", + "required": false, + "schema": { + "$ref": "#/components/schemas/GlobalSearchSource", + "default": "all" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GlobalSearchUsageByFeatureResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } + }, + "/firework/v4/usage/global_search/by_member": { + "get": { + "tags": [ + "private", + "team=experience" + ], + "summary": "Get Global Search Usage By Member", + "operationId": "get_global_search_usage_by_member_usage_global_search_by_member_get", + "parameters": [ + { + "name": "time", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Time" + } + }, + { + "name": "tenant_id", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Tenant Id" + } + }, + { + "name": "source", + "in": "query", + "required": false, + "schema": { + "$ref": "#/components/schemas/GlobalSearchSource", + "default": "all" + } + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GlobalSearchUsageByMemberResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + } + } } }, "components": { @@ -10101,6 +10901,7 @@ "enum": [ "account", "actor", + "actor_entity", "actor_summary", "ad", "attachment", @@ -10116,6 +10917,10 @@ "docker_repository", "document", "domain", + "domain_favicon", + "domain_ip_address", + "domain_screenshot", + "domain_title", "driller", "driller_forum_post", "driller_forum_topic", @@ -10127,8 +10932,9 @@ "forum_category", "forum_post", "forum_profile", - "forum_topic", + "forum_thread_entity", "forum_thread_summary", + "forum_topic", "host", "leak", "leaked_credential", @@ -10358,76 +11164,14 @@ ], "title": "ActorHeatmapData" }, - "ActorMetadata": { + "ActorNetwork": { "properties": { - "first_seen": { - "anyOf": [ - { - "type": "string", - "format": "date-time" - }, - { - "type": "null" - } - ], - "title": "First Seen" - }, - "last_seen": { - "anyOf": [ - { - "type": "string", - "format": "date-time" - }, - { - "type": "null" - } - ], - "title": "Last Seen" - }, - "total_events": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "null" - } - ], - "title": "Total Events" - }, - "is_vetted": { - "type": "boolean", - "title": "Is Vetted", - "default": false - }, - "vetted_sources": { - "items": { - "$ref": "#/components/schemas/EnrichedSource" - }, - "type": "array", - "title": "Vetted Sources", - "default": [] - }, - "active_sources": { - "items": { - "$ref": "#/components/schemas/EnrichedSource" - }, - "type": "array", - "title": "Active Sources", - "default": [] - } - }, - "type": "object", - "title": "ActorMetadata" - }, - "ActorNetwork": { - "properties": { - "nodes": { - "items": { - "$ref": "#/components/schemas/BaseNode" - }, - "type": "array", - "title": "Nodes" + "nodes": { + "items": { + "$ref": "#/components/schemas/BaseNode" + }, + "type": "array", + "title": "Nodes" }, "edges": { "items": { @@ -10446,13 +11190,6 @@ }, "ActorNetworkGenerationPayload": { "properties": { - "sources": { - "items": { - "type": "string" - }, - "type": "array", - "title": "Sources" - }, "actor_id": { "anyOf": [ { @@ -10464,13 +11201,17 @@ ], "title": "Actor Id" }, + "source": { + "type": "string", + "title": "Source" + }, "group_by": { "$ref": "#/components/schemas/GroupByType" } }, "type": "object", "required": [ - "sources", + "source", "group_by" ], "title": "ActorNetworkGenerationPayload" @@ -10537,17 +11278,25 @@ }, "ActorSummariesGenerationPayload": { "properties": { - "sources": { - "items": { - "type": "string" - }, - "type": "array", - "title": "Sources" + "actor_id": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Actor Id" + }, + "source": { + "type": "string", + "title": "Source" } }, "type": "object", "required": [ - "sources" + "source" ], "title": "ActorSummariesGenerationPayload" }, @@ -10590,13 +11339,17 @@ }, "profile": { "anyOf": [ + { + "$ref": "#/components/schemas/GeneralProfileSummaryOutput" + }, { "$ref": "#/components/schemas/ExecutiveSummaryOutput" }, { "type": "null" } - ] + ], + "title": "Profile" }, "heatmap": { "anyOf": [ @@ -11839,7 +12592,7 @@ "$ref": "#/components/schemas/UsernameData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Output" }, { "$ref": "#/components/schemas/SecretData" @@ -11860,7 +12613,7 @@ "brand": "#/components/schemas/BrandData", "credentials": "#/components/schemas/CredentialsData", "domain": "#/components/schemas/DomainData", - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Output", "github_repository": "#/components/schemas/GithubRepositoryData", "identity": "#/components/schemas/IdentityData", "ip": "#/components/schemas/IPData", @@ -12378,6 +13131,89 @@ ], "title": "BinQuery" }, + "BlogPostData": { + "properties": { + "url": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Url", + "description": "The URL of the blog post." + }, + "content": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Content", + "description": "The content of the blog post." + }, + "description": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Description", + "description": "The description of the blog post." + }, + "posted_at": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Posted At", + "description": "The date and time the blog post was posted." + } + }, + "type": "object", + "required": [ + "url", + "content", + "description", + "posted_at" + ], + "title": "BlogPostData" + }, + "BlogPostEvent": { + "properties": { + "event_type": { + "type": "string", + "const": "blog_post", + "title": "Event Type", + "default": "blog_post" + }, + "metadata": { + "$ref": "#/components/schemas/EventMetadata" + }, + "data": { + "$ref": "#/components/schemas/BlogPostData" + } + }, + "type": "object", + "required": [ + "metadata", + "data" + ], + "title": "Blog Post" + }, "BrandData": { "properties": { "type": { @@ -12417,6 +13253,87 @@ ], "title": "BrandQuery" }, + "BucketData": { + "properties": { + "host": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Host", + "description": "The host of the bucket." + }, + "provider": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Provider", + "description": "The provider of the bucket." + } + }, + "type": "object", + "required": [ + "host", + "provider" + ], + "title": "BucketData" + }, + "BucketEvent": { + "properties": { + "event_type": { + "type": "string", + "const": "bucket", + "title": "Event Type", + "default": "bucket" + }, + "metadata": { + "$ref": "#/components/schemas/EventMetadata" + }, + "data": { + "$ref": "#/components/schemas/BucketEventData" + } + }, + "type": "object", + "required": [ + "metadata", + "data" + ], + "title": "Bucket" + }, + "BucketEventData": { + "properties": { + "url": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Url", + "description": "The URL to the bucket." + }, + "bucket": { + "$ref": "#/components/schemas/BucketData" + } + }, + "type": "object", + "required": [ + "url", + "bucket" + ], + "title": "BucketEventData" + }, "BulkActionStatus": { "type": "string", "enum": [ @@ -12461,7 +13378,8 @@ "unremediate", "ignore", "unignore", - "validate_with_idp" + "validate_with_idp", + "authorize" ], "title": "BulkActionType" }, @@ -12503,7 +13421,7 @@ } ], "title": "Created After", - "default": "2026-01-08T20:17:43.618686Z" + "default": "2026-02-01T17:03:39.251436Z" }, "from": { "anyOf": [ @@ -13092,6 +14010,19 @@ ], "title": "CreateDemoTenantRequestBody" }, + "CreateInviteLinkResponse": { + "properties": { + "invite_magic_link": { + "type": "string", + "title": "Invite Magic Link" + } + }, + "type": "object", + "required": [ + "invite_magic_link" + ], + "title": "CreateInviteLinkResponse" + }, "CreateTenantIntegrationPayload": { "properties": { "name": { @@ -13109,7 +14040,15 @@ "default": true }, "params": { - "$ref": "#/components/schemas/EntraIDParams" + "anyOf": [ + { + "$ref": "#/components/schemas/EntraIDParams" + }, + { + "$ref": "#/components/schemas/ForetraceParams" + } + ], + "title": "Params" }, "status": { "anyOf": [ @@ -14057,7 +14996,7 @@ ], "title": "DomainStatus" }, - "EmailData": { + "EmailData-Input": { "properties": { "type": { "type": "string", @@ -14077,6 +15016,25 @@ ], "title": "EmailData" }, + "EmailData-Output": { + "properties": { + "type": { + "type": "string", + "const": "email", + "title": "Type", + "default": "email" + }, + "email": { + "type": "string", + "title": "Email" + } + }, + "type": "object", + "required": [ + "email" + ], + "title": "EmailData" + }, "EmailQuery": { "properties": { "type": { @@ -14379,7 +15337,69 @@ ], "title": "EnrichedSource" }, - "EntraIDFailedValidationDetails": { + "EntityBrowserResponse": { + "properties": { + "uuid": { + "type": "string", + "title": "Uuid" + }, + "type": { + "$ref": "#/components/schemas/EntityType" + }, + "name": { + "type": "string", + "title": "Name" + }, + "sources": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Sources" + }, + "created_at": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Created At" + }, + "updated_at": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Updated At" + } + }, + "type": "object", + "required": [ + "uuid", + "type", + "name", + "sources" + ], + "title": "EntityBrowserResponse" + }, + "EntityType": { + "type": "string", + "enum": [ + "actor", + "forum-thread" + ], + "title": "EntityType" + }, + "EntraIDFailedValidationDetails": { "properties": { "invalid_parameter_field": { "anyOf": [ @@ -14792,6 +15812,14 @@ ], "title": "ExecutiveSummaryOutput" }, + "ExpandableField": { + "type": "string", + "enum": [ + "credentials", + "cookies" + ], + "title": "ExpandableField" + }, "FeatureFlagDefinition": { "properties": { "name": { @@ -15492,6 +16520,245 @@ "type": "object", "title": "FilterSourceTypes" }, + "FinancialEvent": { + "properties": { + "event_type": { + "type": "string", + "const": "cc", + "title": "Event Type", + "default": "cc" + }, + "data": { + "$ref": "#/components/schemas/FinancialEventData" + }, + "metadata": { + "$ref": "#/components/schemas/EventMetadata" + } + }, + "type": "object", + "required": [ + "data", + "metadata" + ], + "title": "Credit Card" + }, + "FinancialEventData": { + "properties": { + "bank": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Bank", + "description": "The bank associated with the leaked credit card." + }, + "bin": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Bin", + "description": "The BIN (Bank Identification Number) of the credit card." + }, + "brand": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Brand", + "description": "The brand of the leakedcredit card. Ex: VISA" + }, + "country": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Country", + "description": "The country the leakedcredit card was issued in." + }, + "expiration": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Expiration", + "description": "The expiration date of the leaked credit card." + }, + "owner": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Owner", + "description": "The owner of the leaked credit card." + }, + "state_code": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "State Code", + "description": "The state code tied to the leaked credit card." + }, + "zip": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Zip", + "description": "The zip code tied to the leaked credit card." + }, + "has_cvv": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Cvv", + "description": "Whether the CVV was included in the leaked data." + }, + "has_date_of_birth": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Date Of Birth", + "description": "Whether the date of birth was included in the leaked data." + }, + "has_mother_maiden_name": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Mother Maiden Name", + "description": "Whether the mother's maiden name was included in the leaked data." + }, + "has_phone": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Phone", + "description": "Whether the phone number was included in the leaked data." + }, + "has_pin": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Pin", + "description": "Whether the card's PIN was included in the leaked data." + }, + "has_ssn": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Ssn", + "description": "Whether the card owner's SSN was included in the leaked data." + }, + "has_track_1": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Track 1", + "description": "Whether the card's track 1 (magnetic stripe data) was included in the leaked data." + }, + "has_vbv": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "title": "Has Vbv", + "description": "Whether the card's VBV (Verified by Visa) data was included in the leaked data." + } + }, + "type": "object", + "required": [ + "bank", + "bin", + "brand", + "country", + "expiration", + "owner", + "state_code", + "zip", + "has_cvv", + "has_date_of_birth", + "has_mother_maiden_name", + "has_phone", + "has_pin", + "has_ssn", + "has_track_1", + "has_vbv" + ], + "title": "FinancialEventData" + }, "FlareInviteLinkRequest": { "properties": { "organization_name": { @@ -15513,6 +16780,18 @@ ], "title": "FlareInviteLinkRequest" }, + "ForetraceParams": { + "properties": { + "params_type": { + "type": "string", + "const": "flare_community", + "title": "Params Type", + "default": "flare_community" + } + }, + "type": "object", + "title": "ForetraceParams" + }, "ForumThreadAnalysisMetadataResponse": { "properties": { "summarized_at": { @@ -15603,9 +16882,20 @@ ], "title": "Total Events" }, - "creator": { + "creator_actor_name": { "type": "string", - "title": "Creator" + "title": "Creator Actor Name" + }, + "creator_actor_id": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Creator Actor Id" }, "category": { "anyOf": [ @@ -15636,7 +16926,7 @@ }, "type": "object", "required": [ - "creator", + "creator_actor_name", "source" ], "title": "ForumThreadMetadata" @@ -15778,12 +17068,112 @@ ], "title": "ForumThreadTimelineEntry" }, - "GeneralActivityAnalysisOutput": { + "ForumThreadTopicUidAndTitlePayload": { "properties": { - "overview": { + "forum_topic_uid": { "type": "string", - "title": "Overview", - "description": "Begin by describing the actor\u2019s most impactful criminal activity. Then provide an overview of the general nature of the actor\u2019s activity, including up to 20 short, unique, and relevant examples in reverse chronological order (e.g., what is offered, at what price, on which date, and on which forum/source). For each example, cite the corresponding post, date, and source, translating all content into English. When applicable, include details on tools, exploits, pricing, communication style, and any unique skills demonstrated." + "title": "Forum Topic Uid" + }, + "title": { + "type": "string", + "title": "Title" + } + }, + "type": "object", + "required": [ + "forum_topic_uid", + "title" + ], + "title": "ForumThreadTopicUidAndTitlePayload" + }, + "FrontendActorMetadata": { + "properties": { + "actor_id": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Actor Id" + }, + "actor_name": { + "type": "string", + "title": "Actor Name" + }, + "aliases": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Aliases", + "default": [] + }, + "first_seen": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "First Seen" + }, + "last_seen": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Last Seen" + }, + "total_events": { + "type": "integer", + "title": "Total Events", + "default": 0 + }, + "is_vetted": { + "type": "boolean", + "title": "Is Vetted", + "default": false + }, + "vetted_sources": { + "items": { + "$ref": "#/components/schemas/EnrichedSource" + }, + "type": "array", + "title": "Vetted Sources", + "default": [] + }, + "active_sources": { + "items": { + "$ref": "#/components/schemas/EnrichedSource" + }, + "type": "array", + "title": "Active Sources", + "default": [] + } + }, + "type": "object", + "required": [ + "actor_name" + ], + "title": "FrontendActorMetadata" + }, + "GeneralActivityAnalysisOutput": { + "properties": { + "overview": { + "type": "string", + "title": "Overview", + "description": "Begin by describing the actor\u2019s most impactful criminal activity. Then provide an overview of the general nature of the actor\u2019s activity, including up to 20 short, unique, and relevant examples in reverse chronological order (e.g., what is offered, at what price, on which date, and on which forum/source). For each example, cite the corresponding post, date, and source, translating all content into English. When applicable, include details on tools, exploits, pricing, communication style, and any unique skills demonstrated." }, "variation_of_activity_over_time": { "type": "string", @@ -15816,6 +17206,32 @@ ], "title": "GeneralActivityAnalysisOutput" }, + "GeneralProfileSummaryOutput": { + "properties": { + "overview": { + "type": "string", + "title": "Overview", + "description": "Paragraph about the general description of the actor activity, including their username(s), presence on source, total posts count, and period of activity. " + }, + "main_activities_and_motives": { + "type": "string", + "title": "Main Activities And Motives", + "description": "A concise, analytical paragraph describing the actor's main activities, technical sophistication indicators, and specific threats to sectors. Write in a narrative style without numbered lists or bullet points. Keep it shorter and more focused than a detailed breakdown." + }, + "potential_associations": { + "type": "string", + "title": "Potential Associations", + "description": "Paragraph about the potential associations of the actor if relevant. Identify what groups the actor is associated with (if any). If none are identified, state that clearly." + } + }, + "type": "object", + "required": [ + "overview", + "main_activities_and_motives", + "potential_associations" + ], + "title": "GeneralProfileSummaryOutput" + }, "GetAllowedRestrictedTermsResponse": { "properties": { "allowed_restricted_terms": { @@ -15928,6 +17344,14 @@ ], "title": "GlobalFeedItem" }, + "GlobalSearchFeature": { + "type": "string", + "enum": [ + "events", + "credentials" + ], + "title": "GlobalSearchFeature" + }, "GlobalSearchRequestBody": { "properties": { "query": { @@ -16030,6 +17454,104 @@ ], "title": "GlobalSearchRequestBody" }, + "GlobalSearchSource": { + "type": "string", + "enum": [ + "all", + "api", + "flare_platform" + ], + "title": "GlobalSearchSource" + }, + "GlobalSearchUsageByFeatureResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/GlobalSearchUsageFeature" + }, + "type": "array", + "title": "Items" + } + }, + "type": "object", + "required": [ + "items" + ], + "title": "GlobalSearchUsageByFeatureResponse" + }, + "GlobalSearchUsageByMemberItem": { + "properties": { + "member": { + "type": "string", + "title": "Member" + }, + "count": { + "type": "integer", + "title": "Count" + } + }, + "type": "object", + "required": [ + "member", + "count" + ], + "title": "GlobalSearchUsageByMemberItem" + }, + "GlobalSearchUsageByMemberResponse": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/GlobalSearchUsageByMemberItem" + }, + "type": "array", + "title": "Items" + } + }, + "type": "object", + "required": [ + "items" + ], + "title": "GlobalSearchUsageByMemberResponse" + }, + "GlobalSearchUsageFeature": { + "properties": { + "feature": { + "$ref": "#/components/schemas/GlobalSearchFeature" + }, + "values": { + "items": { + "$ref": "#/components/schemas/GlobalSearchUsageFeatureValue" + }, + "type": "array", + "title": "Values" + } + }, + "type": "object", + "required": [ + "feature", + "values" + ], + "title": "GlobalSearchUsageFeature" + }, + "GlobalSearchUsageFeatureValue": { + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp" + }, + "count": { + "type": "integer", + "title": "Count" + } + }, + "type": "object", + "required": [ + "timestamp", + "count" + ], + "title": "GlobalSearchUsageFeatureValue" + }, "GroupByType": { "type": "string", "enum": [ @@ -16309,32 +17831,11 @@ ], "title": "HourData" }, - "IPData": { - "properties": { - "type": { - "type": "string", - "const": "ip", - "title": "Type", - "default": "ip" - }, - "ip": { - "type": "string", - "minLength": 1, - "title": "Ip" - } - }, - "type": "object", - "required": [ - "ip" - ], - "title": "IPData" - }, - "IdPApplicationNode": { + "HubspotDoSyncRequest": { "properties": { - "application_uuid": { - "type": "string", - "format": "uuid", - "title": "Application Uuid" + "hubspot_id": { + "type": "integer", + "title": "Hubspot Id" }, "domain": { "anyOf": [ @@ -16347,47 +17848,157 @@ ], "title": "Domain" }, - "name": { - "type": "string", - "title": "Name" - }, - "idp_type": { - "$ref": "#/components/schemas/TenantIntegrationType" - }, - "labels": { - "items": { - "type": "string" - }, - "type": "array", - "title": "Labels" - }, - "risk_score": { - "$ref": "#/components/schemas/RiskScore" - }, - "type": { - "$ref": "#/components/schemas/ApplicationExposureNodeType", - "readOnly": true - }, - "id": { - "type": "string", - "title": "Id", - "readOnly": true + "organization_id": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Organization Id" } }, "type": "object", "required": [ - "application_uuid", + "hubspot_id", "domain", - "name", - "idp_type", - "labels", - "risk_score", - "type", - "id" + "organization_id" ], - "title": "IdPApplicationNode" + "title": "HubspotDoSyncRequest" }, - "IdPUserAccountType": { + "HubspotLifecycleStage": { + "type": "string", + "enum": [ + "1281177943" + ], + "title": "HubspotLifecycleStage" + }, + "HubspotWebhookFlareSyncEvent": { + "properties": { + "hubspot_id": { + "type": "integer", + "title": "Hubspot Id" + }, + "domain": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Domain" + }, + "organization_id": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Organization Id" + }, + "lifecycle_stage": { + "anyOf": [ + { + "$ref": "#/components/schemas/HubspotLifecycleStage" + }, + { + "type": "null" + } + ] + } + }, + "type": "object", + "required": [ + "hubspot_id" + ], + "title": "HubspotWebhookFlareSyncEvent" + }, + "IPData": { + "properties": { + "type": { + "type": "string", + "const": "ip", + "title": "Type", + "default": "ip" + }, + "ip": { + "type": "string", + "minLength": 1, + "title": "Ip" + } + }, + "type": "object", + "required": [ + "ip" + ], + "title": "IPData" + }, + "IdPApplicationNode": { + "properties": { + "application_uuid": { + "type": "string", + "format": "uuid", + "title": "Application Uuid" + }, + "domain": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Domain" + }, + "name": { + "type": "string", + "title": "Name" + }, + "idp_type": { + "$ref": "#/components/schemas/TenantIntegrationType" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Labels" + }, + "risk_score": { + "$ref": "#/components/schemas/RiskScore" + }, + "type": { + "$ref": "#/components/schemas/ApplicationExposureNodeType", + "readOnly": true + }, + "id": { + "type": "string", + "title": "Id", + "readOnly": true + } + }, + "type": "object", + "required": [ + "application_uuid", + "domain", + "name", + "idp_type", + "labels", + "risk_score", + "type", + "id" + ], + "title": "IdPApplicationNode" + }, + "IdPUserAccountType": { "type": "string", "enum": [ "Member", @@ -16455,7 +18066,7 @@ "$ref": "#/components/schemas/UsernameData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Output" }, { "$ref": "#/components/schemas/SecretData" @@ -16476,7 +18087,7 @@ "brand": "#/components/schemas/BrandData", "credentials": "#/components/schemas/CredentialsData", "domain": "#/components/schemas/DomainData", - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Output", "github_repository": "#/components/schemas/GithubRepositoryData", "identity": "#/components/schemas/IdentityData", "ip": "#/components/schemas/IPData", @@ -17124,7 +18735,7 @@ "$ref": "#/components/schemas/CredentialsData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Input" }, { "$ref": "#/components/schemas/UsernameData" @@ -17148,7 +18759,7 @@ "brand": "#/components/schemas/BrandData", "credentials": "#/components/schemas/CredentialsData", "domain": "#/components/schemas/DomainData", - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Input", "github_repository": "#/components/schemas/GithubRepositoryData", "identity": "#/components/schemas/IdentityDataRequestBody", "ip": "#/components/schemas/IPData", @@ -17256,7 +18867,8 @@ "USER", "SYSTEM_RELATION", "SELF_ONBOARDING", - "ATTRIBUTE" + "ATTRIBUTE", + "IDP_SYNC" ], "title": "IdentifierSource" }, @@ -17265,6 +18877,7 @@ "enum": [ "ALL", "USER", + "COUNTED", "SYSTEM", "USER_AND_ATTRIBUTE" ], @@ -17373,7 +18986,7 @@ "data": { "oneOf": [ { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Output" }, { "$ref": "#/components/schemas/UsernameData" @@ -17386,7 +18999,7 @@ "discriminator": { "propertyName": "type", "mapping": { - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Output", "name": "#/components/schemas/NameData", "username": "#/components/schemas/UsernameData" } @@ -17431,7 +19044,7 @@ "items": { "oneOf": [ { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Input" }, { "$ref": "#/components/schemas/UsernameData" @@ -17443,7 +19056,7 @@ "discriminator": { "propertyName": "type", "mapping": { - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Input", "name": "#/components/schemas/NameData", "username": "#/components/schemas/UsernameData" } @@ -17818,11 +19431,19 @@ "invite_magic_link": { "type": "string", "title": "Invite Magic Link" + }, + "domains": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Domains" } }, "type": "object", "required": [ - "invite_magic_link" + "invite_magic_link", + "domains" ], "title": "InviteLinkResponse" }, @@ -18085,13 +19706,14 @@ "data", "metadata" ], - "title": "LookalikeDomainEvent" + "title": "Lookalike Domain" }, "LookalikeDomainEventData": { "properties": { "domain": { "type": "string", - "title": "Domain" + "title": "Domain", + "description": "The domain of the lookalike domain." }, "registered_at": { "anyOf": [ @@ -18103,7 +19725,8 @@ "type": "null" } ], - "title": "Registered At" + "title": "Registered At", + "description": "The date and time the lookalike domain was registered." }, "identifier_domains": { "anyOf": [ @@ -18117,7 +19740,8 @@ "type": "null" } ], - "title": "Identifier Domains" + "title": "Identifier Domains", + "description": "Domain identifiers matching the lookalike domains" }, "feed": { "anyOf": [ @@ -18128,7 +19752,8 @@ "type": "null" } ], - "title": "Feed" + "title": "Feed", + "description": "The feed where the lookalike domain was found" }, "cert_data": { "anyOf": [ @@ -18140,7 +19765,8 @@ "type": "null" } ], - "title": "Cert Data" + "title": "Cert Data", + "description": "The certificate data of the lookalike domain." }, "subject": { "anyOf": [ @@ -18151,7 +19777,8 @@ "type": "null" } ], - "title": "Subject" + "title": "Subject", + "description": "The subject of the certificate of the lookalike domain." }, "issuer": { "anyOf": [ @@ -18162,7 +19789,8 @@ "type": "null" } ], - "title": "Issuer" + "title": "Issuer", + "description": "The issuer of the certificate of the lookalike domain." } }, "type": "object", @@ -18188,7 +19816,8 @@ "type": "null" } ], - "title": "Malware Family" + "title": "Malware Family", + "description": "The malware family used for device infection." }, "build_id": { "anyOf": [ @@ -18199,7 +19828,8 @@ "type": "null" } ], - "title": "Build Id" + "title": "Build Id", + "description": "The build ID of the malware used for device infection." }, "file_location": { "anyOf": [ @@ -18210,7 +19840,8 @@ "type": "null" } ], - "title": "File Location" + "title": "File Location", + "description": "The file location of the malware used for device infection." }, "infected_at": { "anyOf": [ @@ -18222,7 +19853,8 @@ "type": "null" } ], - "title": "Infected At" + "title": "Infected At", + "description": "The date and time the malware was used to infect the victim's device." } }, "type": "object", @@ -18581,6 +20213,34 @@ ], "title": "PaginatedResults[EnrichedBulkAction, str]" }, + "PaginatedResults_EntityBrowserResponse__str_": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/EntityBrowserResponse" + }, + "type": "array", + "title": "Items" + }, + "next": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Next" + } + }, + "type": "object", + "required": [ + "items", + "next" + ], + "title": "PaginatedResults[EntityBrowserResponse, str]" + }, "PaginatedResults_FeedItem__str_": { "properties": { "items": { @@ -18693,6 +20353,35 @@ ], "title": "PaginatedResults[Identifier, str]" }, + "PaginatedResults_InviteLinkResponse__datetime_": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/InviteLinkResponse" + }, + "type": "array", + "title": "Items" + }, + "next": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Next" + } + }, + "type": "object", + "required": [ + "items", + "next" + ], + "title": "PaginatedResults[InviteLinkResponse, datetime]" + }, "PaginatedResults_PartialAlertChannel__str_": { "properties": { "items": { @@ -18973,6 +20662,62 @@ ], "title": "PaginatedResults[SourceWithTenantCount, str]" }, + "PaginatedResults_StealerLogCookie__str_": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/StealerLogCookie" + }, + "type": "array", + "title": "Items" + }, + "next": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Next" + } + }, + "type": "object", + "required": [ + "items", + "next" + ], + "title": "PaginatedResults[StealerLogCookie, str]" + }, + "PaginatedResults_StealerLogCredential__str_": { + "properties": { + "items": { + "items": { + "$ref": "#/components/schemas/StealerLogCredential" + }, + "type": "array", + "title": "Items" + }, + "next": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Next" + } + }, + "type": "object", + "required": [ + "items", + "next" + ], + "title": "PaginatedResults[StealerLogCredential, str]" + }, "PaginatedResults_TenantFlareCommunityUser__int_": { "properties": { "items": { @@ -19582,7 +21327,7 @@ "data", "metadata" ], - "title": "RansomLeakEvent" + "title": "Ransom Leak" }, "RansomLeakEventData": { "properties": { @@ -19595,7 +21340,8 @@ "type": "null" } ], - "title": "Url" + "title": "Url", + "description": "The URL of the ransom leak post." }, "response_url": { "anyOf": [ @@ -19606,7 +21352,8 @@ "type": "null" } ], - "title": "Response Url" + "title": "Response Url", + "description": "The URL of the response to the ransom leak post." }, "title": { "anyOf": [ @@ -19617,7 +21364,8 @@ "type": "null" } ], - "title": "Title" + "title": "Title", + "description": "The title of the ransom leak post." }, "content": { "anyOf": [ @@ -19628,7 +21376,8 @@ "type": "null" } ], - "title": "Content" + "title": "Content", + "description": "The content of the ransom leak post." }, "body": { "anyOf": [ @@ -19639,10 +21388,19 @@ "type": "null" } ], - "title": "Body" + "title": "Body", + "description": "The body of the ransom leak post." }, "victim_information": { - "$ref": "#/components/schemas/VictimInfo" + "anyOf": [ + { + "$ref": "#/components/schemas/pyro__findings__ransomleaks__datamodels__VictimInformation" + }, + { + "type": "null" + } + ], + "description": "The information relating to the victim of the ransom leak." } }, "type": "object", @@ -19883,7 +21641,7 @@ "$ref": "#/components/schemas/AzureTenantData" }, { - "$ref": "#/components/schemas/EmailData" + "$ref": "#/components/schemas/EmailData-Output" }, { "$ref": "#/components/schemas/UsernameData" @@ -19895,7 +21653,7 @@ "mapping": { "azure_tenant": "#/components/schemas/AzureTenantData", "domain": "#/components/schemas/DomainData", - "email": "#/components/schemas/EmailData", + "email": "#/components/schemas/EmailData-Output", "username": "#/components/schemas/UsernameData" } } @@ -20784,7 +22542,7 @@ "ReportResponse": { "properties": { "report": { - "$ref": "#/components/schemas/PydanticThreatFlowReport" + "$ref": "#/components/schemas/Report" } }, "type": "object", @@ -21195,19 +22953,37 @@ }, "type": "array", "title": "Noisy" - } - }, - "type": "object", - "required": [ - "restricted", - "noisy" - ], - "title": "RestrictedTerms" - }, - "RevokeSessionsPayload": { - "properties": { - "credential_hash": { - "type": "string", + }, + "freemail": { + "items": { + "anyOf": [ + { + "$ref": "#/components/schemas/DomainRestrictedTerm" + }, + { + "$ref": "#/components/schemas/KeywordRestrictedTerm" + }, + { + "$ref": "#/components/schemas/PresetRestrictedTerm" + } + ] + }, + "type": "array", + "title": "Freemail" + } + }, + "type": "object", + "required": [ + "restricted", + "noisy", + "freemail" + ], + "title": "RestrictedTerms" + }, + "RevokeSessionsPayload": { + "properties": { + "credential_hash": { + "type": "string", "title": "Credential Hash" } }, @@ -22002,11 +23778,9 @@ "type": "string", "enum": [ "id", - "title", - "author", - "created_at", - "updated_at", - "status" + "published_at", + "organization_id", + "tenant_id" ], "title": "SortType" }, @@ -22577,6 +24351,80 @@ ], "title": "StealerLogActions" }, + "StealerLogCookie": { + "properties": { + "host_key": { + "type": "string", + "title": "Host Key" + }, + "path": { + "type": "string", + "title": "Path" + }, + "expires_utc": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Expires Utc" + }, + "name": { + "type": "string", + "title": "Name" + }, + "value": { + "type": "string", + "title": "Value" + } + }, + "type": "object", + "required": [ + "host_key", + "path", + "expires_utc", + "name", + "value" + ], + "title": "StealerLogCookie" + }, + "StealerLogCredential": { + "properties": { + "url": { + "type": "string", + "title": "Url" + }, + "username": { + "type": "string", + "title": "Username" + }, + "password": { + "type": "string", + "title": "Password" + }, + "hash": { + "type": "string", + "title": "Hash" + }, + "application": { + "type": "string", + "title": "Application" + } + }, + "type": "object", + "required": [ + "url", + "username", + "password", + "hash", + "application" + ], + "title": "StealerLogCredential" + }, "StealerLogData": { "properties": { "credentials": { @@ -22625,7 +24473,8 @@ { "type": "null" } - ] + ], + "description": "Collection of data that relates to the victim and their infected device." }, "malware_information": { "anyOf": [ @@ -22635,7 +24484,8 @@ { "type": "null" } - ] + ], + "description": "Collection of data that relates to the malware that was used to infect the victim's device." } }, "type": "object", @@ -22944,10 +24794,14 @@ { "$ref": "#/components/schemas/EntraIDParams" }, + { + "$ref": "#/components/schemas/ForetraceParams" + }, { "type": "null" } - ] + ], + "title": "Params" }, "features": { "items": { @@ -23074,7 +24928,8 @@ "TenantIntegrationType": { "type": "string", "enum": [ - "entra_id" + "entra_id", + "flare_community" ], "title": "TenantIntegrationType" }, @@ -23378,7 +25233,15 @@ "TestTenantIntegrationPayload": { "properties": { "params": { - "$ref": "#/components/schemas/EntraIDParams" + "anyOf": [ + { + "$ref": "#/components/schemas/EntraIDParams" + }, + { + "$ref": "#/components/schemas/ForetraceParams" + } + ], + "title": "Params" } }, "type": "object", @@ -24019,7 +25882,15 @@ "default": true }, "params": { - "$ref": "#/components/schemas/EntraIDParams" + "anyOf": [ + { + "$ref": "#/components/schemas/EntraIDParams" + }, + { + "$ref": "#/components/schemas/ForetraceParams" + } + ], + "title": "Params" }, "status": { "anyOf": [ @@ -24321,149 +26192,6 @@ ], "title": "ValidationError" }, - "VictimInfo": { - "properties": { - "name": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Name" - }, - "display_name": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Display Name" - }, - "domain": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Domain" - }, - "alternative_domains": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "null" - } - ], - "title": "Alternative Domains" - }, - "industry": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Industry" - }, - "employee_count": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "null" - } - ], - "title": "Employee Count" - }, - "city": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "City" - }, - "state": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "State" - }, - "country": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Country" - }, - "latitude": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "null" - } - ], - "title": "Latitude" - }, - "longitude": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "null" - } - ], - "title": "Longitude" - } - }, - "type": "object", - "required": [ - "name", - "display_name", - "domain", - "alternative_domains", - "industry", - "employee_count", - "city", - "state", - "country", - "latitude", - "longitude" - ], - "title": "VictimInfo" - }, "VictimInformation": { "properties": { "ip_address": { @@ -24499,7 +26227,8 @@ "type": "null" } ], - "title": "Username" + "title": "Username", + "description": "The username of account accessed on the infected device." }, "country_code": { "anyOf": [ @@ -24510,7 +26239,8 @@ "type": "null" } ], - "title": "Country Code" + "title": "Country Code", + "description": "The country code tied to the infected device." }, "zip_code": { "anyOf": [ @@ -24543,7 +26273,8 @@ "type": "null" } ], - "title": "Hwid" + "title": "Hwid", + "description": "The hardware ID of the infected device." }, "current_language": { "anyOf": [ @@ -24554,7 +26285,8 @@ "type": "null" } ], - "title": "Current Language" + "title": "Current Language", + "description": "The current language selected on the infected device." }, "screensize_width": { "anyOf": [ @@ -24565,7 +26297,8 @@ "type": "null" } ], - "title": "Screensize Width" + "title": "Screensize Width", + "description": "The width of the screen in pixels." }, "screensize_height": { "anyOf": [ @@ -24576,7 +26309,8 @@ "type": "null" } ], - "title": "Screensize Height" + "title": "Screensize Height", + "description": "The height of the screen in pixels." }, "timezone": { "anyOf": [ @@ -24587,7 +26321,8 @@ "type": "null" } ], - "title": "Timezone" + "title": "Timezone", + "description": "The timezone of the infected device." }, "os": { "anyOf": [ @@ -24598,7 +26333,8 @@ "type": "null" } ], - "title": "Os" + "title": "Os", + "description": "The operating system of the infected device." }, "uac": { "anyOf": [ @@ -24609,18 +26345,20 @@ "type": "null" } ], - "title": "Uac" + "title": "Uac", + "description": "The user account control (UAC) setting of the infected device." }, "process_elevation": { "anyOf": [ { - "type": "string" + "type": "boolean" }, { "type": "null" } ], - "title": "Process Elevation" + "title": "Process Elevation", + "description": "Whether operations during infection were elevated to administrator privileges." }, "available_keyboards": { "anyOf": [ @@ -24634,7 +26372,8 @@ "type": "null" } ], - "title": "Available Keyboards" + "title": "Available Keyboards", + "description": "The available keyboard layouts on the infected device." }, "hardware": { "anyOf": [ @@ -24648,7 +26387,8 @@ "type": "null" } ], - "title": "Hardware" + "title": "Hardware", + "description": "The hardware components of the infected device." }, "anti_viruses": { "anyOf": [ @@ -24662,7 +26402,8 @@ "type": "null" } ], - "title": "Anti Viruses" + "title": "Anti Viruses", + "description": "The anti-viruses installed on the infected device." } }, "type": "object", @@ -24720,7 +26461,157 @@ ], "title": "SortType" }, - "pyro__events__firework__stealerlog__StealerLogEvent": { + "pyro__findings__ransomleaks__datamodels__VictimInformation": { + "properties": { + "name": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Name", + "description": "The name of the victim. This is the name of the company or organization that was breached." + }, + "display_name": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Display Name" + }, + "domain": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Domain", + "description": "The domain of the victim. This is the domain of the company or organization that was breached." + }, + "alternative_domains": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ], + "title": "Alternative Domains" + }, + "industry": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Industry", + "description": "The industry of the company or organization that was breached." + }, + "employee_count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], + "title": "Employee Count", + "description": "The number of employees of the company or organization that was breached." + }, + "city": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "City", + "description": "The city of operation of the company or organization that was breached." + }, + "state": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "State", + "description": "The state of operation of the company or organization that was breached." + }, + "country": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Country", + "description": "The country of operation of the company or organization that was breached." + }, + "latitude": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "null" + } + ], + "title": "Latitude" + }, + "longitude": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "null" + } + ], + "title": "Longitude" + } + }, + "type": "object", + "required": [ + "name", + "display_name", + "domain", + "alternative_domains", + "industry", + "employee_count", + "city", + "state", + "country", + "latitude", + "longitude" + ], + "title": "VictimInformation" + }, + "pyro__findings__stealerlogs__datamodels__StealerLogEvent": { "properties": { "event_type": { "type": "string", @@ -24740,19 +26631,19 @@ "data", "metadata" ], - "title": "StealerLogEvent" + "title": "Stealer Log" }, - "pyro__firework__backend__api4__reports__report_groups__reports__report_datamodels__ReportResponse": { - "properties": { - "report": { - "$ref": "#/components/schemas/Report" - } - }, - "type": "object", - "required": [ - "report" + "pyro__reports__report_store__SortType": { + "type": "string", + "enum": [ + "id", + "title", + "author", + "created_at", + "updated_at", + "status" ], - "title": "ReportResponse" + "title": "SortType" }, "pyro__threat_flow__core__reports__report_store__ReportType": { "type": "string", @@ -24762,15 +26653,17 @@ ], "title": "ReportType" }, - "pyro__threat_flow__core__reports__report_store__SortType": { - "type": "string", - "enum": [ - "id", - "published_at", - "organization_id", - "tenant_id" + "pyro__threat_flow__web__v4__reports__models__ReportResponse": { + "properties": { + "report": { + "$ref": "#/components/schemas/PydanticThreatFlowReport" + } + }, + "type": "object", + "required": [ + "report" ], - "title": "SortType" + "title": "ReportResponse" } }, "securitySchemes": { @@ -24785,4 +26678,4 @@ "BearerAuth": [] } ] -} +} \ No newline at end of file diff --git a/docs/api-reference/v4/endpoints/get-event.mdx b/docs/api-reference/v4/endpoints/get-event.mdx index eefa074..ed014d3 100644 --- a/docs/api-reference/v4/endpoints/get-event.mdx +++ b/docs/api-reference/v4/endpoints/get-event.mdx @@ -1,249 +1,11 @@ --- -title: "Get Event" -api: "GET https://api.flare.io/firework/v4/events/" -authMethod: "bearer" +openapi: get /firework/v4/events/ --- -Returns data for a specific event. +import ModelExamples from '/snippets/event_model_examples.mdx' - ```json Blog Post - { - "data": { - "url": "", - "content": "", - "description": "", - "posted_at": "2025-01-01T00:00:00.000000+00:00" - }, - "metadata": { - "estimated_created_at": "2023-11-07T05:31:56Z", - "flare_url": "", - "matched_at": "2023-11-07T05:31:56Z", - "severity": "info", - "uid": "" - }, - "event_type": "blog_post", - } - ``` - ```json Financial - { - "data": { - "bank": "", - "bin": "", - "brand": "", - "country": "", - "expiration": "2030-05-01T00:00:00+00:00", - "owner": "", - "state_code": "", - "zip": "", - "has_cvv": "", - "has_date_of_birth": "", - "has_mother_maiden_name": "", - "has_phone": "", - "has_pin": "", - "has_ssn": "", - "has_track_1": "", - "has_vbv": "" - }, - "metadata": { - "estimated_created_at": "2023-11-07T05:31:56Z", - "flare_url": "", - "matched_at": "2023-11-07T05:31:56Z", - "severity": "info", - "uid": "" - }, - "event_type": "cc", - } - ``` - ```json Ransom Leak - { - "data": { - "victim_information": { - "name": "", - "display_name": "", - "domain": "", - "alternative_domains": "[]", - "industry": "", - "employee_count": "", - "city": "", - "state": "", - "country": "", - "latitude": "", - "longitude": "" - } - "url": "", - "response_url": "", - "title": "", - "content": "", - }, - "metadata": { - "estimated_created_at": "2023-11-07T05:31:56Z", - "flare_url": "", - "matched_at": "2023-11-07T05:31:56Z", - "severity": "info", - "uid": "" - }, - "event_type": "listing", - } - ``` - ```json Stealer Log - { - "data": { - "victim_information": { - "ip_address": "", - "ip_network": "", - "username": "", - "country_code": "", - "zip_code": "", - "location": "", - "hwid": "", - "current_language": "", - "screensize_width": 123, - "screensize_height": 123, - "timezone": "", - "os": "", - "uac": "", - "process_elevation": "", - "available_keyboards": [ - "" - ], - "hardware": [ - "" - ], - "anti_viruses": [ - "" - ] - }, - "malware_information": { - "malware_family": "", - "build_id": "", - "file_location": "", - "infected_at": "2023-11-07T05:31:56Z" - } - }, - "metadata": { - "estimated_created_at": "2023-11-07T05:31:56Z", - "flare_url": "", - "matched_at": "2023-11-07T05:31:56Z", - "severity": "info", - "uid": "" - }, - "event_type": "stealer_log" - } - ``` + - -#### Parameters - - - The UID of the Event. - - -#### Response - -Response fields differ based on event type as follows: - - - - Blog Post Event Data - - - Url of the specific blog post. - - - Content of the Blog Post. - - - Blog Post description, if provided. - - - The date the blog post was posted on the web. - - - - - - - Financial Event Data - - - Name of the bank related to the card/information leak. - - - Associated BIN to a leaked credit card. - - - Major brand of the leaked credit card. - Ex: VISA - - - The country of origin of the leaked card/information. - - - Expiration of the leaked card. - - - Name of the owner found on the card. - - - Initials of the state tied to the card. This is included for American leaked cards. - - - Zip code of the address attached to the leaked card. This is included for American leaked cards. - - - When true, this means that the leaked data includes the CVV of the leaked card. - - - - - - - RansomLeak Event Data - - - - - - - - Stealer Log Event Data - - - - - - - - - Event Metadata - - - The date that the information was made available within the Flare. - - - Url to the event within Flare - - - The date that this event was matched to an identifier within your tenant. - - - The event severity, when an event exists on your tenant feed this score will reflect any changes made to the severity. - - `info`, - `low`, - `medium`, - `high`, - `critical` - - - - The event uid. This should match the initial uid provided intially as a required parameter. - - - - - diff --git a/docs/snippets/event_model_examples.mdx b/docs/snippets/event_model_examples.mdx new file mode 100644 index 0000000..0527dd7 --- /dev/null +++ b/docs/snippets/event_model_examples.mdx @@ -0,0 +1,193 @@ +{/* + If you are in pyro: + - If this file changes, you should also modify the API docs. + - https://github.com/flared/docs-api/ + + If you are in mintlify: + - Don't edit this directly, edit the generator in pyro. + - pyro/pyro/findings/mintlify/test_finding_models.py +*/} + + +```json Blog Post +{ + "event_type": "blog_post", + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + }, + "data": { + "url": "https://www.blog_name.com/post_slug", + "content": "Post content", + "description": "Post description", + "posted_at": "2025-01-01T00:00:00" + } +} +``` + + +```json Bucket +{ + "event_type": "bucket", + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + }, + "data": { + "url": "https://bucket.public.com/file.txt", + "bucket": { + "host": "bucket.public.com", + "provider": "s3" + } + } +} +``` + + +```json Credit Card +{ + "event_type": "cc", + "data": { + "bank": "Bank of the North", + "bin": "12345", + "brand": "VISA", + "country": "NP", + "expiration": "2030-05-01T00:00:00", + "owner": "BOW", + "state_code": "SW", + "zip": "H0H0H0", + "has_cvv": true, + "has_date_of_birth": false, + "has_mother_maiden_name": false, + "has_phone": true, + "has_pin": null, + "has_ssn": false, + "has_track_1": null, + "has_vbv": null + }, + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + } +} +``` + + +```json Lookalike Domain +{ + "event_type": "lookalike", + "data": { + "domain": "importante.com", + "registered_at": "2025-01-01T00:00:00", + "identifier_domains": [ + "important.co" + ], + "feed": null, + "cert_data": null, + "subject": null, + "issuer": "/C=US/CN=R3/O=Let's Encrypt" + }, + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + } +} +``` + + +```json Ransom Leak +{ + "event_type": "ransomleak", + "data": { + "url": "http://payupnow.onion/leaks.php", + "response_url": "http://payupnow.onion/leaks.php", + "title": "Leak Name - Victim Name", + "content": "Ransom Leak Listing Content", + "body": "Ransom Leak Listing Body", + "victim_information": { + "name": "Victim Name", + "display_name": "Victim Name", + "domain": "victim-domain.com", + "alternative_domains": [ + "victim.co" + ], + "industry": "Non-Profit", + "employee_count": 1, + "city": "New York", + "state": "New York", + "country": "USA", + "latitude": 123.456, + "longitude": 123.456 + } + }, + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + } +} +``` + + +```json Stealer Log +{ + "event_type": "stealer_log", + "data": { + "victim_information": { + "ip_address": "127.0.0.1", + "ip_network": "127.0.0.0/8", + "username": "admin", + "country_code": "USA", + "zip_code": null, + "location": null, + "hwid": null, + "current_language": "en-US", + "screensize_width": 1920, + "screensize_height": 1080, + "timezone": "UTC+7", + "os": "Windows 10 22H2 Pro (Build 19045) (64 Bit)", + "uac": null, + "process_elevation": false, + "available_keyboards": [ + "en-US" + ], + "hardware": [ + "CPU: Intel(R) Core(TM) i3-10105F CPU @ 3.70GHz (4 cores, 8 threads)", + "RAM: 31.92 GB", + "HOSTNAME: DESKTOP-123456" + ], + "anti_viruses": [ + "Windows Defender", + "Avast Antivirus" + ] + }, + "malware_information": { + "malware_family": "Lumastealer", + "build_id": "1234567890", + "file_location": "C:\\Windows\\System32\\malware.exe", + "infected_at": "2025-01-01T00:00:00" + } + }, + "metadata": { + "estimated_created_at": "2025-01-01T00:00:00", + "flare_url": "https://app.flare.io/#/uid", + "matched_at": null, + "severity": "info", + "uid": "index/source/id" + } +} +```