forked from Shuffle/openapi-apps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsumologic-api.yaml
1 lines (1 loc) · 215 KB
/
sumologic-api.yaml
1
{"components":{"schemas":{"AggregationRule":{"properties":{"aggregationFunctions":{"items":{"properties":{"arguments":{"items":{"type":"string"},"type":"array"},"function":{"type":"string"},"name":{"type":"string"}},"required":["name","function","arguments"],"type":"object"},"type":"array"},"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"groupByAsset":{"type":"boolean"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"matchExpression":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"triggerExpression":{"type":"string"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","nameExpression","descriptionExpression","matchExpression","groupByAsset","groupByFields","aggregationFunctions","scoreMapping","stream","windowSize","windowSizeName","triggerExpression"],"type":"object"},"ChainRule":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expressionsAndLimits":{"items":{"properties":{"expression":{"type":"string"},"limit":{"type":"integer"}},"required":["expression","limit"],"type":"object"},"type":"array"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"ordered":{"type":"boolean"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expressionsAndLimits","groupByFields","ordered","score","stream","windowSize","windowSizeName"],"type":"object"},"CustomEntityType":{"properties":{"fields":{"description":"Record schema fields. Examples: \"file_hash_md5\", \"file_hash_sha1\".","items":{"type":"string"},"type":"array"},"id":{"type":"string"},"identifier":{"description":"Machine friendly and unique identifier. Examples: \"ip\", \"username\", \"mac\".","type":"string"},"name":{"description":"Human friend and unique name. Examples: \"Ip Address\", \"Username\", \"Mac Address\".","type":"string"}},"required":["id","identifier","name","fields"],"type":"object"},"CustomInsight":{"properties":{"created":{"format":"date-time","type":"string"},"description":{"type":"string"},"enabled":{"type":"boolean"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"name":{"type":"string"},"ordered":{"type":"boolean"},"ruleIds":{"items":{"type":"string"},"type":"array"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signalNames":{"items":{"type":"string"},"type":"array"},"tags":{"items":{"type":"string"},"type":"array"}},"required":["id","name","description","severity","ordered","enabled","created","lastUpdated","ruleIds","signalNames","tags"],"type":"object"},"CustomMatchListColumn":{"properties":{"fields":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name","fields"],"type":"object"},"Enrichment":{"properties":{"detail":{"additionalProperties":true,"description":"A map of the enrichment details","type":"object"},"type":{"type":"string"}},"required":["type","detail"],"type":"object"},"EntityCriticalityConfig":{"properties":{"entityCount":{"description":"Number of entities related to this criticality.","type":"integer"},"id":{"type":"string"},"name":{"description":"Human friendly and unique name. Examples: \"Executive Laptop\", \"Bastion Host\"","type":"string"},"severityExpression":{"description":"Algebraic expression representing this entity's criticality. Examples: \"severity * 2\", \"severity - 5\", \"severity / 3\"","type":"string"}},"required":["id","name","severityExpression","entityCount"],"type":"object"},"Insight":{"properties":{"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"signal":{"properties":{"id":{"type":"string"},"name":{"type":"string"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","timestamp"],"type":"object"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream","signal"],"type":"object"},"type":"array"},"assignedTo":{"description":"The user that this Insight is assigned to","type":"string"},"assignee":{"description":"The user or team this Insight is assigned to.","oneOf":[{"properties":{"displayName":{"description":"A name to display for this user, which will be the value of the name field if specified and the username if not.","type":"string"},"username":{"type":"string"}},"required":["username","displayName"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"},{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"}]},"closed":{"format":"date-time","type":"string"},"closedBy":{"type":"string"},"confidence":{"description":"A 0-100 value of the ML-based confidence score for the Insight","format":"double","type":"number"},"created":{"format":"date-time","type":"string"},"description":{"type":"string"},"entity":{"description":"The primary Entity associated with this Insight","properties":{"entityType":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"value":{"type":"string"}},"required":["id","entityType","name","value"],"type":"object"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"orgId":{"type":"string"},"readableId":{"description":"A human-readable ID in the format \"INSIGHT-542\". This is technically nullable, but in reality it will always be populated in every query other than the cross-type search query.","type":"string"},"resolution":{"type":"string"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signals":{"items":{"properties":{"allRecords":{"description":"A JSON-stringified array of all Records associated with this Signal.","items":{"additionalProperties":true,"type":"object"},"type":"array"},"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream"],"type":"object"},"type":"array"},"contentType":{"type":"string"},"description":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"recordCount":{"description":"The total number of Records (including the sum of primaryRecordsJson and extraRecordsJson","type":"integer"},"recordTypes":{"items":{"type":"string"},"type":"array"},"ruleId":{"type":"string"},"severity":{"type":"integer"},"stage":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","stage","timestamp","severity","recordCount","recordTypes","allRecords","tags"],"type":"object"},"type":"array"},"source":{"enum":["ALGORITHM","CANARY","RULE","USER"],"type":"string"},"status":{"description":"The current status of this Insight","properties":{"displayName":{"type":"string"},"name":{"type":"string"}},"required":["name","displayName"],"type":"object"},"subResolution":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"teamAssignedTo":{"description":"The team that this Insight is assigned to","type":"string"},"timeToDetection":{"type":"integer"},"timeToRemediation":{"type":"integer"},"timeToResponse":{"type":"integer"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","readableId","name","description","timestamp","source","created","severity","status","entity","signals","artifacts","orgId","tags"],"type":"object"},"InsightResolution":{"properties":{"description":{"type":"string"},"id":{"type":"integer"},"name":{"type":"string"},"parent":{"properties":{"id":{"type":"integer"},"name":{"type":"string"}},"required":["id","name"],"type":"object"},"source":{"type":"string"}},"required":["id","name","description","source"],"type":"object"},"InsightStatus":{"properties":{"description":{"type":"string"},"displayName":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name","displayName"],"type":"object"},"LogMapping":{"properties":{"enabled":{"type":"boolean"},"fields":{"items":{"properties":{"alternateValues":{"items":{"type":"string"},"type":"array"},"caseInsensitive":{"type":"boolean"},"defaultValue":{"type":"string"},"fieldJoin":{"items":{"type":"string"},"type":"array"},"format":{"type":"string"},"formatParameters":{"items":{"type":"string"},"type":"array"},"joinDelimiter":{"type":"string"},"lookup":{"items":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"name":{"type":"string"},"skippedValues":{"items":{"type":"string"},"type":"array"},"splitDelimiter":{"type":"string"},"splitIndex":{"type":"string"},"timeZone":{"type":"string"},"value":{"type":"string"},"valueType":{"type":"string"}},"required":["name"],"type":"object"},"type":"array"},"id":{"type":"string"},"input":{"additionalProperties":true,"type":"object"},"name":{"type":"string"},"output":{"additionalProperties":true,"type":"object"},"productGuid":{"type":"string"},"recordType":{"type":"string"},"relatesEntities":{"type":"boolean"},"skippedValues":{"items":{"type":"string"},"type":"array"},"source":{"type":"string"},"structuredInputs":{"items":{"properties":{"eventIdPattern":{"type":"string"},"logFormat":{"type":"string"},"product":{"type":"string"},"vendor":{"type":"string"}},"required":["vendor","product","eventIdPattern","logFormat"],"type":"object"},"type":"array"},"unstructuredFields":{"properties":{"patternNames":{"items":{"type":"string"},"type":"array"}},"required":["patternNames"],"type":"object"}},"required":["id","name","source","skippedValues","fields","enabled","relatesEntities","structuredInputs","recordType"],"type":"object"},"MatchList":{"properties":{"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"description":"A description of the List.","type":"string"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"description":"The name of the List.","type":"string"},"targetColumn":{"description":"The column that Items in this List are matched against.","type":"string"}},"required":["id","name","targetColumn"],"type":"object"},"MatchListItem":{"properties":{"active":{"type":"boolean"},"expiration":{"format":"date-time","type":"string"},"id":{"type":"string"},"listName":{"type":"string"},"meta":{"properties":{"created":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"},"description":{"type":"string"},"updated":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"}},"required":["description"],"type":"object"},"value":{"type":"string"}},"required":["id","value","active","listName"],"type":"object"},"MatchRule":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expression","score","stream"],"type":"object"},"NetworkBlock":{"properties":{"addressBlock":{"type":"string"},"id":{"type":"string"},"internal":{"type":"boolean"},"label":{"description":"The name of the List.","type":"string"},"suppressesSignals":{"type":"boolean"}},"required":["id","addressBlock","label","internal","suppressesSignals"],"type":"object"},"RuleTuningExpression":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"exclude":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal","exclude"],"type":"object"},"Signal":{"properties":{"allRecords":{"description":"A JSON-stringified array of all Records associated with this Signal.","items":{"additionalProperties":true,"type":"object"},"type":"array"},"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream"],"type":"object"},"type":"array"},"contentType":{"type":"string"},"description":{"type":"string"},"entity":{"properties":{"entityType":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"value":{"type":"string"}},"required":["id","name","entityType","value"],"type":"object"},"id":{"type":"string"},"name":{"type":"string"},"recordCount":{"description":"The total number of Records (including the sum of primaryRecordsJson and extraRecordsJson","type":"integer"},"recordTypes":{"items":{"type":"string"},"type":"array"},"ruleId":{"type":"string"},"severity":{"type":"integer"},"stage":{"type":"string"},"suppressed":{"description":"Whether the Signal is suppressed","type":"boolean"},"tags":{"items":{"type":"string"},"type":"array"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","stage","timestamp","severity","recordCount","recordTypes","allRecords","tags","entity"],"type":"object"},"SuppressList":{"properties":{"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"description":"A description of the List.","type":"string"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"description":"The name of the List.","type":"string"},"targetColumn":{"description":"The column that Items in this List are matched against.","type":"string"}},"required":["id","name","targetColumn"],"type":"object"},"SuppressListItem":{"properties":{"active":{"type":"boolean"},"expiration":{"format":"date-time","type":"string"},"id":{"type":"string"},"listName":{"type":"string"},"meta":{"properties":{"created":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"},"description":{"type":"string"},"updated":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"}},"required":["description"],"type":"object"},"value":{"type":"string"}},"required":["id","value","active","listName"],"type":"object"},"TemplatedMatchRule":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","descriptionExpression","expression","nameExpression","scoreMapping","stream"],"type":"object"},"ThreatIntelSource":{"properties":{"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"description":{"description":"A description of the Source.","type":"string"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"description":"The name of the Source.","type":"string"},"sourceType":{"enum":["ANOMALI","CUSTOM","IDEFENSE","TAXII","THREATQ"],"type":"string"}},"required":["id","name","sourceType"],"type":"object"},"ThresholdRule":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"countDistinct":{"type":"boolean"},"countField":{"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"limit":{"type":"integer"},"limitOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"version":{"type":"integer"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","countDistinct","description","expression","groupByFields","limit","score","stream","version","windowSize","windowSizeName"],"type":"object"}},"securitySchemes":{"basicAuth":{"scheme":"basic","type":"http"}}},"info":{"description":"\nhttps://help.sumologic.com/APIs\n","title":"Sumo Logic CSE API","version":"1.0.0"},"openapi":"3.0.0","paths":{"/custom-entity-types":{"get":{"description":"","operationId":"GetCustomEntityTypes","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/CustomEntityType"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetCustomEntityTypesResponse","type":"object"}}},"description":"A single page of Custom Entity Types"}},"summary":"Get the list of Custom Entity Types"},"post":{"description":"","operationId":"CreateCustomEntityType","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"fields":{"description":"Record schema fields. Examples: \"file_hash_md5\", \"file_hash_sha1\".","items":{"type":"string"},"type":"array"},"identifier":{"description":"Machine friendly and unique identifier. Examples: \"ip\", \"username\", \"mac\".","type":"string"},"name":{"description":"Human friend and unique name. Examples: \"Ip Address\", \"Username\", \"Mac Address\".","type":"string"}},"required":["name","fields","identifier"],"type":"object"}},"required":["fields"],"title":"CreateCustomEntityTypeRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomEntityType"}},"required":["data"],"title":"CreateCustomEntityTypeResponse","type":"object"}}},"description":"The new Custom Entity Type"}},"summary":"Create a Custom Entity Type"}},"/custom-entity-types/{id}":{"delete":{"description":"","operationId":"DeleteCustomEntityType","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteCustomEntityTypeResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Custom Entity Type"},"get":{"description":"","operationId":"GetCustomEntityType","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomEntityType"}},"required":["data"],"title":"GetCustomEntityTypeResponse","type":"object"}}},"description":"A single Custom Entity Type"}},"summary":"Get a Custom Entity Type"},"put":{"description":"","operationId":"UpdateCustomEntityType","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"fields":{"description":"Record schema fields. Examples: \"file_hash_md5\", \"file_hash_sha1\".","items":{"type":"string"},"type":"array"},"name":{"description":"Human friend and unique name. Examples: \"Ip Address\", \"Username\", \"Mac Address\".","type":"string"}},"required":["name","fields"],"type":"object"}},"required":["fields"],"title":"UpdateCustomEntityTypeRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomEntityType"}},"required":["data"],"title":"UpdateCustomEntityTypeResponse","type":"object"}}},"description":"The updated Custom Entity Type"}},"summary":"Update a Custom Entity Type"}},"/custom-insights":{"get":{"description":"","operationId":"GetCustomInsights","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/CustomInsight"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetCustomInsightsResponse","type":"object"}}},"description":"A single page of Custom Insights"}},"summary":"Get the list of Custom Insights"},"post":{"description":"","operationId":"CreateCustomInsight","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"name":{"type":"string"},"ordered":{"type":"boolean"},"ruleIds":{"items":{"type":"string"},"type":"array"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signalNames":{"items":{"type":"string"},"type":"array"},"tags":{"items":{"type":"string"},"type":"array"}},"required":["name","description","severity","ordered","enabled","tags"],"type":"object"}},"required":["fields"],"title":"CreateCustomInsightRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomInsight"}},"required":["data"],"title":"CreateCustomInsightResponse","type":"object"}}},"description":"The new Custom Insight"}},"summary":"Create a Custom Insight"}},"/custom-insights/{id}":{"delete":{"description":"","operationId":"DeleteCustomInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteCustomInsightResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Custom Insight"},"get":{"description":"","operationId":"GetCustomInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomInsight"}},"required":["data"],"title":"GetCustomInsightResponse","type":"object"}}},"description":"A single Custom Insight"}},"summary":"Get a Custom Insight"},"put":{"description":"","operationId":"UpdateCustomInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"name":{"type":"string"},"ordered":{"type":"boolean"},"ruleIds":{"items":{"type":"string"},"type":"array"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signalNames":{"items":{"type":"string"},"type":"array"},"tags":{"items":{"type":"string"},"type":"array"}},"required":["name","description","severity","ordered","enabled","tags"],"type":"object"}},"required":["fields"],"title":"UpdateCustomInsightRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomInsight"}},"required":["data"],"title":"UpdateCustomInsightResponse","type":"object"}}},"description":"The updated Custom Insight"}},"summary":"Update a Custom Insight"}},"/custom-match-list-columns":{"get":{"description":"","operationId":"GetCustomMatchListColumns","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"$ref":"#/components/schemas/CustomMatchListColumn"},"type":"array"}},"required":["data"],"title":"GetCustomMatchListColumnsResponse","type":"object"}}},"description":"A list of all of the Custom Match List Columns"}},"summary":"Get the list of Custom Match List Columns"},"post":{"description":"","operationId":"CreateCustomMatchListColumn","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"fields":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"}},"required":["name","fields"],"type":"object"}},"required":["fields"],"title":"CreateCustomMatchListColumnRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomMatchListColumn"}},"required":["data"],"title":"CreateCustomMatchListColumnResponse","type":"object"}}},"description":"The new Custom Match List Column"}},"summary":"Create a Custom Match List Column"}},"/custom-match-list-columns/{id}":{"delete":{"description":"","operationId":"DeleteCustomMatchListColumn","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteCustomMatchListColumnResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Custom Match List Column"},"put":{"description":"","operationId":"UpdateCustomMatchListColumn","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"fields":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"}},"required":["name","fields"],"type":"object"}},"required":["fields"],"title":"UpdateCustomMatchListColumnRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/CustomMatchListColumn"}},"required":["data"],"title":"UpdateCustomMatchListColumnResponse","type":"object"}}},"description":"The updated Custom Match List Column"}},"summary":"Update a Custom Match List Column"}},"/entities":{"get":{"description":"","operationId":"GetEntities","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `ip`\n- `hostname`\n- `username`\n- `sensorZone`\n- `whitelisted`\n- `type`\n- `tag`\n- `activityScore`\n- `lastSeen`\n- `criticality`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["inventory"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"inventory":{"items":{"oneOf":[{"properties":{"computerName":{"type":"string"},"groups":{"items":{"type":"string"},"type":"array"},"hostname":{"type":"string"},"ip":{"items":{"type":"string"},"type":"array"},"location":{"type":"string"},"mac":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object"},"natIp":{"items":{"type":"string"},"type":"array"},"normalizedComputerName":{"type":"string"},"normalizedHostname":{"type":"string"},"os":{"type":"string"},"osVersion":{"type":"string"},"parsedTime":{"type":"string"},"source":{"type":"string"},"timestamp":{"type":"string"},"uniqueId":{"type":"string"}},"required":["uniqueId","source","timestamp","parsedTime","groups","metadata","ip","natIp"],"type":"object"},{"properties":{"department":{"type":"string"},"emails":{"items":{"type":"string"},"type":"array"},"givenName":{"type":"string"},"groups":{"items":{"type":"string"},"type":"array"},"lastName":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object"},"middleName":{"type":"string"},"normalizedUsername":{"type":"string"},"parsedTime":{"type":"string"},"source":{"type":"string"},"timestamp":{"type":"string"},"uniqueId":{"type":"string"},"username":{"type":"string"}},"required":["uniqueId","source","timestamp","parsedTime","groups","metadata","username","emails"],"type":"object"}]},"type":"array"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","inventory","tags","entityType","value"],"type":"object"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetEntitiesResponse","type":"object"}}},"description":"A single page of Entities"}},"summary":"Get the list of Entities"}},"/entities/{entityId}/criticality":{"put":{"description":"","operationId":"UpdateEntityCriticality","parameters":[{"in":"path","name":"entityId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"criticality":{"type":"string"}},"title":"UpdateEntityCriticalityRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"UpdateEntityCriticalityResponse","type":"object"}}},"description":"The updated Entity"}},"summary":"Update an Entity's criticality"}},"/entities/{entityId}/suppressed":{"put":{"description":"","operationId":"UpdateEntitySuppressed","parameters":[{"in":"path","name":"entityId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"suppressed":{"type":"boolean"}},"required":["suppressed"],"title":"UpdateEntitySuppressedRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"UpdateEntitySuppressedResponse","type":"object"}}},"description":"The updated Entity"}},"summary":"Suppress or un-suppress an Entity'"}},"/entities/{entityId}/tags":{"delete":{"description":"","operationId":"RemoveEntityTags","parameters":[{"in":"path","name":"entityId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"tags":{"items":{"type":"string"},"type":"array"}},"required":["tags"],"title":"RemoveEntityTagsRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"RemoveEntityTagsResponse","type":"object"}}},"description":"The updated Entity"}},"summary":"Remove tags from an Entity"},"post":{"description":"","operationId":"AddEntityTags","parameters":[{"in":"path","name":"entityId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"tags":{"items":{"type":"string"},"type":"array"}},"required":["tags"],"title":"AddEntityTagsRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"AddEntityTagsResponse","type":"object"}}},"description":"The updated Entity"}},"summary":"Add tags to an Entity"},"put":{"description":"","operationId":"UpdateEntityTags","parameters":[{"in":"path","name":"entityId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"tags":{"items":{"type":"string"},"type":"array"}},"required":["tags"],"title":"UpdateEntityTagsRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"UpdateEntityTagsResponse","type":"object"}}},"description":"The updated Entity"}},"summary":"Update an Entity's tags, replacing any existing tags"}},"/entities/{id}":{"get":{"description":"","operationId":"GetEntity","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["inventory"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"description":"The details for a single Entity (i.e. user, hostname, IP address, etc.)","properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"firstSeen":{"format":"date-time","type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"inventory":{"items":{"oneOf":[{"properties":{"computerName":{"type":"string"},"groups":{"items":{"type":"string"},"type":"array"},"hostname":{"type":"string"},"ip":{"items":{"type":"string"},"type":"array"},"location":{"type":"string"},"mac":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object"},"natIp":{"items":{"type":"string"},"type":"array"},"normalizedComputerName":{"type":"string"},"normalizedHostname":{"type":"string"},"os":{"type":"string"},"osVersion":{"type":"string"},"parsedTime":{"type":"string"},"source":{"type":"string"},"timestamp":{"type":"string"},"uniqueId":{"type":"string"}},"required":["uniqueId","source","timestamp","parsedTime","groups","metadata","ip","natIp"],"type":"object"},{"properties":{"department":{"type":"string"},"emails":{"items":{"type":"string"},"type":"array"},"givenName":{"type":"string"},"groups":{"items":{"type":"string"},"type":"array"},"lastName":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object"},"middleName":{"type":"string"},"normalizedUsername":{"type":"string"},"parsedTime":{"type":"string"},"source":{"type":"string"},"timestamp":{"type":"string"},"uniqueId":{"type":"string"},"username":{"type":"string"}},"required":["uniqueId","source","timestamp","parsedTime","groups","metadata","username","emails"],"type":"object"}]},"type":"array"},"isSuppressed":{"type":"boolean"},"isWhitelisted":{"type":"boolean"},"lastSeen":{"format":"date-time","type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","activityScore","isWhitelisted","isSuppressed","name","inventory","tags","entityType","value"],"type":"object"}},"required":["data"],"title":"GetEntityResponse","type":"object"}}},"description":"A single Entity"}},"summary":"Get an Entity"}},"/entities/{id}/enrichments/{enrichmentType}":{"put":{"description":"","operationId":"SaveEntityEnrichment","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"in":"path","name":"enrichmentType","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"detail":{"type":"string"}},"required":["detail"],"title":"SaveEntityEnrichmentRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Enrichment","description":"The saved Enrichment"}},"required":["data"],"title":"SaveEntityEnrichmentResponse","type":"object"}}},"description":"The created Enrichment on the Entity"}},"summary":"Create or update an Enrichment on an Entity"}},"/entities/{id}/related-entities":{"get":{"description":"","operationId":"GetRelatedEntitiesById","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"in":"query","name":"start","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"end","required":true,"schema":{"format":"date-time","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"properties":{"activityScore":{"type":"integer"},"criticality":{"type":"string"},"entityType":{"type":"string"},"id":{"type":"string"},"isSuppressed":{"type":"boolean"},"tags":{"items":{"type":"string"},"type":"array"},"value":{"type":"string"}},"required":["id","entityType","value","activityScore","tags","isSuppressed"],"type":"object"},"type":"array"}},"required":["data"],"title":"GetRelatedEntitiesByIdResponse","type":"object"}}},"description":"A single page of Related Entities"}},"summary":"Get the list of Related Entities"}},"/entity-criticality-configs":{"get":{"description":"","operationId":"GetEntityCriticalityConfigs","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/EntityCriticalityConfig"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetEntityCriticalityConfigsResponse","type":"object"}}},"description":"A single page of Entity Criticality Configurations"}},"summary":"Get the list of Entity Criticality Configurations"},"post":{"description":"","operationId":"CreateEntityCriticalityConfig","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"name":{"description":"Human friendly and unique name. Examples: \"Executive Laptop\", \"Bastion Host\"","type":"string"},"severityExpression":{"description":"Algebraic expression representing this entity's criticality. Examples: \"severity * 2\", \"severity - 5\", \"severity / 3\"","type":"string"}},"required":["name","severityExpression"],"type":"object"}},"required":["fields"],"title":"CreateEntityCriticalityConfigRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/EntityCriticalityConfig"}},"required":["data"],"title":"CreateEntityCriticalityConfigResponse","type":"object"}}},"description":"The new Entity Criticality Configuration"}},"summary":"Create an Entity Criticality Configuration"}},"/entity-criticality-configs/{id}":{"delete":{"description":"","operationId":"DeleteEntityCriticalityConfig","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteEntityCriticalityConfigResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete an Entity Criticality Configuration"},"get":{"description":"","operationId":"GetEntityCriticalityConfig","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/EntityCriticalityConfig"}},"required":["data"],"title":"GetEntityCriticalityConfigResponse","type":"object"}}},"description":"A single Entity Criticality Configuration"}},"summary":"Get an Entity Criticality Configuration"},"put":{"description":"","operationId":"UpdateEntityCriticalityConfig","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"severityExpression":{"description":"Algebraic expression representing this entity's criticality. Examples: \"severity * 2\", \"severity - 5\", \"severity / 3\"","type":"string"}},"required":["severityExpression"],"type":"object"}},"required":["fields"],"title":"UpdateEntityCriticalityConfigRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/EntityCriticalityConfig"}},"required":["data"],"title":"UpdateEntityCriticalityConfigResponse","type":"object"}}},"description":"The updated Entity Criticality Configuration"}},"summary":"Update an Entity Criticality Configuration"}},"/entity-normalization/domain-configuration":{"get":{"description":"","operationId":"GetEntityDomainConfiguration","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"adDomainNormalizationEnabled":{"type":"boolean"},"awsNormalizationEnabled":{"type":"boolean"},"defaultNormalizedDomain":{"type":"string"},"domainMappings":{"items":{"properties":{"normalizedDomain":{"type":"string"},"rawDomain":{"type":"string"}},"required":["rawDomain","normalizedDomain"],"type":"object"},"type":"array"},"fqdnNormalizationEnabled":{"type":"boolean"},"normalizeHostnames":{"type":"boolean"},"normalizeUsernames":{"type":"boolean"}},"required":["normalizeUsernames","normalizeHostnames","domainMappings","adDomainNormalizationEnabled","fqdnNormalizationEnabled","awsNormalizationEnabled"],"type":"object"}},"required":["data"],"title":"GetEntityDomainConfigurationResponse","type":"object"}}},"description":"The Entity Domain Configuration"}},"summary":"Get the Entity Domain Configuration"},"put":{"description":"","operationId":"UpdateEntityDomainConfiguration","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"adDomainNormalizationEnabled":{"type":"boolean"},"awsNormalizationEnabled":{"type":"boolean"},"defaultNormalizedDomain":{"type":"string"},"domainMappings":{"items":{"properties":{"normalizedDomain":{"type":"string"},"rawDomain":{"type":"string"}},"required":["rawDomain","normalizedDomain"],"type":"object"},"type":"array"},"fqdnNormalizationEnabled":{"type":"boolean"},"normalizeHostnames":{"type":"boolean"},"normalizeUsernames":{"type":"boolean"}},"required":["normalizeUsernames","normalizeHostnames","domainMappings","adDomainNormalizationEnabled","fqdnNormalizationEnabled","awsNormalizationEnabled"],"type":"object"}},"required":["fields"],"title":"UpdateEntityDomainConfigurationRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"UpdateEntityDomainConfigurationResponse","type":"object"}}},"description":"Action success status"}},"summary":"Update the Entity Domain Configuration"}},"/insight-resolutions":{"get":{"description":"","operationId":"GetInsightResolutions","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/InsightResolution"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetInsightResolutionsResponse","type":"object"}}},"description":"A single page of Insight Resolutions"}},"summary":"Get the list of Insight Resolutions"},"post":{"description":"","operationId":"CreateInsightResolution","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"name":{"type":"string"},"parentId":{"type":"integer"}},"required":["name"],"type":"object"}},"title":"CreateInsightResolutionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightResolution"}},"required":["data"],"title":"CreateInsightResolutionResponse","type":"object"}}},"description":"The new Insight Resolution"}},"summary":"Create a Insight Resolution"}},"/insight-resolutions/{id}":{"delete":{"description":"","operationId":"DeleteInsightResolution","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteInsightResolutionResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Insight Resolution"},"get":{"description":"","operationId":"GetInsightResolution","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightResolution"}},"required":["data"],"title":"GetInsightResolutionResponse","type":"object"}}},"description":"A single Insight Resolution"}},"summary":"Get a Insight Resolution"},"put":{"description":"","operationId":"UpdateInsightResolution","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"}},"type":"object"}},"title":"UpdateInsightResolutionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightResolution"}},"required":["data"],"title":"UpdateInsightResolutionResponse","type":"object"}}},"description":"The updated Insight Resolution"}},"summary":"Update a Insight Resolution"}},"/insight-status":{"get":{"description":"","operationId":"GetInsightStatuses","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"description":"All available Insight statuses.","items":{"$ref":"#/components/schemas/InsightStatus"},"type":"array"}},"required":["data"],"title":"GetInsightStatusesResponse","type":"object"}}},"description":"A single page of Insight Statuses"}},"summary":"Get the list of Insight Statuses"},"post":{"description":"","operationId":"CreateInsightStatusOption","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"}},"title":"CreateInsightStatusOptionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightStatus"}},"required":["data"],"title":"CreateInsightStatusOptionResponse","type":"object"}}},"description":"The new Insight Status"}},"summary":"Create an Insight Status"}},"/insight-status/{id}":{"delete":{"description":"","operationId":"DeleteInsightStatusOption","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteInsightStatusOptionResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete an Insight Status"},"get":{"description":"","operationId":"GetInsightStatus","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightStatus"}},"required":["data"],"title":"GetInsightStatusResponse","type":"object"}}},"description":"A single Insight Status"}},"summary":"Get an Insight Status"},"put":{"description":"","operationId":"UpdateInsightStatusOption","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"}},"title":"UpdateInsightStatusOptionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/InsightStatus"}},"required":["data"],"title":"UpdateInsightStatusOptionResponse","type":"object"}}},"description":"The updated Insight Status"}},"summary":"Update an Insight Status"}},"/insights":{"get":{"description":"Note: This API will not return more than 10,000 Insights for a given query, even when split over many pages. To retrieve all Insights, use the /insights/all API.","operationId":"GetInsights","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `readableId`\n- `status`\n- `name`\n- `insightId`\n- `description`\n- `created`\n- `timestamp`\n- `closed`\n- `assignee`\n- `entity.ip`\n- `entity.hostname`\n- `entity.username`\n- `entity.sensorZone`\n- `entity.type`\n- `enrichment`\n- `tag`\n- `severity`\n- `resolution`\n- `subResolution`\n- `ruleId`\n- `records`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":10,"type":"integer"}},{"description":"A list of fields to aggregate from the records of each Insight into a summarized list directly on the Insight object of the response","in":"query","name":"recordSummaryFields","required":true,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"A comma-separated list of subfields to be excluded from the response","in":"query","name":"exclude","required":false,"schema":{"items":{"enum":["artifacts","entity","signals","signals.allRecords"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"properties":{"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"signal":{"properties":{"id":{"type":"string"},"name":{"type":"string"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","timestamp"],"type":"object"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream","signal"],"type":"object"},"type":"array"},"assignedTo":{"description":"The user that this Insight is assigned to","type":"string"},"assignee":{"description":"The user or team this Insight is assigned to.","oneOf":[{"properties":{"displayName":{"description":"A name to display for this user, which will be the value of the name field if specified and the username if not.","type":"string"},"username":{"type":"string"}},"required":["username","displayName"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"},{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"}]},"closed":{"format":"date-time","type":"string"},"closedBy":{"type":"string"},"confidence":{"description":"A 0-100 value of the ML-based confidence score for the Insight","format":"double","type":"number"},"created":{"format":"date-time","type":"string"},"description":{"type":"string"},"entity":{"description":"The primary Entity associated with this Insight","properties":{"entityType":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"value":{"type":"string"}},"required":["id","entityType","name","value"],"type":"object"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"orgId":{"type":"string"},"readableId":{"description":"A human-readable ID in the format \"INSIGHT-542\". This is technically nullable, but in reality it will always be populated in every query other than the cross-type search query.","type":"string"},"recordSummaryFields":{"description":"The aggregated fields and values from the records of the Insight based on the recordSummaryFields query parameter","items":{"properties":{"fieldName":{"type":"string"},"fieldValue":{"type":"string"},"recordCount":{"type":"integer"}},"required":["fieldName","fieldValue","recordCount"],"type":"object"},"type":"array"},"resolution":{"type":"string"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signals":{"items":{"properties":{"allRecords":{"description":"A JSON-stringified array of all Records associated with this Signal.","items":{"additionalProperties":true,"type":"object"},"type":"array"},"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream"],"type":"object"},"type":"array"},"contentType":{"type":"string"},"description":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"recordCount":{"description":"The total number of Records (including the sum of primaryRecordsJson and extraRecordsJson","type":"integer"},"recordTypes":{"items":{"type":"string"},"type":"array"},"ruleId":{"type":"string"},"severity":{"type":"integer"},"stage":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","stage","timestamp","severity","recordCount","recordTypes","allRecords","tags"],"type":"object"},"type":"array"},"source":{"enum":["ALGORITHM","CANARY","RULE","USER"],"type":"string"},"status":{"description":"The current status of this Insight","properties":{"displayName":{"type":"string"},"name":{"type":"string"}},"required":["name","displayName"],"type":"object"},"subResolution":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"teamAssignedTo":{"description":"The team that this Insight is assigned to","type":"string"},"timeToDetection":{"type":"integer"},"timeToRemediation":{"type":"integer"},"timeToResponse":{"type":"integer"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","readableId","name","description","timestamp","source","created","severity","status","entity","signals","artifacts","recordSummaryFields","orgId","tags"],"type":"object"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetInsightsResponse","type":"object"}}},"description":"A single page of Insights"}},"summary":"Get the list of Insights for a given query"},"post":{"description":"","operationId":"CreateInsightFromSignals","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"signalIds":{"items":{"type":"string"},"type":"array"}},"required":["signalIds"],"title":"CreateInsightFromSignalsRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight","description":"The created Insight"}},"required":["data"],"title":"CreateInsightFromSignalsResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Create Insight from Signals"}},"/insights-configuration":{"get":{"description":"","operationId":"GetInsightsConfiguration","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"lookbackDays":{"format":"double","type":"number"},"threshold":{"format":"double","type":"number"}},"type":"object"}},"required":["data"],"title":"GetInsightsConfigurationResponse","type":"object"}}},"description":"The Insight Configuration"}},"summary":"Get Insight Configuration"},"put":{"description":"","operationId":"UpdateInsightConfiguration","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"config":{"properties":{"lookbackDays":{"format":"double","type":"number"},"threshold":{"format":"double","type":"number"}},"type":"object"}},"required":["config"],"title":"UpdateInsightConfigurationRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"lookbackDays":{"format":"double","type":"number"},"threshold":{"format":"double","type":"number"}},"type":"object"}},"required":["data"],"title":"UpdateInsightConfigurationResponse","type":"object"}}},"description":"The Insight Configuration"}},"summary":"Update Insight Configuration"}},"/insights/all":{"get":{"description":"","operationId":"GetAllInsights","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `readableId`\n- `status`\n- `name`\n- `insightId`\n- `description`\n- `created`\n- `timestamp`\n- `closed`\n- `assignee`\n- `entity.ip`\n- `entity.hostname`\n- `entity.username`\n- `entity.sensorZone`\n- `entity.type`\n- `enrichment`\n- `tag`\n- `severity`\n- `resolution`\n- `subResolution`\n- `ruleId`\n- `records`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"in":"query","name":"nextPageToken","required":false,"schema":{"type":"string"}},{"description":"A list of fields to aggregate from the records of each Insight into a summarized list directly on the Insight object of the response","in":"query","name":"recordSummaryFields","required":true,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["artifacts","entity","signals"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"nextPageToken":{"type":"string"},"objects":{"items":{"properties":{"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"signal":{"properties":{"id":{"type":"string"},"name":{"type":"string"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","timestamp"],"type":"object"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream","signal"],"type":"object"},"type":"array"},"assignedTo":{"description":"The user that this Insight is assigned to","type":"string"},"assignee":{"description":"The user or team this Insight is assigned to.","oneOf":[{"properties":{"displayName":{"description":"A name to display for this user, which will be the value of the name field if specified and the username if not.","type":"string"},"username":{"type":"string"}},"required":["username","displayName"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"},{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"}]},"closed":{"format":"date-time","type":"string"},"closedBy":{"type":"string"},"confidence":{"description":"A 0-100 value of the ML-based confidence score for the Insight","format":"double","type":"number"},"created":{"format":"date-time","type":"string"},"description":{"type":"string"},"entity":{"description":"The primary Entity associated with this Insight","properties":{"entityType":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"value":{"type":"string"}},"required":["id","entityType","name","value"],"type":"object"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"orgId":{"type":"string"},"readableId":{"description":"A human-readable ID in the format \"INSIGHT-542\". This is technically nullable, but in reality it will always be populated in every query other than the cross-type search query.","type":"string"},"recordSummaryFields":{"description":"The aggregated fields and values from the records of the Insight based on the recordSummaryFields query parameter","items":{"properties":{"fieldName":{"type":"string"},"fieldValue":{"type":"string"},"recordCount":{"type":"integer"}},"required":["fieldName","fieldValue","recordCount"],"type":"object"},"type":"array"},"resolution":{"type":"string"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signals":{"items":{"properties":{"allRecords":{"description":"A JSON-stringified array of all Records associated with this Signal.","items":{"additionalProperties":true,"type":"object"},"type":"array"},"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream"],"type":"object"},"type":"array"},"contentType":{"type":"string"},"description":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"recordCount":{"description":"The total number of Records (including the sum of primaryRecordsJson and extraRecordsJson","type":"integer"},"recordTypes":{"items":{"type":"string"},"type":"array"},"ruleId":{"type":"string"},"severity":{"type":"integer"},"stage":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","stage","timestamp","severity","recordCount","recordTypes","allRecords","tags"],"type":"object"},"type":"array"},"source":{"enum":["ALGORITHM","CANARY","RULE","USER"],"type":"string"},"status":{"description":"The current status of this Insight","properties":{"displayName":{"type":"string"},"name":{"type":"string"}},"required":["name","displayName"],"type":"object"},"subResolution":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"teamAssignedTo":{"description":"The team that this Insight is assigned to","type":"string"},"timeToDetection":{"type":"integer"},"timeToRemediation":{"type":"integer"},"timeToResponse":{"type":"integer"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","readableId","name","description","timestamp","source","created","severity","status","entity","signals","artifacts","recordSummaryFields","orgId","tags"],"type":"object"},"type":"array"}},"required":["objects"],"type":"object"}},"required":["data"],"title":"GetAllInsightsResponse","type":"object"}}},"description":"A single page of Insights, including the nextPageToken which can be used to fetch the next page of results. Note: The nextPageToken expires after one minute so it must be used soon after it is retrieved."}},"summary":"Get the list of all Insights"}},"/insights/counts":{"get":{"description":"","operationId":"GetInsightCounts","parameters":[{"in":"query","name":"startTimestamp","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"endTimestamp","required":false,"schema":{"format":"date-time","type":"string"}},{"description":"The duration of the buckets in seconds","in":"query","name":"bucketDuration","required":true,"schema":{"type":"integer"}},{"description":"The timezone to use for creating the bucket cutoffs","in":"query","name":"timezone","required":false,"schema":{"default":"UTC","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"properties":{"timestamp":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["timestamp","value"],"type":"object"},"type":"array"}},"required":["data"],"title":"GetInsightCountsResponse","type":"object"}}},"description":"The count of Insights bucketed by a given interval"}},"summary":"Get the count of Insights over time"}},"/insights/{id}":{"get":{"description":"","operationId":"GetInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"description":"A list of fields to aggregate from the records of each Insight into a summarized list directly on the Insight object of the response","in":"query","name":"recordSummaryFields","required":true,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"A comma-separated list of subfields to be excluded from the response","in":"query","name":"exclude","required":false,"schema":{"items":{"enum":["artifacts","entity","signals","signals.allRecords"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"signal":{"properties":{"id":{"type":"string"},"name":{"type":"string"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","timestamp"],"type":"object"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream","signal"],"type":"object"},"type":"array"},"assignedTo":{"description":"The user that this Insight is assigned to","type":"string"},"assignee":{"description":"The user or team this Insight is assigned to.","oneOf":[{"properties":{"displayName":{"description":"A name to display for this user, which will be the value of the name field if specified and the username if not.","type":"string"},"username":{"type":"string"}},"required":["username","displayName"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"},{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},{"properties":{"name":{"type":"string"}},"required":["name"],"type":"object"}]},"closed":{"format":"date-time","type":"string"},"closedBy":{"type":"string"},"confidence":{"description":"A 0-100 value of the ML-based confidence score for the Insight","format":"double","type":"number"},"created":{"format":"date-time","type":"string"},"description":{"type":"string"},"entity":{"description":"The primary Entity associated with this Insight","properties":{"entityType":{"type":"string"},"hostname":{"type":"string"},"id":{"type":"string"},"macAddress":{"type":"string"},"name":{"type":"string"},"sensorZone":{"type":"string"},"value":{"type":"string"}},"required":["id","entityType","name","value"],"type":"object"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"orgId":{"type":"string"},"readableId":{"description":"A human-readable ID in the format \"INSIGHT-542\". This is technically nullable, but in reality it will always be populated in every query other than the cross-type search query.","type":"string"},"recordSummaryFields":{"description":"The aggregated fields and values from the records of the Insight based on the recordSummaryFields query parameter","items":{"properties":{"fieldName":{"type":"string"},"fieldValue":{"type":"string"},"recordCount":{"type":"integer"}},"required":["fieldName","fieldValue","recordCount"],"type":"object"},"type":"array"},"resolution":{"type":"string"},"severity":{"enum":["CRITICAL","HIGH","LOW","MEDIUM"],"type":"string"},"signals":{"items":{"properties":{"allRecords":{"description":"A JSON-stringified array of all Records associated with this Signal.","items":{"additionalProperties":true,"type":"object"},"type":"array"},"artifacts":{"items":{"properties":{"name":{"type":"string"},"recordStream":{"type":"string"},"recordUid":{"type":"string"},"value":{"type":"string"}},"required":["name","value","recordUid","recordStream"],"type":"object"},"type":"array"},"contentType":{"type":"string"},"description":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"recordCount":{"description":"The total number of Records (including the sum of primaryRecordsJson and extraRecordsJson","type":"integer"},"recordTypes":{"items":{"type":"string"},"type":"array"},"ruleId":{"type":"string"},"severity":{"type":"integer"},"stage":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"timestamp":{"description":"Timestamp of first log record for this signal.","format":"date-time","type":"string"}},"required":["id","name","stage","timestamp","severity","recordCount","recordTypes","allRecords","tags"],"type":"object"},"type":"array"},"source":{"enum":["ALGORITHM","CANARY","RULE","USER"],"type":"string"},"status":{"description":"The current status of this Insight","properties":{"displayName":{"type":"string"},"name":{"type":"string"}},"required":["name","displayName"],"type":"object"},"subResolution":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"teamAssignedTo":{"description":"The team that this Insight is assigned to","type":"string"},"timeToDetection":{"type":"integer"},"timeToRemediation":{"type":"integer"},"timeToResponse":{"type":"integer"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","readableId","name","description","timestamp","source","created","severity","status","entity","signals","artifacts","recordSummaryFields","orgId","tags"],"type":"object"}},"required":["data"],"title":"GetInsightResponse","type":"object"}}},"description":"A single Insight"}},"summary":"Get an Insight"}},"/insights/{id}/assignee":{"delete":{"description":"","operationId":"RemoveInsightAssignee","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight","description":"The updated Insight"}},"required":["data"],"title":"RemoveInsightAssigneeResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Remove the assignee from an Insight"},"put":{"description":"","operationId":"UpdateInsightAssignee","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"assignee":{"description":"The assignee to assign this Insight to.","properties":{"type":{"description":"The type of the assignee, either USER or TEAM.","enum":["TEAM","USER"],"type":"string"},"value":{"description":"The username or team name of the user/team to be assigned.","type":"string"}},"required":["type","value"],"type":"object"}},"title":"UpdateInsightAssigneeRequestBody","type":"object"}}},"description":"The \"type\" of the \"assignee\" should be either \"TEAM\" or \"USER\", and the \"value\" of the \"assignee\" should be the username or team name of the given user/team to be assigned.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight","description":"The updated Insight"}},"required":["data"],"title":"UpdateInsightAssigneeResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Update the assignee of an Insight"}},"/insights/{id}/comments":{"get":{"description":"","operationId":"GetInsightComments","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"comments":{"items":{"properties":{"author":{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},"body":{"type":"string"},"id":{"type":"string"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","author","timestamp","body"],"type":"object"},"type":"array"}},"required":["comments"],"type":"object"}},"required":["data"],"title":"GetInsightCommentsResponse","type":"object"}}},"description":"The list of comments for an Insight"}},"summary":"Get an Insight's comments"},"post":{"description":"","operationId":"AddInsightComment","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"body":{"type":"string"}},"required":["body"],"title":"AddInsightCommentRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"author":{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"},"body":{"type":"string"},"id":{"type":"string"},"timestamp":{"format":"date-time","type":"string"}},"required":["id","author","timestamp","body"],"type":"object"}},"required":["data"],"title":"AddInsightCommentResponse","type":"object"}}},"description":"The list of comments for an Insight"}},"summary":"Add a new comment on an Insight"}},"/insights/{id}/enrichments":{"get":{"description":"","operationId":"GetInsightEnrichments","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"enrichments":{"items":{"$ref":"#/components/schemas/Enrichment"},"type":"array"}},"required":["enrichments"],"type":"object"}},"required":["data"],"title":"GetInsightEnrichmentsResponse","type":"object"}}},"description":"A single Insights's enrichments"}},"summary":"Get an Insights's enrichments"}},"/insights/{id}/enrichments/{enrichmentType}":{"put":{"description":"","operationId":"SaveInsightEnrichment","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"in":"path","name":"enrichmentType","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"detail":{"type":"string"},"raw":{"type":"string"}},"required":["detail"],"title":"SaveInsightEnrichmentRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Enrichment","description":"The saved Enrichment"}},"required":["data"],"title":"SaveInsightEnrichmentResponse","type":"object"}}},"description":"The created Enrichment on the Insight"}},"summary":"Create or update an Enrichment on an Insight"}},"/insights/{id}/history":{"get":{"description":"","operationId":"GetInsightHistory","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"history":{"items":{"properties":{"description":{"type":"string"},"timestamp":{"format":"date-time","type":"string"},"user":{"properties":{"username":{"type":"string"}},"required":["username"],"type":"object"}},"required":["description","timestamp"],"type":"object"},"type":"array"}},"required":["history"],"type":"object"}},"required":["data"],"title":"GetInsightHistoryResponse","type":"object"}}},"description":"The history for an Insight"}},"summary":"Get an Insight's history"}},"/insights/{id}/status":{"put":{"description":"","operationId":"UpdateInsightStatus","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"resolution":{"description":"The resolution reason for closing this Insight.","type":"string"},"status":{"description":"The status to update this Insight to. Default values are \"new\", \"inprogress\", and \"closed\", but custom statuses can also be created in the UI.","type":"string"}},"title":"UpdateInsightStatusRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight","description":"The updated Insight"}},"required":["data"],"title":"UpdateInsightStatusResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Update the status of an Insight"}},"/insights/{id}/tags":{"post":{"description":"","operationId":"AddTagToInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"tagName":{"type":"string"}},"required":["tagName"],"title":"AddTagToInsightRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight"}},"required":["data"],"title":"AddTagToInsightResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Add a tag to an Insight"}},"/insights/{id}/tags/{tagName}":{"delete":{"description":"","operationId":"RemoveTagFromInsight","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"in":"path","name":"tagName","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Insight"}},"required":["data"],"title":"RemoveTagFromInsightResponse","type":"object"}}},"description":"The updated Insight"}},"summary":"Remove a tag from an Insight"}},"/log-mappings":{"get":{"description":"","operationId":"GetLogMappings","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `parentId`\n- `name`\n- `created`\n- `createdBy`\n- `lastUpdated`\n- `lastUpdatedBy`\n- `source`\n- `isCustom`\n- `vendor`\n- `product`\n- `recordType`\n- `enabled`\n- `logFormat`\n- `eventIdPattern`\n- `patternName`\n- `isStructured`\n- `recordCount07D`\n- `recordCount24H`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/LogMapping"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetLogMappingsResponse","type":"object"}}},"description":"A single page of Log Mappings"}},"summary":"Get the list of Log Mappings"},"post":{"description":"","operationId":"CreateLogMapping","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"enabled":{"type":"boolean"},"fields":{"items":{"properties":{"alternateValues":{"items":{"type":"string"},"type":"array"},"caseInsensitive":{"type":"boolean"},"defaultValue":{"type":"string"},"fieldJoin":{"items":{"type":"string"},"type":"array"},"format":{"type":"string"},"formatParameters":{"items":{"type":"string"},"type":"array"},"joinDelimiter":{"type":"string"},"lookup":{"items":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"name":{"type":"string"},"skippedValues":{"items":{"type":"string"},"type":"array"},"splitDelimiter":{"type":"string"},"splitIndex":{"type":"string"},"timeZone":{"type":"string"},"value":{"type":"string"},"valueType":{"type":"string"}},"required":["name"],"type":"object"},"type":"array"},"name":{"type":"string"},"parentId":{"type":"string"},"productGuid":{"type":"string"},"recordType":{"type":"string"},"relatesEntities":{"type":"boolean"},"skippedValues":{"items":{"type":"string"},"type":"array"},"structuredFields":{"properties":{"eventIdPattern":{"type":"string"},"logFormat":{"type":"string"},"product":{"type":"string"},"vendor":{"type":"string"}},"required":["logFormat","vendor","product","eventIdPattern"],"type":"object"},"structuredInputs":{"items":{"properties":{"eventIdPattern":{"type":"string"},"logFormat":{"type":"string"},"product":{"type":"string"},"vendor":{"type":"string"}},"required":["logFormat","vendor","product","eventIdPattern"],"type":"object"},"type":"array"},"unstructuredFields":{"properties":{"patternNames":{"items":{"type":"string"},"type":"array"}},"required":["patternNames"],"type":"object"}},"required":["name","fields","recordType","productGuid","enabled"],"type":"object"}},"required":["fields"],"title":"CreateLogMappingRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/LogMapping"}},"required":["data"],"title":"CreateLogMappingResponse","type":"object"}}},"description":"The new Log Mapping"}},"summary":"Create a Log Mapping"}},"/log-mappings/{id}":{"delete":{"description":"","operationId":"DeleteLogMapping","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteLogMappingResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Log Mapping"},"get":{"description":"","operationId":"GetLogMapping","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/LogMapping"}},"required":["data"],"title":"GetLogMappingResponse","type":"object"}}},"description":"A single Log Mapping"}},"summary":"Get a Log Mapping"},"put":{"description":"","operationId":"UpdateLogMapping","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"fields":{"items":{"properties":{"alternateValues":{"items":{"type":"string"},"type":"array"},"caseInsensitive":{"type":"boolean"},"defaultValue":{"type":"string"},"fieldJoin":{"items":{"type":"string"},"type":"array"},"format":{"type":"string"},"formatParameters":{"items":{"type":"string"},"type":"array"},"joinDelimiter":{"type":"string"},"lookup":{"items":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"],"type":"object"},"type":"array"},"name":{"type":"string"},"skippedValues":{"items":{"type":"string"},"type":"array"},"splitDelimiter":{"type":"string"},"splitIndex":{"type":"string"},"timeZone":{"type":"string"},"value":{"type":"string"},"valueType":{"type":"string"}},"required":["name"],"type":"object"},"type":"array"},"name":{"type":"string"},"parentId":{"type":"string"},"productGuid":{"type":"string"},"recordType":{"type":"string"},"relatesEntities":{"type":"boolean"},"skippedValues":{"items":{"type":"string"},"type":"array"},"structuredFields":{"properties":{"eventIdPattern":{"type":"string"},"logFormat":{"type":"string"},"product":{"type":"string"},"vendor":{"type":"string"}},"required":["logFormat","vendor","product","eventIdPattern"],"type":"object"},"structuredInputs":{"items":{"properties":{"eventIdPattern":{"type":"string"},"logFormat":{"type":"string"},"product":{"type":"string"},"vendor":{"type":"string"}},"required":["logFormat","vendor","product","eventIdPattern"],"type":"object"},"type":"array"},"unstructuredFields":{"properties":{"patternNames":{"items":{"type":"string"},"type":"array"}},"required":["patternNames"],"type":"object"}},"required":["name","fields","recordType","productGuid"],"type":"object"}},"required":["fields"],"title":"UpdateLogMappingRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/LogMapping"}},"required":["data"],"title":"UpdateLogMappingResponse","type":"object"}}},"description":"The updated Log Mapping"}},"summary":"Update a Log Mapping"}},"/match-list-items":{"get":{"description":"","operationId":"GetMatchListItems","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"description":"A value to search for","in":"query","name":"value","required":false,"schema":{"type":"string"}},{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `targetColumn`\n- `value`\n- `active`\n- `expirationDate`\n- `listName`\n- `description`\n- `created`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"in":"query","name":"listIds","required":false,"schema":{"items":{"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/MatchListItem"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetMatchListItemsResponse","type":"object"}}},"description":"A single page of Match List Items"}},"summary":"Get a list of Match List Items"}},"/match-list-items/{id}":{"get":{"description":"","operationId":"GetMatchListItem","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchListItem"}},"required":["data"],"title":"GetMatchListItemResponse","type":"object"}}},"description":"A single Match List Item"}},"summary":"Get a Match List Item"},"put":{"description":"","operationId":"UpdateMatchListItem","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"}},"required":["active","description"],"type":"object"}},"title":"UpdateMatchListItemRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchListItem"}},"required":["data"],"title":"UpdateMatchListItemResponse","type":"object"}}},"description":"The updated Match List Item"}},"summary":"Update a Match List Item"}},"/match-lists":{"get":{"description":"","operationId":"GetMatchLists","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"in":"query","name":"sort","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortDir","required":false,"schema":{"default":"ASC","enum":["ASC","DESC"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/MatchList"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetMatchListsResponse","type":"object"}}},"description":"A single page of Match Lists"}},"summary":"Get the list of Match Lists"},"post":{"description":"","operationId":"CreateMatchList","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"type":"string"},"name":{"type":"string"},"targetColumn":{"type":"string"}},"required":["name","targetColumn"],"type":"object"}},"required":["fields"],"title":"CreateMatchListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchList"}},"required":["data"],"title":"CreateMatchListResponse","type":"object"}}},"description":"The new Match List"}},"summary":"Create a Match List"}},"/match-lists/{id}":{"delete":{"description":"","operationId":"DeleteMatchList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteMatchListResponse","type":"object"}}},"description":""}},"summary":"Delete a Match List"},"get":{"description":"","operationId":"GetMatchList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchList"}},"required":["data"],"title":"GetMatchListResponse","type":"object"}}},"description":"A single Match List"}},"summary":"Get a Match List"},"put":{"description":"","operationId":"UpdateMatchList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"type":"string"}},"required":["description"],"type":"object"}},"required":["fields"],"title":"UpdateMatchListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchList"}},"required":["data"],"title":"UpdateMatchListResponse","type":"object"}}},"description":"The updated Match List"}},"summary":"Update a Match List"}},"/match-lists/{id}/items":{"post":{"description":"","operationId":"AddItemsToMatchList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"items":{"items":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["value","active","description"],"type":"object"},"type":"array"}},"required":["items"],"title":"AddItemsToMatchListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"AddItemsToMatchListResponse","type":"object"}}},"description":"Success"}},"summary":"Add Match List Items to a Match List"}},"/network-blocks":{"get":{"description":"","operationId":"GetNetworkBlocks","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"in":"query","name":"sort","required":false,"schema":{"default":"ADDRESS_BLOCK","enum":["ADDRESS_BLOCK","CREATED","INTERNAL","LABEL","SUPPRESSES_SIGNALS"],"type":"string"}},{"in":"query","name":"sortDir","required":false,"schema":{"default":"ASC","enum":["ASC","DESC"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/NetworkBlock"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetNetworkBlocksResponse","type":"object"}}},"description":"A single page of Network Blocks"}},"summary":"Get the list of Network Blocks"},"post":{"description":"","operationId":"CreateNetworkBlock","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"addressBlock":{"type":"string"},"internal":{"type":"boolean"},"label":{"type":"string"},"suppressesSignals":{"type":"boolean"}},"required":["addressBlock"],"type":"object"}},"required":["fields"],"title":"CreateNetworkBlockRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/NetworkBlock"}},"required":["data"],"title":"CreateNetworkBlockResponse","type":"object"}}},"description":"The new Network Block"}},"summary":"Create a Network Block"}},"/network-blocks/bulk":{"post":{"description":"","operationId":"BulkUpsertNetworkBlocks","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"networkBlocks":{"items":{"properties":{"addressBlock":{"type":"string"},"internal":{"type":"boolean"},"label":{"type":"string"},"suppressesSignals":{"type":"boolean"}},"required":["addressBlock"],"type":"object"},"type":"array"}},"required":["networkBlocks"],"title":"BulkUpsertNetworkBlocksRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"$ref":"#/components/schemas/NetworkBlock"},"type":"array"}},"required":["data"],"title":"BulkUpsertNetworkBlocksResponse","type":"object"}}},"description":"The created/updated network blocks"}},"summary":"Add or update multiple Network Blocks in one request"}},"/network-blocks/ip-lookup":{"get":{"description":"","operationId":"LookupNetworkBlocksByIp","parameters":[{"in":"query","name":"address","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"$ref":"#/components/schemas/NetworkBlock"},"type":"array"}},"required":["data"],"title":"LookupNetworkBlocksByIpResponse","type":"object"}}},"description":"A list of Network Blocks"}},"summary":"Lookup Network Blocks that match a specific IP address"}},"/network-blocks/{id}":{"delete":{"description":"","operationId":"DeleteNetworkBlock","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteNetworkBlockResponse","type":"object"}}},"description":""}},"summary":"Delete a Network Block"},"get":{"description":"","operationId":"GetNetworkBlock","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/NetworkBlock"}},"required":["data"],"title":"GetNetworkBlockResponse","type":"object"}}},"description":"A single Network Block"}},"summary":"Get a Network Block"},"put":{"description":"","operationId":"UpdateNetworkBlock","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"addressBlock":{"type":"string"},"internal":{"type":"boolean"},"label":{"type":"string"},"suppressesSignals":{"type":"boolean"}},"type":"object"}},"required":["fields"],"title":"UpdateNetworkBlockRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/NetworkBlock"}},"required":["data"],"title":"UpdateNetworkBlockResponse","type":"object"}}},"description":"The updated Network Block"}},"summary":"Update a Network Block"}},"/records/counts":{"get":{"description":"","operationId":"GetRecordCounts","parameters":[{"in":"query","name":"startTimestamp","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"endTimestamp","required":false,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"bucketDuration","required":true,"schema":{"type":"integer"}},{"description":"The timezone to use for creating the bucket cutoffs","in":"query","name":"timezone","required":false,"schema":{"default":"UTC","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"properties":{"timestamp":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["timestamp","value"],"type":"object"},"type":"array"}},"required":["data"],"title":"GetRecordCountsResponse","type":"object"}}},"description":"The count of Records bucketed by a given interval"}},"summary":"Get the count of Records over time"}},"/rule-tuning-expressions":{"get":{"description":"","operationId":"GetRuleTuningExpressions","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"in":"query","name":"sort","required":false,"schema":{"default":"NAME","enum":["CREATED","ENABLED","NAME","RELATED_RULE_COUNT","UPDATED"],"type":"string"}},{"in":"query","name":"sortDir","required":false,"schema":{"default":"ASC","enum":["ASC","DESC"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"objects":{"items":{"$ref":"#/components/schemas/RuleTuningExpression"},"type":"array"},"total":{"type":"integer"}},"required":["total","objects"],"type":"object"}},"required":["data"],"title":"GetRuleTuningExpressionsResponse","type":"object"}}},"description":"A single page of Rule Tuning Expressions"}},"summary":"Get the list of Rule Tuning Expressions"},"post":{"description":"","operationId":"CreateRuleTuningExpression","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"exclude":{"type":"boolean"},"expression":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"},"ruleIds":{"items":{"type":"string"},"type":"array"}},"required":["name","description","expression","enabled","isGlobal","exclude","ruleIds"],"type":"object"}},"required":["fields"],"title":"CreateRuleTuningExpressionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/RuleTuningExpression"}},"required":["data"],"title":"CreateRuleTuningExpressionResponse","type":"object"}}},"description":"The new Rule Tuning Expression"}},"summary":"Create a Rule Tuning Expression"}},"/rule-tuning-expressions/{id}":{"delete":{"description":"","operationId":"DeleteRuleTuningExpression","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteRuleTuningExpressionResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Rule Tuning Expression"},"get":{"description":"","operationId":"GetRuleTuningExpression","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/RuleTuningExpression"}},"required":["data"],"title":"GetRuleTuningExpressionResponse","type":"object"}}},"description":"A single Rule Tuning Expression"}},"summary":"Get a Rule Tuning Expression"},"put":{"description":"","operationId":"UpdateRuleTuningExpression","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"exclude":{"type":"boolean"},"expression":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"},"ruleIds":{"items":{"type":"string"},"type":"array"}},"required":["name","description","expression","enabled","isGlobal","exclude","ruleIds"],"type":"object"}},"required":["fields"],"title":"UpdateRuleTuningExpressionRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/RuleTuningExpression"}},"required":["data"],"title":"UpdateRuleTuningExpressionResponse","type":"object"}}},"description":"The updated Rule Tuning Expression"}},"summary":"Update a Rule Tuning Expression"}},"/rules":{"get":{"description":"","operationId":"GetRules","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `category`\n- `ruleSource`\n- `ruleType`\n- `stream`\n- `status`\n- `name`\n- `severity`\n- `score`\n- `enabled`\n- `created`\n- `createdBy`\n- `lastUpdated`\n- `lastUpdatedBy`\n- `signalCount07D`\n- `signalCount24H`\n- `isPrototype`\n- `tag`\n- `hasOverride`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["tuningExpressions"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"oneOf":[{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expression","score","stream"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"countDistinct":{"type":"boolean"},"countField":{"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"limit":{"type":"integer"},"limitOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"version":{"type":"integer"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","countDistinct","description","expression","groupByFields","limit","score","stream","version","windowSize","windowSizeName"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","descriptionExpression","expression","nameExpression","scoreMapping","stream"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expressionsAndLimits":{"items":{"properties":{"expression":{"type":"string"},"limit":{"type":"integer"}},"required":["expression","limit"],"type":"object"},"type":"array"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"ordered":{"type":"boolean"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expressionsAndLimits","groupByFields","ordered","score","stream","windowSize","windowSizeName"],"type":"object"},{"properties":{"aggregationFunctions":{"items":{"properties":{"arguments":{"items":{"type":"string"},"type":"array"},"function":{"type":"string"},"name":{"type":"string"}},"required":["name","function","arguments"],"type":"object"},"type":"array"},"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"groupByAsset":{"type":"boolean"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"matchExpression":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"triggerExpression":{"type":"string"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","nameExpression","descriptionExpression","matchExpression","groupByAsset","groupByFields","aggregationFunctions","scoreMapping","stream","windowSize","windowSizeName","triggerExpression"],"type":"object"}]},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetRulesResponse","type":"object"}}},"description":"A single page of Rules"}},"summary":"Get the list of Rules for a given query"}},"/rules/aggregation":{"post":{"description":"","operationId":"CreateAggregationRule","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"aggregationFunctions":{"items":{"properties":{"arguments":{"items":{"type":"string"},"type":"array"},"function":{"type":"string"},"name":{"type":"string"}},"required":["name","function","arguments"],"type":"object"},"type":"array"},"assetField":{"type":"string"},"category":{"type":"string"},"descriptionExpression":{"type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"groupByAsset":{"type":"boolean"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"matchExpression":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"parentJaskId":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"triggerExpression":{"type":"string"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["enabled","name","aggregationFunctions","descriptionExpression","groupByAsset","groupByFields","matchExpression","nameExpression","scoreMapping","stream","triggerExpression","windowSize"],"type":"object"}},"required":["fields"],"title":"CreateAggregationRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/AggregationRule"}},"required":["data"],"title":"CreateAggregationRuleResponse","type":"object"}}},"description":"The created Aggregation Rule"}},"summary":"Create a Aggregation Rule"}},"/rules/aggregation/{id}":{"put":{"description":"","operationId":"UpdateAggregationRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"aggregationFunctions":{"items":{"properties":{"arguments":{"items":{"type":"string"},"type":"array"},"function":{"type":"string"},"name":{"type":"string"}},"required":["name","function","arguments"],"type":"object"},"type":"array"},"assetField":{"type":"string"},"category":{"type":"string"},"descriptionExpression":{"type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"groupByAsset":{"type":"boolean"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"matchExpression":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"parentJaskId":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"triggerExpression":{"type":"string"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["name","aggregationFunctions","descriptionExpression","groupByAsset","groupByFields","matchExpression","nameExpression","scoreMapping","stream","triggerExpression","windowSize"],"type":"object"}},"required":["fields"],"title":"UpdateAggregationRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/AggregationRule"}},"required":["data"],"title":"UpdateAggregationRuleResponse","type":"object"}}},"description":"The updated Aggregation Rule"}},"summary":"Update a Aggregation Rule"}},"/rules/chain":{"post":{"description":"","operationId":"CreateChainRule","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expressionsAndLimits":{"items":{"properties":{"expression":{"type":"string"},"limit":{"type":"integer"}},"required":["expression","limit"],"type":"object"},"type":"array"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"ordered":{"type":"boolean"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["enabled","name","description","expressionsAndLimits","score","stream","windowSize"],"type":"object"}},"required":["fields"],"title":"CreateChainRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ChainRule"}},"required":["data"],"title":"CreateChainRuleResponse","type":"object"}}},"description":"The created Chain Rule"}},"summary":"Create a Chain Rule"}},"/rules/chain/{id}":{"put":{"description":"","operationId":"UpdateChainRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expressionsAndLimits":{"items":{"properties":{"expression":{"type":"string"},"limit":{"type":"integer"}},"required":["expression","limit"],"type":"object"},"type":"array"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"ordered":{"type":"boolean"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["name","description","expressionsAndLimits","score","stream","windowSize"],"type":"object"}},"required":["fields"],"title":"UpdateChainRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ChainRule"}},"required":["data"],"title":"UpdateChainRuleResponse","type":"object"}}},"description":"The updated Chain Rule"}},"summary":"Update a Chain Rule"}},"/rules/match":{"post":{"description":"","operationId":"CreateMatchRule","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"}},"required":["enabled","name","description","expression","score","stream"],"type":"object"}},"required":["fields"],"title":"CreateMatchRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchRule"}},"required":["data"],"title":"CreateMatchRuleResponse","type":"object"}}},"description":"The created Legacy Match Rule"}},"summary":"Create a Legacy Match Rule"}},"/rules/match/{id}":{"put":{"description":"","operationId":"UpdateMatchRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"}},"required":["name","description","expression","score","stream"],"type":"object"}},"required":["fields"],"title":"UpdateMatchRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/MatchRule"}},"required":["data"],"title":"UpdateMatchRuleResponse","type":"object"}}},"description":"The updated Legacy Match Rule"}},"summary":"Update a Legacy Match Rule"}},"/rules/templated":{"post":{"description":"","operationId":"CreateTemplatedMatchRule","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"descriptionExpression":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"nameExpression":{"type":"string"},"parentJaskId":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"}},"required":["enabled","name","descriptionExpression","expression","nameExpression","scoreMapping","stream"],"type":"object"}},"required":["fields"],"title":"CreateTemplatedMatchRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/TemplatedMatchRule"}},"required":["data"],"title":"CreateTemplatedMatchRuleResponse","type":"object"}}},"description":"The created Match Rule"}},"summary":"Create a Match Rule"}},"/rules/templated/{id}":{"put":{"description":"","operationId":"UpdateTemplatedMatchRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"descriptionExpression":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"isPrototype":{"type":"boolean"},"name":{"type":"string"},"nameExpression":{"type":"string"},"parentJaskId":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"}},"required":["name","descriptionExpression","expression","nameExpression","scoreMapping","stream"],"type":"object"}},"required":["fields"],"title":"UpdateTemplatedMatchRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/TemplatedMatchRule"}},"required":["data"],"title":"UpdateTemplatedMatchRuleResponse","type":"object"}}},"description":"The updated Match Rule"}},"summary":"Update a Match Rule"}},"/rules/threshold":{"post":{"description":"","operationId":"CreateThresholdRule","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"countDistinct":{"type":"boolean"},"countField":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"limit":{"type":"integer"},"name":{"type":"string"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"version":{"type":"integer"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["enabled","name","description","countDistinct","expression","limit","score","stream","version","windowSize"],"type":"object"}},"required":["fields"],"title":"CreateThresholdRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ThresholdRule"}},"required":["data"],"title":"CreateThresholdRuleResponse","type":"object"}}},"description":"The created Threshold Rule"}},"summary":"Create a Threshold Rule"}},"/rules/threshold/{id}":{"put":{"description":"","operationId":"UpdateThresholdRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"countDistinct":{"type":"boolean"},"countField":{"type":"string"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"description":"The identifier of the type of the Entity to generate the Signal on. Either one of the built-in entity types (_ip, _hostname, _mac, _username) or a custom entity type defined in the UI.","type":"string"},"expression":{"description":"The field from the record containing the Entity value to generate the Signal on","type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"expression":{"type":"string"},"groupByFields":{"items":{"type":"string"},"type":"array"},"isPrototype":{"type":"boolean"},"limit":{"type":"integer"},"name":{"type":"string"},"parentJaskId":{"type":"string"},"score":{"type":"integer"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"tuningExpressionIds":{"items":{"type":"string"},"type":"array"},"version":{"type":"integer"},"windowSize":{"enum":["T05D","T05M","T10M","T12H","T24H","T30M","T60M"],"type":"string"}},"required":["name","description","countDistinct","expression","limit","score","stream","version","windowSize"],"type":"object"}},"required":["fields"],"title":"UpdateThresholdRuleRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ThresholdRule"}},"required":["data"],"title":"UpdateThresholdRuleResponse","type":"object"}}},"description":"The updated Threshold Rule"}},"summary":"Update a Threshold Rule"}},"/rules/{id}":{"delete":{"description":"","operationId":"DeleteRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteRuleResponse","type":"object"}}},"description":"Action success status"}},"summary":"Delete a Rule"},"get":{"description":"","operationId":"GetRule","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["tuningExpressions"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"oneOf":[{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expression","score","stream"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"countDistinct":{"type":"boolean"},"countField":{"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"limit":{"type":"integer"},"limitOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"version":{"type":"integer"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","countDistinct","description","expression","groupByFields","limit","score","stream","version","windowSize","windowSizeName"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expression":{"type":"string"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","descriptionExpression","expression","nameExpression","scoreMapping","stream"],"type":"object"},{"properties":{"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"description":{"description":"The description to be used on the generated Signal","type":"string"},"descriptionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"expressionsAndLimits":{"items":{"properties":{"expression":{"type":"string"},"limit":{"type":"integer"}},"required":["expression","limit"],"type":"object"},"type":"array"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"type":"string"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"ordered":{"type":"boolean"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"score":{"type":"integer"},"scoreOverride":{"properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","description","expressionsAndLimits","groupByFields","ordered","score","stream","windowSize","windowSizeName"],"type":"object"},{"properties":{"aggregationFunctions":{"items":{"properties":{"arguments":{"items":{"type":"string"},"type":"array"},"function":{"type":"string"},"name":{"type":"string"}},"required":["name","function","arguments"],"type":"object"},"type":"array"},"assetField":{"type":"string"},"category":{"type":"string"},"contentType":{"enum":["ANOMALY","CANARY","FILE_ANALYSIS","RULE","THIRD_PARTY","THREAT_INTEL"],"type":"string"},"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"deleted":{"type":"boolean"},"descriptionExpression":{"type":"string"},"descriptionExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"enabled":{"type":"boolean"},"entitySelectors":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"entitySelectorsOverride":{"properties":{"original":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"},"override":{"items":{"properties":{"entityType":{"type":"string"},"expression":{"type":"string"}},"required":["expression","entityType"],"type":"object"},"type":"array"}},"type":"object"},"groupByAsset":{"type":"boolean"},"groupByFields":{"items":{"type":"string"},"type":"array"},"groupByFieldsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"hasOverride":{"type":"boolean"},"id":{"type":"string"},"isPrototype":{"type":"boolean"},"isPrototypeOverride":{"properties":{"original":{"type":"boolean"},"override":{"type":"boolean"}},"type":"object"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"matchExpression":{"type":"string"},"name":{"type":"string"},"nameExpression":{"type":"string"},"nameExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"nameOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"parentJaskId":{"type":"string"},"ruleId":{"type":"integer"},"ruleSource":{"type":"string"},"ruleType":{"type":"string"},"scoreMapping":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"scoreMappingOverride":{"properties":{"original":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"},"override":{"properties":{"default":{"type":"integer"},"field":{"type":"string"},"mapping":{"items":{"properties":{"from":{"type":"string"},"fromEnd":{"type":"string"},"to":{"type":"integer"},"type":{"type":"string"}},"required":["type","from","to"],"type":"object"},"type":"array"},"type":{"type":"string"}},"required":["type"],"type":"object"}},"type":"object"},"signalCount07d":{"description":"The number of Signals generated by this Rule in the past 7 days","type":"integer"},"signalCount24h":{"description":"The number of Signals generated by this Rule in the past 24 hours","type":"integer"},"status":{"properties":{"message":{"type":"string"},"status":{"enum":["ACTIVE","DEGRADED","FAILED_AND_DISABLED","UNKNOWN"],"type":"string"}},"required":["status"],"type":"object"},"stream":{"type":"string"},"summaryExpression":{"type":"string"},"summaryExpressionOverride":{"properties":{"original":{"type":"string"},"override":{"type":"string"}},"type":"object"},"tags":{"items":{"type":"string"},"type":"array"},"tagsOverride":{"properties":{"original":{"items":{"type":"string"},"type":"array"},"override":{"items":{"type":"string"},"type":"array"}},"type":"object"},"triggerExpression":{"type":"string"},"tuningExpressions":{"items":{"properties":{"description":{"type":"string"},"enabled":{"type":"boolean"},"expression":{"type":"string"},"id":{"type":"string"},"isGlobal":{"type":"boolean"},"name":{"type":"string"}},"required":["id","name","description","expression","enabled","isGlobal"],"type":"object"},"type":"array"},"windowSize":{"description":"milliseconds","type":"integer"},"windowSizeName":{"type":"string"},"windowSizeOverride":{"description":"milliseconds","properties":{"original":{"type":"integer"},"override":{"type":"integer"}},"type":"object"}},"required":["contentType","created","createdBy","deleted","enabled","entitySelectors","id","isPrototype","lastUpdated","lastUpdatedBy","name","status","ruleId","ruleSource","ruleType","signalCount07d","signalCount24h","summaryExpression","tags","hasOverride","assetField","nameExpression","descriptionExpression","matchExpression","groupByAsset","groupByFields","aggregationFunctions","scoreMapping","stream","windowSize","windowSizeName","triggerExpression"],"type":"object"}]}},"required":["data"],"title":"GetRuleResponse","type":"object"}}},"description":"A single Rule"}},"summary":"Get a Rule"}},"/rules/{id}/enabled":{"put":{"description":"","operationId":"UpdateRuleEnabled","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"enabled":{"type":"boolean"}},"required":["enabled"],"title":"UpdateRuleEnabledRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"UpdateRuleEnabledResponse","type":"object"}}},"description":"Action success status"}},"summary":"Enable or disable a Rule"}},"/signals":{"get":{"description":"Note: This API will not return more than 10,000 Signals for a given query, even when split over many pages. To retrieve all Signals, use the /signals/all API.","operationId":"GetSignals","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `stage`\n- `contentType`\n- `name`\n- `description`\n- `created`\n- `timestamp`\n- `severity`\n- `entity.id`\n- `entity.ip`\n- `entity.hostname`\n- `entity.username`\n- `entity.type`\n- `entity.sensorZone`\n- `suppressed`\n- `ruleId`\n- `prototype`\n- `records`\n- `tag`\n- `vendor`\n- `product`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/Signal"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetSignalsResponse","type":"object"}}},"description":"A single page of Signals"}},"summary":"Get the list of Signals for a given query"}},"/signals/all":{"get":{"description":"","operationId":"GetAllSignals","parameters":[{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `stage`\n- `contentType`\n- `name`\n- `description`\n- `created`\n- `timestamp`\n- `severity`\n- `entity.id`\n- `entity.ip`\n- `entity.hostname`\n- `entity.username`\n- `entity.type`\n- `entity.sensorZone`\n- `suppressed`\n- `ruleId`\n- `prototype`\n- `records`\n- `tag`\n- `vendor`\n- `product`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"in":"query","name":"nextPageToken","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"nextPageToken":{"type":"string"},"objects":{"items":{"$ref":"#/components/schemas/Signal"},"type":"array"}},"required":["objects"],"type":"object"}},"required":["data"],"title":"GetAllSignalsResponse","type":"object"}}},"description":"A single page of Signals, including the nextPageToken which can be used to fetch the next page of results. Note: The nextPageToken expires after one minute so it must be used soon after it is retrieved."}},"summary":"Get the list of all Signals"}},"/signals/counts":{"get":{"description":"","operationId":"GetSignalCounts","parameters":[{"in":"query","name":"startTimestamp","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"endTimestamp","required":false,"schema":{"format":"date-time","type":"string"}},{"description":"The duration of the buckets in seconds","in":"query","name":"bucketDuration","required":true,"schema":{"type":"integer"}},{"description":"The timezone to use for creating the bucket cutoffs (See TZ database name for valid values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)","in":"query","name":"timezone","required":false,"schema":{"default":"UTC","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"items":{"properties":{"timestamp":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["timestamp","value"],"type":"object"},"type":"array"}},"required":["data"],"title":"GetSignalCountsResponse","type":"object"}}},"description":"The count of Signals bucketed by a given interval"}},"summary":"Get the count of Signals over time"}},"/signals/{id}":{"get":{"description":"","operationId":"GetSignal","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Signal","description":"The details for a single Signal"}},"required":["data"],"title":"GetSignalResponse","type":"object"}}},"description":"A single Signal"}},"summary":"Get a Signal"}},"/signals/{id}/enrichments":{"get":{"description":"","operationId":"GetSignalEnrichments","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"description":"The details for a single Signal","properties":{"enrichments":{"items":{"$ref":"#/components/schemas/Enrichment"},"type":"array"}},"required":["enrichments"],"type":"object"}},"required":["data"],"title":"GetSignalEnrichmentsResponse","type":"object"}}},"description":"A single Signal's enrichments"}},"summary":"Get a Signal's enrichments"}},"/signals/{id}/enrichments/{enrichmentType}":{"put":{"description":"","operationId":"SaveSignalEnrichment","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"in":"path","name":"enrichmentType","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"detail":{"type":"string"},"raw":{"type":"string"}},"required":["detail"],"title":"SaveSignalEnrichmentRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/Enrichment","description":"The saved Enrichment"}},"required":["data"],"title":"SaveSignalEnrichmentResponse","type":"object"}}},"description":"The created Enrichment on the Signal"}},"summary":"Create or update an Enrichment on a Signal"}},"/suppress-list-items":{"get":{"description":"","operationId":"GetSuppressListItems","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"description":"A value to search for","in":"query","name":"value","required":false,"schema":{"type":"string"}},{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `targetColumn`\n- `value`\n- `active`\n- `expirationDate`\n- `listName`\n- `description`\n- `created`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"in":"query","name":"listIds","required":false,"schema":{"items":{"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/SuppressListItem"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetSuppressListItemsResponse","type":"object"}}},"description":"A single page of Suppress List Items"}},"summary":"Get a list of Suppress List Items"}},"/suppress-list-items/{id}":{"get":{"description":"","operationId":"GetSuppressListItem","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/SuppressListItem"}},"required":["data"],"title":"GetSuppressListItemResponse","type":"object"}}},"description":"A single Suppress List Item"}},"summary":"Get a Suppress List Item"},"put":{"description":"","operationId":"UpdateSuppressListItem","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"}},"required":["active","description"],"type":"object"}},"title":"UpdateSuppressListItemRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/SuppressListItem"}},"required":["data"],"title":"UpdateSuppressListItemResponse","type":"object"}}},"description":"The updated Suppress List Item"}},"summary":"Update a Suppress List Item"}},"/suppress-lists":{"get":{"description":"","operationId":"GetSuppressLists","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"in":"query","name":"sort","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortDir","required":false,"schema":{"default":"ASC","enum":["ASC","DESC"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/SuppressList"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetSuppressListsResponse","type":"object"}}},"description":"A single page of Suppress Lists"}},"summary":"Get the list of Suppress Lists"},"post":{"description":"","operationId":"CreateSuppressList","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"type":"string"},"name":{"type":"string"},"targetColumn":{"type":"string"}},"required":["name","targetColumn"],"type":"object"}},"required":["fields"],"title":"CreateSuppressListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/SuppressList"}},"required":["data"],"title":"CreateSuppressListResponse","type":"object"}}},"description":"The new Suppress List"}},"summary":"Create a Suppress List"}},"/suppress-lists/{id}":{"delete":{"description":"","operationId":"DeleteSuppressList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"DeleteSuppressListResponse","type":"object"}}},"description":""}},"summary":"Delete a Suppress List"},"get":{"description":"","operationId":"GetSuppressList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/SuppressList"}},"required":["data"],"title":"GetSuppressListResponse","type":"object"}}},"description":"A single Suppress List"}},"summary":"Get a Suppress List"},"put":{"description":"","operationId":"UpdateSuppressList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"defaultTtl":{"description":"The default time-to-live (in seconds) for new Items added to this List. This default is only used to default the field in the UI, and is not used at all when new Items are added via the API.","type":"integer"},"description":{"type":"string"}},"required":["description"],"type":"object"}},"required":["fields"],"title":"UpdateSuppressListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/SuppressList"}},"required":["data"],"title":"UpdateSuppressListResponse","type":"object"}}},"description":"The updated Suppress List"}},"summary":"Update a Suppress List"}},"/suppress-lists/{id}/items":{"post":{"description":"","operationId":"AddItemsToSuppressList","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"items":{"items":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["value","active","description"],"type":"object"},"type":"array"}},"required":["items"],"title":"AddItemsToSuppressListRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"AddItemsToSuppressListResponse","type":"object"}}},"description":"Success"}},"summary":"Add Suppress List Items to a Suppress List"}},"/threat-intel-indicators":{"get":{"description":"","operationId":"GetThreatIntelIndicators","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"description":"A value to search for","in":"query","name":"value","required":false,"schema":{"type":"string"}},{"description":"\n The search query string in our custom DSL that is used to filter the results.\n\n Operators:\n - `exampleField:\"bar\"`: The value of the field is equal to \"bar\".\n - `exampleField:in(\"bar\", \"baz\", \"qux\")`: The value of the field is equal to either \"bar\", \"baz\", or \"qux\".\n - `exampleTextField:contains(\"foo bar\")`: The value of the field contains the phrase \"foo bar\".\n - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.\n - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).\n - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2,\n 2019.\n - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m.\n and 8 a.m. UTC time on February 2, 2019.\n\n Fields:\n - `id`\n- `targetColumn`\n- `value`\n- `active`\n- `expirationDate`\n- `listName`\n- `description`\n- `created`\n ","in":"query","name":"q","required":false,"schema":{"type":"string"}},{"in":"query","name":"sourceIds","required":false,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["source"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"properties":{"active":{"type":"boolean"},"expiration":{"format":"date-time","type":"string"},"id":{"type":"string"},"meta":{"properties":{"created":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"},"description":{"type":"string"},"updated":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"}},"required":["description"],"type":"object"},"source":{"properties":{"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"description":{"description":"A description of the Source.","type":"string"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"description":"The name of the Source.","type":"string"},"sourceType":{"enum":["ANOMALI","CUSTOM","IDEFENSE","TAXII","THREATQ"],"type":"string"}},"required":["id","name","sourceType"],"type":"object"},"value":{"type":"string"}},"required":["id","value","active","source"],"type":"object"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetThreatIntelIndicatorsResponse","type":"object"}}},"description":"A single page of Threat Intel Indicators"}},"summary":"Get a list of Threat Intel Indicators"}},"/threat-intel-indicators/{id}":{"get":{"description":"","operationId":"GetThreatIntelIndicator","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}},{"description":"A comma-separated list of subfields to be returned in the response","in":"query","name":"expand","required":false,"schema":{"items":{"enum":["source"],"type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"active":{"type":"boolean"},"expiration":{"format":"date-time","type":"string"},"id":{"type":"string"},"meta":{"properties":{"created":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"},"description":{"type":"string"},"updated":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"}},"required":["description"],"type":"object"},"source":{"properties":{"created":{"format":"date-time","type":"string"},"createdBy":{"type":"string"},"description":{"description":"A description of the Source.","type":"string"},"id":{"type":"string"},"lastUpdated":{"format":"date-time","type":"string"},"lastUpdatedBy":{"type":"string"},"name":{"description":"The name of the Source.","type":"string"},"sourceType":{"enum":["ANOMALI","CUSTOM","IDEFENSE","TAXII","THREATQ"],"type":"string"}},"required":["id","name","sourceType"],"type":"object"},"value":{"type":"string"}},"required":["id","value","active","source"],"type":"object"}},"required":["data"],"title":"GetThreatIntelIndicatorResponse","type":"object"}}},"description":"A single Threat Intel Indicator"}},"summary":"Get a Threat Intel Indicator"},"put":{"description":"","operationId":"UpdateThreatIntelIndicator","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"}},"required":["active","description"],"type":"object"}},"title":"UpdateThreatIntelIndicatorRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"active":{"type":"boolean"},"expiration":{"format":"date-time","type":"string"},"id":{"type":"string"},"meta":{"properties":{"created":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"},"description":{"type":"string"},"updated":{"properties":{"username":{"type":"string"},"when":{"format":"date-time","type":"string"}},"required":["username","when"],"type":"object"}},"required":["description"],"type":"object"},"value":{"type":"string"}},"required":["id","value","active"],"type":"object"}},"required":["data"],"title":"UpdateThreatIntelIndicatorResponse","type":"object"}}},"description":"The updated Threat Intel Indicator"}},"summary":"Update a Threat Intel Indicator"}},"/threat-intel-sources":{"get":{"description":"","operationId":"GetThreatIntelligenceSources","parameters":[{"description":"The number of items to skip before starting to collect the result set","in":"query","name":"offset","required":false,"schema":{"default":0,"type":"integer"}},{"description":"The numbers of items to return","in":"query","name":"limit","required":false,"schema":{"default":50,"type":"integer"}},{"in":"query","name":"sort","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortDir","required":false,"schema":{"default":"ASC","enum":["ASC","DESC"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"hasNextPage":{"type":"boolean"},"objects":{"items":{"$ref":"#/components/schemas/ThreatIntelSource"},"type":"array"},"total":{"type":"integer"}},"required":["hasNextPage","total","objects"],"type":"object"}},"required":["data"],"title":"GetThreatIntelligenceSourcesResponse","type":"object"}}},"description":"A single page of Threat Intel Sources"}},"summary":"Get the list of Threat Intel Sources"},"post":{"description":"","operationId":"CreateThreatIntelSource","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"properties":{"fields":{"properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"}},"required":["fields"],"title":"CreateThreatIntelSourceRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ThreatIntelSource"}},"required":["data"],"title":"CreateThreatIntelSourceResponse","type":"object"}}},"description":"The new Threat Intel Source"}},"summary":"Create a Threat Intel Source"}},"/threat-intel-sources/{id}":{"get":{"description":"","operationId":"GetThreatIntelSource","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"$ref":"#/components/schemas/ThreatIntelSource"}},"required":["data"],"title":"GetThreatIntelSourceResponse","type":"object"}}},"description":"A single Threat Intel Source"}},"summary":"Get a Threat Intel Source"}},"/threat-intel-sources/{threatIntelSourceId}/items":{"post":{"description":"","operationId":"AddIndicatorToThreatIntelSource","parameters":[{"in":"path","name":"threatIntelSourceId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"indicators":{"items":{"properties":{"active":{"type":"boolean"},"description":{"type":"string"},"expiration":{"format":"date-time","type":"string"},"value":{"type":"string"}},"required":["value","active","description"],"type":"object"},"type":"array"}},"required":["indicators"],"title":"AddIndicatorToThreatIntelSourceRequestBody","type":"object"}}},"description":"","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"properties":{"ok":{"type":"boolean"}},"required":["ok"],"type":"object"}},"required":["data"],"title":"AddIndicatorToThreatIntelSourceResponse","type":"object"}}},"description":"Success"}},"summary":"Add Indicators to a Threat Intel Source"}}},"security":[{"basicAuth":[]}],"servers":[{"url":"https://api.us2.sumologic.com/api/sec/v1"},{"url":"https://api.au.sumologic.com/api/sec/v1"},{"url":"https://api.sumologic.com/api/sec/v1"},{"url":"https://api.jp.sumologic.com/api/sec/v1"},{"url":"https://api.in.sumologic.com/api/sec/v1"}]}