class NodeThreatUpdate(NodeThreatBase): types: Optional[type_list_str] = Field( description="A list of types the threat represents") value: Optional[type_str] = Field(description="The value of the threat") _prevent_none: classmethod = validators.prevent_none("types", "value")
class AnalysisModuleTypeUpdate(AnalysisModuleTypeBase): manual: Optional[StrictBool] = Field( description= "Whether or not this analysis module type runs in manual mode.") observable_types: Optional[List[type_str]] = Field( description= """A list of observable types this analysis module type knows how to analyze. An empty list means it supports ALL observable types.""", ) required_directives: Optional[List[type_str]] = Field( description= """A list of directives an observable must have in order to be analyzed by this module. An empty list means that no directives are required.""", ) required_tags: Optional[List[type_str]] = Field( description= """A list of tags an observable must have in order to be analyzed by this module. An empty list means that no tags are required.""", ) value: Optional[type_str] = Field( description="The value of the analysis module type") version: Optional[type_str] = Field( description= "Version number of the analysis module type in SemVer format (ex: 1.0.0)" ) _prevent_none: classmethod = validators.prevent_none( "manual", "observable_types", "required_directives", "required_tags", "value", )
class EventUpdate(NodeUpdate, EventBase): name: Optional[type_str] = Field(description="The name of the event") status: Optional[type_str] = Field( description="The status assigned to the event") _prevent_none: classmethod = validators.prevent_none("name", "status")
class ObservableUpdate(ObservableBase): for_detection: Optional[StrictBool] = Field( description= "Whether or not this observable should be included in the observable detection exports" ) type: Optional[type_str] = Field(description="The type of the observable") value: Optional[type_str] = Field( description="The value of the observable") _prevent_none: classmethod = validators.prevent_none( "for_detection", "type", "value")
class AlertUpdate(NodeUpdate, AlertBase): disposition: Optional[type_str] = Field( description="The disposition assigned to this alert") # TODO: This should not be editable. When we have authentication in place, the user will be inferred from the token. # disposition_user: Optional[type_str] = Field( # description="The username of the user who most recently dispositioned this alert" # ) event_uuid: Optional[UUID4] = Field( description="The UUID of the event containing this alert") queue: Optional[type_str] = Field( description="The alert queue containing this alert") type: Optional[type_str] = Field(description="The type of this alert") _prevent_none: classmethod = validators.prevent_none("queue", "type")
class UserUpdate(UserBase): default_alert_queue: Optional[type_str] = Field( description= "The default alert queue the user will see on the alert management page" ) display_name: Optional[type_str] = Field( description="The user's full name") email: Optional[EmailStr] = Field(description="The user's email address") enabled: Optional[StrictBool] = Field( description= "Whether or not the user account is enabled and can access the application" ) password: Optional[constr( strict=True, min_length=8)] = Field(description="The password to use for the user") roles: Optional[type_list_str] = Field( description="A list of roles assigned to the user") timezone: Optional[type_str] = Field( description= "The timezone that will be used when the user views timestamps in the application" ) username: Optional[type_str] = Field( description="The username used to sign into the application") _prevent_none: classmethod = validators.prevent_none( "default_alert_queue", "display_name", "email", "enabled", "password", "roles", "username", )
class NodeHistoryActionUpdate(NodeHistoryActionBase): value: Optional[type_str] = Field( description="The value of the node history action") _prevent_none: classmethod = validators.prevent_none("value")
class EventRemediationUpdate(EventRemediationBase): value: Optional[type_str] = Field( description="The value of the event remediation") _prevent_none: classmethod = validators.prevent_none("value")
class EventStatusUpdate(EventStatusBase): value: Optional[type_str] = Field( description="The value of the event status") _prevent_none: classmethod = validators.prevent_none("value")
class AlertQueueUpdate(AlertQueueBase): value: Optional[type_str] = Field( description="The value of the alert queue") _prevent_none: classmethod = validators.prevent_none("value")
class EventRiskLevelUpdate(EventRiskLevelBase): value: Optional[type_str] = Field(description="The value of the event risk level") _prevent_none: classmethod = validators.prevent_none("value")
class NodeDirectiveUpdate(NodeDirectiveBase): value: Optional[type_str] = Field( description="The value of the node directive") _prevent_none: classmethod = validators.prevent_none("value")
class ObservableTypeUpdate(ObservableTypeBase): value: Optional[type_str] = Field( description="The value of the observable type") _prevent_none: classmethod = validators.prevent_none("value")
class UserRoleUpdate(UserRoleBase): value: Optional[type_str] = Field(description="The value of the role") _prevent_none: classmethod = validators.prevent_none("value")
class EventPreventionToolUpdate(EventPreventionToolBase): value: Optional[type_str] = Field( description="The value of the event prevention tool") _prevent_none: classmethod = validators.prevent_none("value")
class AlertToolInstanceUpdate(AlertToolInstanceBase): value: Optional[type_str] = Field( description="The value of the alert tool instance") _prevent_none: classmethod = validators.prevent_none("value")
class NodeThreatActorUpdate(NodeThreatActorBase): value: Optional[type_str] = Field( description="The value of the node threat actor") _prevent_none: classmethod = validators.prevent_none("value")
class AlertDispositionUpdate(AlertDispositionBase): rank: Optional[type_int] = Field(description="An integer value used to sort the dispositions") value: Optional[type_str] = Field(description="The value of the disposition") _prevent_none: classmethod = validators.prevent_none("rank", "value")
class EventVectorUpdate(EventVectorBase): value: Optional[type_str] = Field(description="The value of the event vector") _prevent_none: classmethod = validators.prevent_none("value")
class NodeTagUpdate(NodeTagBase): value: Optional[type_str] = Field(description="The value of the node tag") _prevent_none: classmethod = validators.prevent_none("value")