class NodeThreatUpdate(NodeThreatBase):
types: Optional[type_list_str] = Field(
description="A list of types the threat represents")
value: Optional[type_str] = Field(description="The value of the threat")
_prevent_none: classmethod = validators.prevent_none("types", "value")
class AnalysisModuleTypeUpdate(AnalysisModuleTypeBase):
manual: Optional[StrictBool] = Field(
description=
"Whether or not this analysis module type runs in manual mode.")
observable_types: Optional[List[type_str]] = Field(
description=
"""A list of observable types this analysis module type knows how to analyze.
An empty list means it supports ALL observable types.""", )
required_directives: Optional[List[type_str]] = Field(
description=
"""A list of directives an observable must have in order to be analyzed by this module. An empty
list means that no directives are required.""", )
required_tags: Optional[List[type_str]] = Field(
description=
"""A list of tags an observable must have in order to be analyzed by this module. An empty list
means that no tags are required.""", )
value: Optional[type_str] = Field(
description="The value of the analysis module type")
version: Optional[type_str] = Field(
description=
"Version number of the analysis module type in SemVer format (ex: 1.0.0)"
)
_prevent_none: classmethod = validators.prevent_none(
"manual",
"observable_types",
"required_directives",
"required_tags",
"value",
)
class EventUpdate(NodeUpdate, EventBase):
name: Optional[type_str] = Field(description="The name of the event")
status: Optional[type_str] = Field(
description="The status assigned to the event")
_prevent_none: classmethod = validators.prevent_none("name", "status")
class ObservableUpdate(ObservableBase):
for_detection: Optional[StrictBool] = Field(
description=
"Whether or not this observable should be included in the observable detection exports"
)
type: Optional[type_str] = Field(description="The type of the observable")
value: Optional[type_str] = Field(
description="The value of the observable")
_prevent_none: classmethod = validators.prevent_none(
"for_detection", "type", "value")
class AlertUpdate(NodeUpdate, AlertBase):
disposition: Optional[type_str] = Field(
description="The disposition assigned to this alert")
# TODO: This should not be editable. When we have authentication in place, the user will be inferred from the token.
# disposition_user: Optional[type_str] = Field(
# description="The username of the user who most recently dispositioned this alert"
# )
event_uuid: Optional[UUID4] = Field(
description="The UUID of the event containing this alert")
queue: Optional[type_str] = Field(
description="The alert queue containing this alert")
type: Optional[type_str] = Field(description="The type of this alert")
_prevent_none: classmethod = validators.prevent_none("queue", "type")
class UserUpdate(UserBase):
default_alert_queue: Optional[type_str] = Field(
description=
"The default alert queue the user will see on the alert management page"
)
display_name: Optional[type_str] = Field(
description="The user's full name")
email: Optional[EmailStr] = Field(description="The user's email address")
enabled: Optional[StrictBool] = Field(
description=
"Whether or not the user account is enabled and can access the application"
)
password: Optional[constr(
strict=True,
min_length=8)] = Field(description="The password to use for the user")
roles: Optional[type_list_str] = Field(
description="A list of roles assigned to the user")
timezone: Optional[type_str] = Field(
description=
"The timezone that will be used when the user views timestamps in the application"
)
username: Optional[type_str] = Field(
description="The username used to sign into the application")
_prevent_none: classmethod = validators.prevent_none(
"default_alert_queue",
"display_name",
"email",
"enabled",
"password",
"roles",
"username",
)
class NodeHistoryActionUpdate(NodeHistoryActionBase):
value: Optional[type_str] = Field(
description="The value of the node history action")
_prevent_none: classmethod = validators.prevent_none("value")
class EventRemediationUpdate(EventRemediationBase):
value: Optional[type_str] = Field(
description="The value of the event remediation")
_prevent_none: classmethod = validators.prevent_none("value")
class EventStatusUpdate(EventStatusBase):
value: Optional[type_str] = Field(
description="The value of the event status")
_prevent_none: classmethod = validators.prevent_none("value")
class AlertQueueUpdate(AlertQueueBase):
value: Optional[type_str] = Field(
description="The value of the alert queue")
_prevent_none: classmethod = validators.prevent_none("value")
class EventRiskLevelUpdate(EventRiskLevelBase):
value: Optional[type_str] = Field(description="The value of the event risk level")
_prevent_none: classmethod = validators.prevent_none("value")
class NodeDirectiveUpdate(NodeDirectiveBase):
value: Optional[type_str] = Field(
description="The value of the node directive")
_prevent_none: classmethod = validators.prevent_none("value")
class ObservableTypeUpdate(ObservableTypeBase):
value: Optional[type_str] = Field(
description="The value of the observable type")
_prevent_none: classmethod = validators.prevent_none("value")
class UserRoleUpdate(UserRoleBase):
value: Optional[type_str] = Field(description="The value of the role")
_prevent_none: classmethod = validators.prevent_none("value")
class EventPreventionToolUpdate(EventPreventionToolBase):
value: Optional[type_str] = Field(
description="The value of the event prevention tool")
_prevent_none: classmethod = validators.prevent_none("value")
class AlertToolInstanceUpdate(AlertToolInstanceBase):
value: Optional[type_str] = Field(
description="The value of the alert tool instance")
_prevent_none: classmethod = validators.prevent_none("value")
class NodeThreatActorUpdate(NodeThreatActorBase):
value: Optional[type_str] = Field(
description="The value of the node threat actor")
_prevent_none: classmethod = validators.prevent_none("value")
class AlertDispositionUpdate(AlertDispositionBase):
rank: Optional[type_int] = Field(description="An integer value used to sort the dispositions")
value: Optional[type_str] = Field(description="The value of the disposition")
_prevent_none: classmethod = validators.prevent_none("rank", "value")
class EventVectorUpdate(EventVectorBase):
value: Optional[type_str] = Field(description="The value of the event vector")
_prevent_none: classmethod = validators.prevent_none("value")
class NodeTagUpdate(NodeTagBase):
value: Optional[type_str] = Field(description="The value of the node tag")
_prevent_none: classmethod = validators.prevent_none("value")
