CortexXDRClient API Data Models
Alerts
- class cortex_xdr_client.api.models.alerts.Alert(**data)
-
- action: Optional[str]
- action_pretty: Optional[str]
- agent_data_collection_status: Optional[bool]
- agent_device_domain: Optional[str]
- agent_fqdn: Optional[str]
- agent_is_vdi: Optional[str]
- agent_os_sub_type: Optional[str]
- agent_os_type: Optional[str]
- agent_version: Optional[str]
- alert_id: Optional[str]
- attempt_counter: Optional[int]
- bioc_category_enum_key: Optional[str]
- bioc_indicator: Optional[str]
- category: Optional[str]
- contains_featured_host: Optional[bool]
- contains_featured_ip: Optional[bool]
- contains_featured_user: Optional[bool]
- deduplicate_tokens: Optional[str]
- description: Union[str, List[AlertDescriptionItem]]
- detection_timestamp: Optional[int]
- end_match_attempt_ts: Optional[int]
- endpoint_id: Optional[str]
- external_id: Optional[str]
- filter_rule_id: Optional[str]
- host_ip: Optional[List[str]]
- host_name: Optional[str]
- is_whitelisted: Optional[bool]
- local_insert_ts: Optional[int]
- mac: Optional[str]
- mac_address: Optional[List[str]]
- matching_service_rule_id: Optional[str]
- matching_status: Optional[str]
- mitre_tactic_id_and_name: Optional[List[str]]
- mitre_technique_id_and_name: Optional[List[str]]
- name: Optional[str]
- severity: Optional[AlertSeverity]
- source: Optional[str]
- starred: Optional[bool]
- class cortex_xdr_client.api.models.alerts.AlertDescriptionItem(**data)
- data_type: Optional[Any]
- dml_type: Optional[Any]
- dml_ui: Optional[bool]
- entity_map: Optional[Any]
- pretty_name: str
- render_type: str
- class cortex_xdr_client.api.models.alerts.AlertSeverity(value)
Severity of an alert.
- HIGH = 'high'
- LOW = 'low'
- MEDIUM = 'medium'
- UNKNOWN = 'unknown'
- class cortex_xdr_client.api.models.alerts.Event(**data)
- action_country: Optional[str]
- action_external_hostname: Optional[str]
- action_file_macro_sha256: Optional[str]
- action_file_md5: Optional[str]
- action_file_name: Optional[str]
- action_file_path: Optional[str]
- action_file_sha256: Optional[str]
- action_local_ip: Optional[str]
- action_local_port: Optional[str]
- action_process_causality_id: Optional[str]
- action_process_image_command_line: Optional[str]
- action_process_image_name: Optional[str]
- action_process_image_sha256: Optional[str]
- action_process_instance_id: Optional[str]
- action_process_signature_status: Optional[str]
- action_process_signature_vendor: Optional[str]
- action_registry_data: Optional[str]
- action_registry_full_key: Optional[str]
- action_registry_key_name: Optional[str]
- action_registry_value_name: Optional[str]
- action_remote_ip: Optional[str]
- action_remote_port: Optional[str]
- actor_causality_id: Optional[str]
- actor_process_causality_id: Optional[str]
- actor_process_command_line: Optional[str]
- actor_process_image_md5: Optional[str]
- actor_process_image_name: Optional[str]
- actor_process_image_path: Optional[str]
- actor_process_image_sha256: Optional[str]
- actor_process_instance_id: Optional[str]
- actor_process_os_pid: Optional[str]
- actor_process_signature_status: Optional[str]
- actor_process_signature_vendor: Optional[str]
- actor_thread_thread_id: Optional[str]
- agent_host_boot_time: Optional[str]
- agent_install_type: Optional[str]
- association_strength: Optional[str]
- causality_actor_causality_id: Optional[str]
- causality_actor_process_command_line: Optional[str]
- causality_actor_process_execution_time: Optional[str]
- causality_actor_process_image_md5: Optional[str]
- causality_actor_process_image_name: Optional[str]
- causality_actor_process_image_path: Optional[str]
- causality_actor_process_image_sha256: Optional[str]
- causality_actor_process_signature_status: Optional[str]
- causality_actor_process_signature_vendor: Optional[str]
- dns_query_name: Optional[str]
- dst_action_country: Optional[str]
- dst_action_external_hostname: Optional[str]
- dst_action_external_port: Optional[str]
- dst_agent_id: Optional[str]
- dst_association_strength: Optional[str]
- dst_causality_actor_process_execution_time: Optional[str]
- event_id: Optional[str]
- event_sub_type: Optional[str]
- event_timestamp: Optional[int]
- event_type: Optional[str]
- fw_app_category: Optional[str]
- fw_app_id: Optional[str]
- fw_app_subcategory: Optional[str]
- fw_app_technology: Optional[str]
- fw_device_name: Optional[str]
- fw_email_recipient: Optional[str]
- fw_email_sender: Optional[str]
- fw_email_subject: Optional[str]
- fw_interface_from: Optional[str]
- fw_interface_to: Optional[str]
- fw_is_phishing: Optional[str]
- fw_misc: Optional[str]
- fw_rule: Optional[str]
- fw_rule_id: Optional[str]
- fw_serial_number: Optional[str]
- fw_url_domain: Optional[str]
- fw_vsys: Optional[str]
- fw_xff: Optional[str]
- module_id: Optional[str]
- os_actor_causality_id: Optional[str]
- os_actor_effective_username: Optional[str]
- os_actor_process_causality_id: Optional[str]
- os_actor_process_command_line: Optional[str]
- os_actor_process_image_name: Optional[str]
- os_actor_process_image_path: Optional[str]
- os_actor_process_image_sha256: Optional[str]
- os_actor_process_instance_id: Optional[str]
- os_actor_process_os_pid: Optional[str]
- os_actor_process_signature_status: Optional[str]
- os_actor_process_signature_vendor: Optional[str]
- os_actor_thread_thread_id: Optional[str]
- story_id: Optional[str]
- user_name: Optional[str]
- class cortex_xdr_client.api.models.alerts.GetAlertsResponse(**data)
- reply: GetAlertsResponseItem
Endpoints
- class cortex_xdr_client.api.models.endpoints.Endpoint(**data)
-
- active_directory: Optional[Union[List[str], str]]
- alias: Optional[str]
- content_version: Optional[str]
- domain: Optional[str]
- endpoint_id: Optional[str]
- endpoint_name: Optional[str]
- endpoint_status: EndpointStatus
- endpoint_type: Optional[str]
- endpoint_version: Optional[str]
- first_seen: Optional[int]
- group_name: Optional[List[str]]
- install_date: Optional[int]
- installation_package: Optional[str]
- ip: Optional[List[str]]
- is_isolated: IsolateStatus
- isolated_date: Optional[str]
- last_content_update_time: Optional[int]
- last_seen: Optional[int]
- mac_address: Optional[List[str]]
- operational_status: Optional[str]
- operational_status_description: Optional[str]
- os_type: Optional[EndpointPlatform]
- scan_status: Optional[ScanStatus]
- users: Union[List[str], None, str]
- class cortex_xdr_client.api.models.endpoints.EndpointPlatform(value)
Enum for endpoint platform
- android = 'AGENT_OS_ANDROID'
- linux = 'AGENT_OS_LINUX'
- mac = 'AGENT_OS_MAC'
- macos = 'AGENT_OS_MACOS'
- windows = 'AGENT_OS_WINDOWS'
- class cortex_xdr_client.api.models.endpoints.EndpointStatus(value)
Enum for endpoint status
- connected = 'CONNECTED'
- disconnected = 'DISCONNECTED'
- lost = 'LOST'
- class cortex_xdr_client.api.models.endpoints.GetAllEndpointsResponse(**data)
- reply: List[LightEndpoint]
- class cortex_xdr_client.api.models.endpoints.GetEndpointResponse(**data)
- reply: GetEndpointResponseItem
- class cortex_xdr_client.api.models.endpoints.GetEndpointResponseItem(**data)
-
- result_count: Optional[int]
- total_count: Optional[int]
- class cortex_xdr_client.api.models.endpoints.IsolateStatus(value)
Enum for isolate status
- isolated = 'AGENT_ISOLATED'
- pending_isolation = 'AGENT_PENDING_ISOLATION'
- unisolated = 'AGENT_UNISOLATED'
- class cortex_xdr_client.api.models.endpoints.LightEndpoint(**data)
- agent_id: Optional[str]
- agent_status: Optional[str]
- agent_type: Optional[str]
- host_name: Optional[str]
- ip: Optional[List[str]]
- class cortex_xdr_client.api.models.endpoints.ResponseActionResponse(**data)
- reply: ResponseActionResponseItem
- class cortex_xdr_client.api.models.endpoints.ResponseActionResponseItem(**data)
- action_id: Optional[str]
- endpoints_count: Optional[int]
- status: Optional[int]
- class cortex_xdr_client.api.models.endpoints.ScanStatus(value)
Enum for scan status
- aborted = 'SCAN_STATUS_ABORTED'
- cancel = 'SCAN_STATUS_CANCEL'
- canceled = 'SCAN_STATUS_CANCELED'
- error = 'SCAN_STATUS_ERROR'
- in_progress = 'SCAN_STATUS_IN_PROGRESS'
- none = 'SCAN_STATUS_NONE'
- pending = 'SCAN_STATUS_PENDING'
- pending_cancellation = 'SCAN_STATUS_PENDING_CANCELLATION'
- success = 'SCAN_STATUS_SUCCESS'
Exceptions
- exception cortex_xdr_client.api.models.exceptions.InvalidResponseException(response, missing_items)
- exception cortex_xdr_client.api.models.exceptions.UnsuccessfulQueryStatusException(status)
Incidents
- class cortex_xdr_client.api.models.incidents.AlertDatums(**data)
- data: List[AlertsDatum]
- total_count: Optional[int]
- class cortex_xdr_client.api.models.incidents.AlertsDatum(**data)
- action: Optional[str]
- action_country: Optional[str]
- action_external_hostname: Optional[str]
- action_file_macro_sha256: Optional[str]
- action_file_md5: Optional[str]
- action_file_name: Optional[str]
- action_file_path: Optional[str]
- action_file_sha256: Optional[str]
- action_local_ip: Optional[str]
- action_local_port: Optional[int]
- action_pretty: Optional[str]
- action_process_causality_id: Optional[str]
- action_process_image_command_line: Optional[str]
- action_process_image_name: Optional[str]
- action_process_image_sha256: Optional[str]
- action_process_instance_id: Optional[str]
- action_process_signature_status: Optional[str]
- action_process_signature_vendor: Optional[str]
- action_registry_data: Optional[str]
- action_registry_full_key: Optional[str]
- action_registry_key_name: Optional[str]
- action_registry_value_name: Optional[str]
- action_remote_ip: Optional[str]
- action_remote_port: Optional[int]
- actor_causality_id: Optional[str]
- actor_process_causality_id: Optional[str]
- actor_process_command_line: Optional[str]
- actor_process_image_md5: Optional[str]
- actor_process_image_name: Optional[str]
- actor_process_image_path: Optional[str]
- actor_process_image_sha256: Optional[str]
- actor_process_instance_id: Optional[str]
- actor_process_os_pid: Optional[str]
- actor_process_signature_status: Optional[str]
- actor_process_signature_vendor: Optional[str]
- actor_thread_thread_id: Optional[str]
- agent_data_collection_status: Optional[str]
- agent_device_domain: Optional[str]
- agent_fqdn: Optional[str]
- agent_host_boot_time: Optional[str]
- agent_install_type: Optional[str]
- agent_is_vdi: Optional[str]
- agent_os_sub_type: Optional[str]
- agent_os_type: Optional[str]
- agent_version: Optional[str]
- alert_id: Optional[int]
- association_strength: Optional[str]
- attempt_counter: Optional[str]
- bioc_category_enum_key: Optional[str]
- bioc_indicator: Optional[str]
- case_id: Optional[int]
- category: Optional[str]
- causality_actor_causality_id: Optional[str]
- causality_actor_process_command_line: Optional[str]
- causality_actor_process_execution_time: Optional[str]
- causality_actor_process_image_md5: Optional[str]
- causality_actor_process_image_name: Optional[str]
- causality_actor_process_image_path: Optional[str]
- causality_actor_process_image_sha256: Optional[str]
- causality_actor_process_signature_status: Optional[str]
- causality_actor_process_signature_vendor: Optional[str]
- contains_featured_host: Optional[str]
- contains_featured_ip_address: Optional[str]
- contains_featured_user: Optional[str]
- deduplicate_tokens: Optional[str]
- description: Optional[str]
- detection_timestamp: Optional[int]
- dns_query_name: Optional[str]
- dst_action_country: Optional[str]
- dst_action_external_hostname: Optional[str]
- dst_action_external_port: Optional[str]
- dst_agent_id: Optional[str]
- dst_association_strength: Optional[str]
- dst_causality_actor_process_execution_time: Optional[str]
- end_match_attempt_ts: Optional[str]
- endpoint_id: Optional[str]
- event_id: Optional[str]
- event_sub_type: Optional[str]
- event_timestamp: Optional[str]
- event_type: Optional[str]
- external_id: Optional[str]
- filter_rule_id: Optional[str]
- fw_app_category: Optional[str]
- fw_app_id: Optional[str]
- fw_app_subcategory: Optional[str]
- fw_app_technology: Optional[str]
- fw_device_name: Optional[str]
- fw_email_recipient: Optional[str]
- fw_email_sender: Optional[str]
- fw_email_subject: Optional[str]
- fw_interface_from: Optional[str]
- fw_interface_to: Optional[str]
- fw_is_phishing: Optional[str]
- fw_misc: Optional[str]
- fw_rule: Optional[str]
- fw_rule_id: Optional[str]
- fw_serial_number: Optional[str]
- fw_url_domain: Optional[str]
- fw_vsys: Optional[str]
- fw_xff: Optional[str]
- host_ip: Optional[str]
- host_name: Optional[str]
- is_whitelisted: Optional[bool]
- local_insert_ts: Optional[int]
- mac: Optional[str]
- matching_service_rule_id: Optional[str]
- matching_status: Optional[str]
- mitre_tactic_id_and_name: Optional[str]
- mitre_technique_id_and_name: Optional[str]
- module_id: Optional[str]
- name: Optional[str]
- os_actor_causality_id: Optional[str]
- os_actor_effective_username: Optional[str]
- os_actor_process_causality_id: Optional[str]
- os_actor_process_command_line: Optional[str]
- os_actor_process_image_name: Optional[str]
- os_actor_process_image_path: Optional[str]
- os_actor_process_image_sha256: Optional[str]
- os_actor_process_instance_id: Optional[str]
- os_actor_process_os_pid: Optional[str]
- os_actor_process_signature_status: Optional[str]
- os_actor_process_signature_vendor: Optional[str]
- os_actor_thread_thread_id: Optional[str]
- severity: Optional[str]
- source: Optional[str]
- starred: Optional[bool]
- story_id: Optional[str]
- user_name: Optional[str]
- class cortex_xdr_client.api.models.incidents.GetExtraIncidentDataResponse(**data)
- class cortex_xdr_client.api.models.incidents.GetExtraIncidentDataResponseItem(**data)
- alerts: AlertDatums
- file_artifacts: AlertDatums
- network_artifacts: NetworkArtifacts
- class cortex_xdr_client.api.models.incidents.GetIncidentsResponse(**data)
- reply: GetIncidentsResponseItem
- class cortex_xdr_client.api.models.incidents.GetIncidentsResponseItem(**data)
-
- result_count: Optional[int]
- total_count: Optional[int]
- class cortex_xdr_client.api.models.incidents.Incident(**data)
- alert_categories: Optional[List[str]]
- alert_count: Optional[int]
- alerts_grouping_status: Optional[str]
- assigned_user_mail: Optional[str]
- assigned_user_pretty_name: Optional[str]
- creation_time: Optional[int]
- description: Optional[str]
- detection_time: Optional[int]
- high_severity_alert_count: Optional[int]
- host_count: Optional[int]
- hosts: Optional[List[str]]
- incident_id: Optional[str]
- incident_name: Optional[str]
- incident_sources: Optional[List[str]]
- low_severity_alert_count: Optional[int]
- manual_description: Optional[str]
- manual_score: Optional[int]
- manual_severity: Optional[str]
- med_severity_alert_count: Optional[int]
- mitre_tactics_ids_and_names: Optional[List[str]]
- mitre_techniques_ids_and_names: Optional[List[str]]
- modification_time: Optional[int]
- notes: Optional[str]
- resolve_comment: Optional[str]
- rule_based_score: Optional[int]
- severity: Optional[str]
- starred: Optional[bool]
- status: IncidentStatus
- user_count: Optional[int]
- users: Optional[List[str]]
- wildfire_hits: Optional[int]
- xdr_url: Optional[str]
- class cortex_xdr_client.api.models.incidents.IncidentStatus(value)
Incident Status Enum Represents the status of the incident.
- NEW = 'new'
- RESOLVED_AUTO_RESOLVE = 'resolved_auto_resolve'
- RESOLVED_DUPLICATE_INCIDENT = 'resolved_duplicate_incident'
- RESOLVED_FALSE_POSITIVE = 'resolved_false_positive'
- RESOLVED_KNOWN_ISSUE = 'resolved_known_issue'
- RESOLVED_THREAD_HANDLED = 'resolved_threat_handled'
- UNDER_INVESTIGATION = 'under_investigation'
- class cortex_xdr_client.api.models.incidents.NetworkArtifacts(**data)
- data: List[NetworkArtifactsDatum]
- total_count: Optional[int]
Scripts
- class cortex_xdr_client.api.models.scripts.GetScriptExecutionResults(**data)
- date_created: Optional[datetime]
- error_message: Optional[str]
- results: Optional[List[ScriptExecutionResult]]
- scope: Optional[str]
- script_description: Optional[str]
- script_name: Optional[str]
- class cortex_xdr_client.api.models.scripts.GetScriptMetadataResponse(**data)
- created_by: Optional[str]
- description: Optional[str]
- entry_point: Optional[str]
- is_high_risk: Optional[bool]
- linux_supported: Optional[bool]
- macos_supported: Optional[bool]
- modification_date: Optional[int]
- name: Optional[str]
- script_id: Optional[int]
- script_output_type: Optional[str]
- script_uid: Optional[str]
- windows_supported: Optional[bool]
- class cortex_xdr_client.api.models.scripts.GetScriptsExecutionStatus(**data)
- endpoints_aborted: Optional[int]
- endpoints_canceled: Optional[int]
- endpoints_completed_successfully: Optional[int]
- endpoints_expired: Optional[int]
- endpoints_failed: Optional[int]
- endpoints_in_progress: Optional[int]
- endpoints_pending: Optional[int]
- endpoints_pending_abort: Optional[int]
- endpoints_timeout: Optional[int]
- general_status: Optional[str]
- class cortex_xdr_client.api.models.scripts.GetScriptsResponse(**data)
- result_count: Optional[int]
- total_count: Optional[int]
- class cortex_xdr_client.api.models.scripts.Script(**data)
- created_by: Optional[str]
- description: Optional[str]
- is_high_risk: Optional[bool]
- linux_supported: Optional[bool]
- macos_supported: Optional[bool]
- modification_date: Optional[int]
- name: Optional[str]
- script_id: Optional[int]
- script_uid: Optional[str]
- windows_supported: Optional[bool]
- class cortex_xdr_client.api.models.scripts.ScriptExecutionResult(**data)
- domain: Optional[str]
- endpoint_id: Optional[str]
- endpoint_ip_address: Optional[List[str]]
- endpoint_name: Optional[str]
- endpoint_status: Optional[str]
- execution_status: Optional[str]
- failed_files: Optional[int]
- retention_date: Optional[int]
- retrieved_files: Optional[int]
- standard_output: Union[str, None, List[str]]
Actions
- class cortex_xdr_client.api.models.action_status.ActionStatuStr(**data)
- class cortex_xdr_client.api.models.action_status.GetActionStatus(**data)
- reply: GetActionStatusItem
- class cortex_xdr_client.api.models.action_status.GetActionStatusItem(**data)
- data: Optional[ActionStatuStr]