| 1: | <?php |
| 2: | |
| 3: | declare(strict_types=1); |
| 4: | |
| 5: | /** |
| 6: | * SPDX-License-Identifier: Apache-2.0 |
| 7: | * |
| 8: | * The OpenSearch Contributors require contributions made to |
| 9: | * this file be licensed under the Apache-2.0 license or a |
| 10: | * compatible open source license. |
| 11: | * |
| 12: | * Modifications Copyright OpenSearch Contributors. See |
| 13: | * GitHub history for details. |
| 14: | */ |
| 15: | |
| 16: | namespace OpenSearch\Namespaces; |
| 17: | |
| 18: | use OpenSearch\Endpoints\SecurityAnalytics\GetAlerts; |
| 19: | use OpenSearch\Endpoints\SecurityAnalytics\GetFindings; |
| 20: | use OpenSearch\Endpoints\SecurityAnalytics\SearchFindingCorrelations; |
| 21: | |
| 22: | /** |
| 23: | * Class SecurityAnalyticsNamespace |
| 24: | * |
| 25: | * NOTE: This file is autogenerated using util/GenerateEndpoints.php |
| 26: | */ |
| 27: | class SecurityAnalyticsNamespace extends AbstractNamespace |
| 28: | { |
| 29: | /** |
| 30: | * Retrieve alerts related to a specific detector type or detector ID. |
| 31: | * |
| 32: | * $params['alertState'] = (enum) Used to filter by alert state. Optional. (Options = ACKNOWLEDGED,ACTIVE,COMPLETED,DELETED,ERROR) |
| 33: | * $params['detectorType'] = (string) The type of detector used to fetch alerts. Optional when `detector_id` is specified. Otherwise required. |
| 34: | * $params['detector_id'] = (string) The ID of the detector used to fetch alerts. Optional when `detectorType` is specified. Otherwise required. |
| 35: | * $params['endTime'] = (integer) The end timestamp (in ms) of the time window in which you want to retrieve alerts. Optional. |
| 36: | * $params['missing'] = (string) Used to sort by whether the field `missing` exists or not in the documents associated with the alert. Optional. |
| 37: | * $params['searchString'] = (string) The alert attribute you want returned in the search. Optional. |
| 38: | * $params['severityLevel'] = (enum) Used to filter by alert severity level. Optional. (Options = 1,2,3,4,5,ALL) |
| 39: | * $params['size'] = (integer) The maximum number of results returned in the response. Optional. (Default = 20) |
| 40: | * $params['sortOrder'] = (enum) The order used to sort the list of findings. Possible values are `asc` or `desc`. Optional. (Options = asc,desc) |
| 41: | * $params['sortString'] = (string) The string used by Security Analytics to sort the alerts. Optional. (Default = start_time) |
| 42: | * $params['startIndex'] = (integer) The pagination index. Optional. (Default = 0) |
| 43: | * $params['startTime'] = (integer) The beginning timestamp (in ms) of the time window in which you want to retrieve alerts. Optional. |
| 44: | * $params['pretty'] = (boolean) Whether to pretty-format the returned JSON response. (Default = false) |
| 45: | * $params['human'] = (boolean) Whether to return human-readable values for statistics. (Default = false) |
| 46: | * $params['error_trace'] = (boolean) Whether to include the stack trace of returned errors. (Default = false) |
| 47: | * $params['source'] = (string) The URL-encoded request definition. Useful for libraries that do not accept a request body for non-POST requests. |
| 48: | * $params['filter_path'] = (any) A comma-separated list of filters used to filter the response. Use wildcards to match any field or part of a field's name. To exclude fields, use `-`. |
| 49: | * |
| 50: | * @param array $params Associative array of parameters |
| 51: | * @return array |
| 52: | */ |
| 53: | public function getAlerts(array $params = []) |
| 54: | { |
| 55: | $endpoint = $this->endpointFactory->getEndpoint(GetAlerts::class); |
| 56: | $endpoint->setParams($params); |
| 57: | |
| 58: | return $this->performRequest($endpoint); |
| 59: | } |
| 60: | |
| 61: | /** |
| 62: | * Retrieve findings related to a specific detector type or detector ID. |
| 63: | * |
| 64: | * $params['detectionType'] = (enum) The detection type that dictates the retrieval type for the findings. When the detection type is `threat`, it fetches threat intelligence feeds. When the detection type is `rule`, findings are fetched based on the detector’s rule. Optional. (Options = rule,threat) |
| 65: | * $params['detectorType'] = (string) The type of detector used to fetch alerts. Optional when the `detector_id` is specified. Otherwise required. |
| 66: | * $params['detector_id'] = (string) The ID of the detector used to fetch alerts. Optional when the `detectorType` is specified. Otherwise required. |
| 67: | * $params['endTime'] = (string) The end timestamp (in ms) of the time window in which you want to retrieve findings. Optional. |
| 68: | * $params['findingIds'] = (string) The comma-separated id list of findings for which you want retrieve details. Optional. |
| 69: | * $params['missing'] = (string) Used to sort by whether the field `missing` exists or not in the documents associated with the finding. Optional. |
| 70: | * $params['searchString'] = (string) The finding attribute you want returned in the search. To search in a specific index, specify the index name in the request path. For example, to search findings in the indexABC index, use `searchString=indexABC’. Optional. |
| 71: | * $params['severity'] = (enum) The rule severity for which retrieve findings. Severity can be `critical`, `high`, `medium`, or `low`. Optional. (Options = critical,high,low,medium) |
| 72: | * $params['size'] = (integer) The maximum number of results returned in the response. Optional. (Default = 20) |
| 73: | * $params['sortOrder'] = (enum) The order used to sort the list of findings. Possible values are `asc` or `desc`. Optional. (Options = asc,desc) |
| 74: | * $params['sortString'] = (string) The string used by the Alerting plugin to sort the findings. Optional. (Default = timestamp) |
| 75: | * $params['startIndex'] = (integer) The pagination index. Optional. (Default = 0) |
| 76: | * $params['startTime'] = (integer) The beginning timestamp (in ms) of the time window in which you want to retrieve findings. Optional. |
| 77: | * $params['pretty'] = (boolean) Whether to pretty-format the returned JSON response. (Default = false) |
| 78: | * $params['human'] = (boolean) Whether to return human-readable values for statistics. (Default = false) |
| 79: | * $params['error_trace'] = (boolean) Whether to include the stack trace of returned errors. (Default = false) |
| 80: | * $params['source'] = (string) The URL-encoded request definition. Useful for libraries that do not accept a request body for non-POST requests. |
| 81: | * $params['filter_path'] = (any) A comma-separated list of filters used to filter the response. Use wildcards to match any field or part of a field's name. To exclude fields, use `-`. |
| 82: | * |
| 83: | * @param array $params Associative array of parameters |
| 84: | * @return array |
| 85: | */ |
| 86: | public function getFindings(array $params = []) |
| 87: | { |
| 88: | $endpoint = $this->endpointFactory->getEndpoint(GetFindings::class); |
| 89: | $endpoint->setParams($params); |
| 90: | |
| 91: | return $this->performRequest($endpoint); |
| 92: | } |
| 93: | |
| 94: | /** |
| 95: | * List correlations for a finding. |
| 96: | * |
| 97: | * $params['detector_type'] = (string) The log type of findings you want to correlate with the specified finding. Required. |
| 98: | * $params['finding'] = (string) The finding ID for which you want to find other findings that are correlated. Required. |
| 99: | * $params['nearby_findings'] = (integer) The number of nearby findings you want to return. Optional. (Default = 10) |
| 100: | * $params['time_window'] = (integer) The time window (in ms) in which all of the correlations must have occurred together. Optional. (Default = 300000) |
| 101: | * $params['pretty'] = (boolean) Whether to pretty-format the returned JSON response. (Default = false) |
| 102: | * $params['human'] = (boolean) Whether to return human-readable values for statistics. (Default = false) |
| 103: | * $params['error_trace'] = (boolean) Whether to include the stack trace of returned errors. (Default = false) |
| 104: | * $params['source'] = (string) The URL-encoded request definition. Useful for libraries that do not accept a request body for non-POST requests. |
| 105: | * $params['filter_path'] = (any) A comma-separated list of filters used to filter the response. Use wildcards to match any field or part of a field's name. To exclude fields, use `-`. |
| 106: | * |
| 107: | * @param array $params Associative array of parameters |
| 108: | * @return array |
| 109: | */ |
| 110: | public function searchFindingCorrelations(array $params = []) |
| 111: | { |
| 112: | $endpoint = $this->endpointFactory->getEndpoint(SearchFindingCorrelations::class); |
| 113: | $endpoint->setParams($params); |
| 114: | |
| 115: | return $this->performRequest($endpoint); |
| 116: | } |
| 117: | |
| 118: | } |
| 119: |