rusty_falcon 0.7.1

Rust bindings for CrowdStrike Falcon API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

/*
 * CrowdStrike API Specification
 *
 * Use this API specification as a reference for the API endpoints you can use to interact with your Falcon environment. These endpoints support authentication via OAuth2 and interact with detections and network containment. For detailed usage guides and examples, see our [documentation inside the Falcon console](https://falcon.crowdstrike.com/support/documentation).     To use the APIs described below, combine the base URL with the path shown for each API endpoint. For commercial cloud customers, your base URL is `https://api.crowdstrike.com`.    Each API endpoint requires authorization via an OAuth2 token. Your first API request should retrieve an OAuth2 token using the `oauth2/token` endpoint, such as `https://api.crowdstrike.com/oauth2/token`. For subsequent requests, include the OAuth2 token in an HTTP authorization header. Tokens expire after 30 minutes, after which you should make a new token request to continue making API requests.
 *
 * The version of the OpenAPI document: rolling
 *
 * Generated by: https://openapi-generator.tech
 */

use crate::models;

#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct DomainItemDetailsV1 {
    /// The threat actor associated with a raw intelligence item, if available.
    #[serde(rename = "actor_slug", skip_serializing_if = "Option::is_none")]
    pub actor_slug: Option<String>,
    /// Attachments items linked to the raw intelligence item
    #[serde(rename = "attachments", skip_serializing_if = "Option::is_none")]
    pub attachments: Option<Vec<models::DomainAttachment>>,
    /// The author’s username of a raw intelligence item
    #[serde(rename = "author", skip_serializing_if = "Option::is_none")]
    pub author: Option<String>,
    /// The raw intelligence item author identifier in our system
    #[serde(rename = "author_id", skip_serializing_if = "Option::is_none")]
    pub author_id: Option<String>,
    /// The type of source where the raw intelligence item was found
    #[serde(rename = "category")]
    pub category: String,
    /// The date and time the raw intelligence item was scraped from the original source
    #[serde(rename = "collection_date", skip_serializing_if = "Option::is_none")]
    pub collection_date: Option<String>,
    /// Highlighted content based on the monitoring rule that generated the notification. Highlights are surrounded with a `<cs-highlight>` tag
    #[serde(rename = "content")]
    pub content: String,
    /// The date and time when the raw intelligence item was created
    #[serde(rename = "created_date")]
    pub created_date: String,
    /// The file type of the raw intelligence item, if available
    #[serde(rename = "file_type", skip_serializing_if = "Option::is_none")]
    pub file_type: Option<String>,
    #[serde(rename = "fragment_info", skip_serializing_if = "Option::is_none")]
    pub fragment_info: Option<Box<models::DomainFragmentInfo>>,
    /// The URL to download the full raw text content of the raw intelligence item. It has a limited time to live
    #[serde(rename = "full_content_url", skip_serializing_if = "Option::is_none")]
    pub full_content_url: Option<String>,
    /// The types of IOCs found in the raw intelligence item. List of keys populated in the iocs field
    #[serde(rename = "ioc_types", skip_serializing_if = "Option::is_none")]
    pub ioc_types: Option<Vec<String>>,
    #[serde(rename = "iocs", skip_serializing_if = "Option::is_none")]
    pub iocs: Option<Box<models::DomainIoc>>,
    /// Labels for the type of information included in a raw intelligence item
    #[serde(rename = "labels", skip_serializing_if = "Option::is_none")]
    pub labels: Option<Vec<String>>,
    /// The language of the raw intelligence item
    #[serde(rename = "language", skip_serializing_if = "Option::is_none")]
    pub language: Option<String>,
    #[serde(
        rename = "marketplace_product",
        skip_serializing_if = "Option::is_none"
    )]
    pub marketplace_product: Option<Box<models::DomainMarketplaceProduct>>,
    /// The mime type of the file
    #[serde(rename = "mime_type", skip_serializing_if = "Option::is_none")]
    pub mime_type: Option<String>,
    /// Screenshots of the raw intelligence item
    #[serde(rename = "screenshots", skip_serializing_if = "Option::is_none")]
    pub screenshots: Option<Vec<models::DomainScreenshot>>,
    /// The SHA256 hash for the file
    #[serde(rename = "sha256", skip_serializing_if = "Option::is_none")]
    pub sha256: Option<String>,
    /// The site where the raw intelligence item was found
    #[serde(rename = "site", skip_serializing_if = "Option::is_none")]
    pub site: Option<String>,
    /// The ID of the site where the raw intelligence item was found
    #[serde(rename = "site_id")]
    pub site_id: String,
    /// The size of the item's content in bytes, if available
    #[serde(rename = "size", skip_serializing_if = "Option::is_none")]
    pub size: Option<i64>,
    #[serde(rename = "telegram_info", skip_serializing_if = "Option::is_none")]
    pub telegram_info: Option<Box<models::DomainTelegramInfo>>,
    /// Identifier that groups all raw intelligence items belonging to the same conversation thread
    #[serde(rename = "thread_id", skip_serializing_if = "Option::is_none")]
    pub thread_id: Option<String>,
    /// The title of the raw intelligence item
    #[serde(rename = "title", skip_serializing_if = "Option::is_none")]
    pub title: Option<String>,
    /// The type of the raw intelligence item
    #[serde(rename = "type")]
    pub r#type: String,
    /// The date and time when the raw intelligence item was updated
    #[serde(rename = "updated_date")]
    pub updated_date: String,
    /// The URL of the raw intelligence item
    #[serde(rename = "url", skip_serializing_if = "Option::is_none")]
    pub url: Option<String>,
    /// The raw intelligence item author identifier in the original source
    #[serde(rename = "user_id", skip_serializing_if = "Option::is_none")]
    pub user_id: Option<String>,
}

impl DomainItemDetailsV1 {
    pub fn new(
        category: String,
        content: String,
        created_date: String,
        site_id: String,
        r#type: String,
        updated_date: String,
    ) -> DomainItemDetailsV1 {
        DomainItemDetailsV1 {
            actor_slug: None,
            attachments: None,
            author: None,
            author_id: None,
            category,
            collection_date: None,
            content,
            created_date,
            file_type: None,
            fragment_info: None,
            full_content_url: None,
            ioc_types: None,
            iocs: None,
            labels: None,
            language: None,
            marketplace_product: None,
            mime_type: None,
            screenshots: None,
            sha256: None,
            site: None,
            site_id,
            size: None,
            telegram_info: None,
            thread_id: None,
            title: None,
            r#type,
            updated_date,
            url: None,
            user_id: None,
        }
    }
}