/** * Responder API client */ import { AlApiClient } from '@al/core'; import { AlManagedResponsePayload, AlMRIncidents, AlPlaybookRequest, AlPlaybookTemplate, AlResponderAction, AlResponderBlockHistoryList, AlResponderBlockHistoryPayload, AlResponderExecution, AlResponderExecutionQueryParams, AlResponderExecutionRequest, AlResponderExecutionResult, AlResponderExecutions, AlResponderExecutionsHistory, AlResponderExecutionsHistoryResult, AlResponderInquiries, AlResponderInquiry, AlResponderInspectorError, AlResponderLimits, AlResponderManageBlockStatusRequest, AlResponderMRAWSSNS, AlResponderMRAWSWAF, AlResponderMRDefinitionDetail, AlResponderMRDefinitions, AlResponderMRDeviceDefinitions, AlResponderMRDryRun, AlResponderMREventBridge, AlResponderMRGeneric, AlResponderMRList, AlResponderMRPaloAltoBlock, AlResponderMRStackstormAction, AlResponderPlaybook, AlResponderPlaybookDefinition, AlResponderPlaybooks, AlResponderPlaybookSummary, AlResponderPlaybookTrigger, AlResponderRoles, AlResponderSample, AlResponderSamples, AlResponderSchedule, AlResponderSchema, AlResponderTriggerQueryParams, AlResponderTriggers } from './types'; export declare class AlResponderClientInstance { protected client: AlApiClient; protected serviceVersion: string; protected serviceStack: string; protected targetEndpoint: string; constructor(client?: AlApiClient); /** * List all playbooks definitions * GET * /v1/playbook_definitions * https://responder.mdr.global.alertlogic.com * * @returns Playbook definitions * * @remarks * * */ getPlaybookDefinitions(): Promise; /** * List playbooks ake in account the list is limited to 100 items * GET * /v1/{account_id}/playbooks * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Playbook list * * @remarks * * */ getPlaybooks(accountId: string, parameters?: AlPlaybookRequest): Promise; /** * List all playbooks * GET * /v1/{account_id}/playbooks * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Playbook list * * @remarks * * */ getAllPlaybooks(accountId: string, parameters?: AlPlaybookRequest): Promise; /** * Get Playbook by id or name * GET * /v1/{account_id}/playbooks/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param id Playbook ID or Playbook Name * @returns an existing playbook * * @remarks * * */ getPlaybookById(accountId: string, id: string): Promise; /** * Create a new playbook * POST * /v1/{account_id}/playbooks * * @param accountId AIMS Account ID * @param payload * @returns a promise with the new playbook * * @remarks */ createPlaybook(accountId: string, payload: AlResponderPlaybook): Promise; /** * Update existing playbook * PUT * /v1/{account_id}/playbooks/{id} * * @param accountId AIMS Account ID * @param id Playbook ID or Playbook Name * @param payload * @returns a promise with the updated playbook * * @remarks */ updatePlaybook(accountId: string, id: string, payload: AlResponderPlaybook): Promise; /** * Delete existing playbook * DELETE * /v1/{account_id}/playbooks/{id} * * @param accountId AIMS Account ID * @param id Playbook ID or Playbook Name * @returns just the status code 204, 403, 404 * * @remarks */ deletePlaybookById(accountId: string, id: string): Promise; /** * List playbooks by vendor summary * GET * /v1/{account_id}/summary/playbooks * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Summary by vendor * * @remarks * * */ getPlaybookSummary(accountId: string): Promise; /** * List actions * GET * /v1/{account_id}/actions * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param params * @returns Actions list * * @remarks * * */ getActions(accountId: string, params?: { payload_type: string; }): Promise; /** * Get actions by ref * GET * /v1/{account_id}/actions/{action_ref} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param actionRef Action ref * @param params * @returns Action * * @remarks * * */ getActionByRef(accountId: string, actionRef: string, params?: { payload_type: string; }): Promise; /** * List execution * GET * /v1/{account_id}/executions * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Executions list * * @remarks * * */ getExecutions(accountId: string, params: AlResponderExecutionQueryParams): Promise; /** * Execute specified playbook * POST * /v1/{account_id}/executions * * @param accountId AIMS Account ID * @param payload * @returns a promise with the execution record * * @remarks */ createExecution(accountId: string, payload: AlResponderExecutionRequest): Promise; /** * GET * /v1/{account_id}/executions/{id}/result * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param executionId Execution Id * @returns Execution result * * @remarks * * */ getExecutionResult(accountId: string, executionId: string): Promise; /** * GET * /v1/{account_id}/executions/history * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param params AlResponderExecutionQueryParams params * @returns Execution history list * * @remarks * * */ getExecutionsHistory(accountId: string, payload: AlResponderExecutionQueryParams): Promise; /** * GET * /v1/{account_id}/executions/history/{type}/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param type execution type:playbook, task, action * @param id execution id * @returns Execution history detail * * @remarks * * */ getExecutionsHistoryById(accountId: string, type: string, executionId: string): Promise; /** * Re-run previosly executed playbook, Creates a new exection from a previously run exection. * POST * /v1/{account_id}/executions/{execution_id}/re_run * * @param accountId AIMS Account ID * @param executionId Execution Id * @param payload delay How long (in milliseconds) to delay the execution before scheduling * @returns a promise with the new execution * * @remarks */ reRunExecution(accountId: string, executionId: string, payload: { delay: number; }): Promise; /** * Pauses running execution * POST * /v1/{account_id}/executions/{execution_id}/pause * * @param accountId AIMS Account ID * @param executionId Execution Id * @returns a promise with the 204 or 404 * * @remarks */ pauseExecution(accountId: string, executionId: string): Promise; /** * Resumes paused execution * POST * /v1/{account_id}/executions/{execution_id}/resume * * @param accountId AIMS Account ID * @param executionId Execution Id * @returns a promise with the 204 or 404 * * @remarks */ resumeExecution(accountId: string, executionId: string): Promise; /** * Cancels Execution * DELETE * /v1/{account_id}/executions/{execution_id} * * @param accountId AIMS Account ID * @param id Execution_id * @returns just the status code 204, 403, 404 * * @remarks */ deleteExecutionById(accountId: string, id: string): Promise; /** * Checks workflow document and returns a list of errors if any are found * POST * /v1/{account_id}/workflow/inspect * * @param accountId AIMS Account ID * @param payload * @returns a promise with the new playbook * * @remarks */ inspectWorkflow(accountId: string, payload: { input_type: 'yaml' | 'json'; workflow: any; parameters?: {}; }): Promise; /** * Get schemas for customer * GET * /v1/{account_id}/schemas * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Schemas * * @remarks * * */ getSchema(accountId: string): Promise; /** * Get schemas by type * GET * /v1/{account_id}/schemas/{data_type} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param dataType Data type name to return JSON schema for * @returns Schema Detail * * @remarks * * */ getSchemaByType(accountId: string, dataType: string): Promise; /** * Get inquiries by account * GET * /v1/{account_id}/inquiries * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Inquiries list * * @remarks * * */ getInquiries(accountId: string): Promise; /** * Get inquiries history by account * GET * /v1/{account_id}/inquiries/history * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Inquiries list * * @remarks * * */ getInquiriesHistory(accountId: string, request: AlResponderExecutionQueryParams): Promise; /** * Returns a specific inquiry * GET * /v1/{account_id}/inquiries * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param inquiryId Inquiry Id * @returns Inquiries list * * @remarks * * */ getInquiry(accountId: string, inquiryId: string): Promise; /** * Update existing inquiry * PUT * /v1/{account_id}/inquiries * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Inquiry * * @remarks * * */ updateInquiry(accountId: string, inquiryId: string, payload: { [key: string]: unknown; }): Promise<{ id: string; response: { [key: string]: unknown; }; }>; /** * Get schedules by account * GET * /v1/{account_id}/schedules * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Schedules list * * @remarks * * */ getSchedules(accountId: string): Promise; /** * Create a new schedule * POST * /v1/{account_id}/schedules * * @param accountId AIMS Account ID * @param schedule * @returns a promise with the new schedule * * @remarks */ createSchedule(accountId: string, payload: AlResponderSchedule): Promise; /** * Deletes existing schedule * DELETE * /v1/{account_id}/schedules/{id} * * @param accountId AIMS Account ID * @param id Schedules ID * @returns just the status code 204, 403, 404 * * @remarks */ deleteScheduleById(accountId: string, id: string): Promise; /** * Update existing Schedule * PUT * /v1/{account_id}/schedules/{id} * * @param accountId AIMS Account ID * @param id Schedule id * @param payload * @returns a promise with the updated schedule * * @remarks */ updateSchedule(accountId: string, id: string, payload: AlResponderSchedule): Promise; /** * Get Schedule by id * GET * /v1/{account_id}/schedules/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param id Schedule ID * @returns an existing schedule * * @remarks * * */ getScheduleById(accountId: string, id: string): Promise; /** * List system payload samples * GET * /v1/payload_samples * https://responder.mdr.global.alertlogic.com * * @returns Returns system payload samples * * @remarks * * */ getSystemSamples(): Promise; /** * List customer payload samples * GET * /v1/{account_id}/payload_samples * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Returns customer payload samples * * @remarks * * */ getSamples(accountId: string): Promise; /** /* * Create a new payload sample * POST * /v1/{account_id}/payload_samples * * @param accountId AIMS Account ID * @param payload_sample * @returns a promise with the sample * * @remarks */ createPayloadSample(accountId: string, payload: AlResponderSample): Promise; /** * Delete existing payload sample by id and per account * DELETE * /v1/{account_id}/payload_samples/{id} * * @param accountId AIMS Account ID * @param id Payload sample id * @returns just the status code 204, 404 * * @remarks */ deletePayloadSampleById(accountId: string, id: string): Promise; /** * Update payload sample * PUT * /v1/{account_id}/payload_samples/{id} * * @param accountId AIMS Account ID * @param id payload sample id * @param payload * @returns a promise with the updated payload sample * * @remarks */ updatePayloadSample(accountId: string, id: string, payload: AlResponderSample): Promise; /** * Get triggers by account * GET * /v1/{account_id}/triggers * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Triggers list * * @remarks * * */ getTriggers(accountId: string, params?: AlResponderTriggerQueryParams): Promise; /** * Get trigger by ID * GET * /v1/{account_id}/triggers/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param triggerId A trigger ID * @returns A trigger definition * * @remarks * * */ getTrigger(accountId: string, triggerId: string): Promise; /** * Update a trigger by ID * GET * /v1/{account_id}/triggers/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param triggerId A trigger ID * @param trigger Trigger Definition * @returns The updated trigger definition * * @remarks * * */ updateTrigger(accountId: string, triggerId: string, trigger: AlResponderPlaybookTrigger): Promise; /** * Delete a trigger by ID * GET * /v1/{account_id}/triggers/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param triggerId A trigger ID * * @remarks * * */ deleteTrigger(accountId: string, triggerId: string): Promise; /** * Create a Trigger * GET * /v1/{account_id}/triggers * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param trigger Trigger Definition * @returns The created trigger * * @remarks * * */ createTrigger(accountId: string, trigger: AlResponderPlaybookTrigger): Promise; /** * List playbook templates * GET * /v1/{account_id}/playbook_templates * * @param accountId AIMS Account ID * @returns Returns playbook templates * */ getTemplates(accountId: string, parameters?: { include_parents?: boolean; }): Promise<{ playbook_templates: AlPlaybookTemplate[]; }>; /** /* * Creates playbook template * POST * /v1/{account_id}/playbook_templates * * @param accountId AIMS Account ID * @param payload_sample * @returns a promise with the sample * * @remarks */ createTemplate(accountId: string, payload: AlPlaybookTemplate): Promise; /** * Get Template by id * GET * /v1/{account_id}/playbook_templates/{id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @param id Template ID * @returns an existing playbook template * */ getTemplateById(accountId: string, id: string): Promise; /** * Delete existing playbook template by id and per account * DELETE * /v1/{account_id}/playbook_templates/{id} * * @param accountId AIMS Account ID * @param id Playbook template id * @returns just the status code 204, 404 * * @remarks */ deleteTemplateById(accountId: string, id: string): Promise; /** * Update playbook template * PUT * /v1/{account_id}/playbook_templates/{id} * * @param accountId AIMS Account ID * @param id Playbook template id * @param payload * @returns a promise with the updated playbook template * * @remarks */ updateTemplate(accountId: string, id: string, payload: AlPlaybookTemplate): Promise; /** * List of playbook roles for a customer account * GET * /v1/{account_id}/playbook_roles * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Playbook roles * */ getPlaybookRoles(accountId: string): Promise; /** * List of trigger roles (trigger permission levels) for a customer account * GET * /v1/{account_id}/trigger_roles * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns Trigger roles * */ getTriggerRoles(accountId: string): Promise; /** * Get incident from Iris in responder (bifrost) format * GET * /v1/{account_id}/playbook_incidents/{incident_id} * https://responder.mdr.global.alertlogic.com * * @param accountId AIMS Account ID * @returns incident in bifrost format * */ getIncidentBifrostFormat(accountId: string, incidentId: string): Promise; /** * Get list all MR config items for account * GET * /v1/{account_id}/mr_configs * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @return {Promise} */ getMRConfigList(accountId: string, parameters?: { [key: string]: string | boolean | number; }): Promise; /** * Get MR config item by id * @param accountId {string} AIMS Account ID * @param id {string} MR config item id * @returns {Promise} */ getMRConfigItemById(accountId: string, id: string): Promise; /** * Create new MR config item * POST * /v1/{account_id}/mr_configs * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @param payload {AlResponderMRAWSWAF | AlResponderMRAWSSNS | AlResponderMREventBridge | AlResponderMRStackstormAction | AlResponderMRPaloAltoBlock} * @returns {Promise} */ createMRConfigItem(accountId: string, payload: AlResponderMRAWSWAF | AlResponderMRAWSSNS | AlResponderMREventBridge | AlResponderMRStackstormAction | AlResponderMRPaloAltoBlock): Promise; /** * Update existing MR config item * PUT * /v1/{account_id}/mr_configs/{id} * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @param id {string} MR config item id * @param payload {string} * @returns */ updateMRConfigItem(accountId: string, id: string, payload: AlResponderMRAWSWAF | AlResponderMRAWSSNS | AlResponderMREventBridge | AlResponderMRStackstormAction | AlResponderMRPaloAltoBlock): Promise; /** * Delete existing MR config item * DELETE * /v1/{account_id}/mr_configs/{id} * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @param id {string} MR config item id * @returns */ deleteMRConfigItem(accountId: string, id: string): Promise; /** * GET MR Config definitions list * GET * /v1/{accoutId}/definitions/mr_configs * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @returns {Promise} */ getMRConfigDefinitions(accountId: string): Promise; /** * List all MR 'dry_run' reports for account * GET * /v1/{account_id}/mr_configs/dry_runs * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @returns {Promise>} */ getMRDryRuns(accountId: string): Promise>; /** * Initiate new dry run for specified MR config * POST * /v1/{account_id}/mr_configs/dry_runs * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @param payload {AlResponderMRAWSWAF | AlResponderMRAWSSNS | AlResponderMREventBridge | AlResponderMRStackstormAction | AlResponderMRPaloAltoBlock} * @returns {Promise<{id: string}>} */ createMRDryRun(accountId: string, payload: AlResponderMRGeneric | AlResponderMRAWSWAF | AlResponderMRAWSSNS | AlResponderMREventBridge | AlResponderMRStackstormAction | AlResponderMRPaloAltoBlock): Promise<{ id: string; }>; /** * Get MR dry_run execution report * GET * /v1/{account_id}/mr_configs/dry_runs/{id} * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @returns {Promise} */ getMRDryRunById(accountId: string, id: string): Promise; /** * GET MR Device definitions list * GET * /v1/{accoutId}/definitions/mr_devices */ getMRDevicesDefinitions(accountId: string): Promise>; /** * Simple mode history * POST * @param accountId {string} * @param payload {AlResponderBlockHistoryPayload} * @returns {Promise} */ getBlockHistory(accountId: string, payload: AlResponderBlockHistoryPayload): Promise; /** * GET MR Config definition detail by mr type * GET * /v1/{account_id}/definitions/mr_configs/{mr_type} * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @params type {string} mr type * @returns {Promise} */ getMRConfigDefinitionDetail(accountId: string, type: string): Promise; /** * Manage Block Status * POST * @param accountId {string} * @param payload {AlResponderManageBlockStatusRequest} * @returns {Promise} */ manageBlockStatus(accountId: string, payload: AlResponderManageBlockStatusRequest): Promise; /** * Execute specific managed response for an incident * POST * @param accountId {string} * @param requestBody {AlManagedResponsePayload} * @returns {Promise} */ managedResponse(accountId: string, requestBody: AlManagedResponsePayload, params?: { dry_run: boolean; }): Promise; /** * Get limits for the creation of paybooks, tasks, triggers, simple responses and exclusions * GET * /v1/{account_id}/limits * https://responder.mdr.global.alertlogic.com * @param accountId {string} AIMS Account ID * @returns {Promise} */ getLimits(accountId: string): Promise; getMRByIncident(accountId: string, incidentId: string, params: { product_type: string; }): Promise; }