Add five new FileVantage operations

src/falconpy/_constant/__init__.py

@@ -46,7 +46,7 @@
     "GetDeviceDetails", "PostDeviceDetailsV2", "GetVulnerabilities", "GetIntelIndicatorEntities",
     "getChildrenV2", "cancel-scans", "GetDetectSummaries", "UpdateQuarantinedDetectsByIds",
     "GetQuarantineFiles", "PostEntitiesAlertsV1", "CreateSavedSearchesDeployV1",
-    "WorkflowExecutionsAction"
+    "WorkflowExecutionsAction", "signalChangesExternal"
 ]
 MOCK_OPERATIONS: List[str] = [
     "GetImageAssessmentReport", "DeleteImageDetails", "ImageMatchesPolicy"

src/falconpy/_endpoint/_filevantage.py

@@ -37,6 +37,66 @@
 """
 
 _filevantage_endpoints = [
+  [
+    "getActionsMixin0",
+    "GET",
+    "/filevantage/entities/actions/v1",
+    "Retrieves the processing results for 1 or more actions.",
+    "filevantage",
+    [
+      {
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "collectionFormat": "multi",
+        "description": "One or more actions ids in the form of `ids=ID1&ids=ID2`",
+        "name": "ids",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ],
+  [
+    "startActions",
+    "POST",
+    "/filevantage/entities/actions/v1",
+    "Initiates the specified action on the provided change ids",
+    "filevantage",
+    [
+      {
+        "description": "Create a new action.\n\n * `operation` must be one of the `suppress`, `unsuppress`, or "
+        " `purge`\n\n * `change_ids` represent the ids of the changes the operation will perform; limited to 100 ids "
+        "per action\n\n * `comment` optional comment to describe the reason for the action",
+        "name": "body",
+        "in": "body",
+        "required": True
+      }
+    ]
+  ],
+  [
+    "getContents",
+    "GET",
+    "/filevantage/entities/change-content/v1",
+    "Retrieves the content captured for the provided change id",
+    "filevantage",
+    [
+      {
+        "type": "string",
+        "description": "ID of the change in the form of id=ID1",
+        "name": "id",
+        "in": "query",
+        "required": True
+      },
+      {
+        "type": "string",
+        "description": "Providing the value of `gzip` compresses the response, otherwise the content is "
+        "returned uncompressed.",
+        "name": "Accept-Encoding",
+        "in": "header"
+      }
+    ]
+  ],
   [
     "getChanges",
     "GET",
@@ -607,6 +667,59 @@
       }
     ]
   ],
+  [
+    "signalChangesExternal",
+    "POST",
+    "/filevantage/entities/workflow/v1",
+    "Initiates workflows for the provided change ids",
+    "filevantage",
+    [
+      {
+        "description": "Change ids to initiate the workflows; limited to 100 per request.",
+        "name": "body",
+        "in": "body",
+        "required": True
+      }
+    ]
+  ],
+  [
+    "queryActionsMixin0",
+    "GET",
+    "/filevantage/queries/actions/v1",
+    "Returns one or more action ids",
+    "filevantage",
+    [
+      {
+        "minimum": 0,
+        "type": "integer",
+        "description": "The first action index to return in the response. If not provided it will default to "
+        "'0'. Use with the `limit` parameter to manage pagination of results.",
+        "name": "offset",
+        "in": "query"
+      },
+      {
+        "type": "integer",
+        "description": "The maximum number of actions to return in the response (default: 100; max: 500). Use "
+        "with the `offset` parameter to manage pagination of results",
+        "name": "limit",
+        "in": "query"
+      },
+      {
+        "type": "string",
+        "description": "The sort expression that should be used to sort the results (e.g. created_date|desc)",
+        "name": "sort",
+        "in": "query"
+      },
+      {
+        "type": "string",
+        "description": "Filter changes using a query in Falcon Query Language (FQL). \n\nCommon filter options "
+        " include:\n\n - `status`\n - `operation_type`\n\n The full list of allowed filter parameters can be reviewed "
+        "in our API documentation.",
+        "name": "filter",
+        "in": "query"
+      }
+    ]
+  ],
   [
     "queryChanges",
     "GET",

src/falconpy/_payload/__init__.py

@@ -72,7 +72,8 @@
     filevantage_rule_group_payload,
     filevantage_rule_payload,
     filevantage_policy_payload,
-    filevantage_scheduled_exclusion_payload
+    filevantage_scheduled_exclusion_payload,
+    filevantage_start_payload
     )
 from ._mssp import mssp_payload
 from ._firewall import (
@@ -127,5 +128,6 @@
     "workflow_template_payload", "foundry_execute_search_payload", "foundry_dynamic_search_payload",
     "image_policy_payload", "image_exclusions_payload", "image_group_payload",
     "workflow_definition_payload", "workflow_human_input", "workflow_mock_payload",
-    "cspm_service_account_validate_payload", "api_plugin_command_payload", "mobile_enrollment_payload"
+    "cspm_service_account_validate_payload", "api_plugin_command_payload", "mobile_enrollment_payload",
+    "filevantage_start_payload"
 ]

src/falconpy/_payload/_filevantage.py

@@ -79,6 +79,32 @@ def filevantage_policy_payload(passed_keywords: dict) -> dict:
     return returned
 
 
+def filevantage_start_payload(passed_keywords: dict) -> dict:
+    """Craft a properly formatted FileVantage policy body payload.
+
+    {
+        "change_ids": [
+            "string"
+        ],
+        "comment": "string",
+        "operation": "string"
+    }
+    """
+    returned = {}
+    keys = ["change_ids", "comment", "operation"]
+    for key in keys:
+        if passed_keywords.get(key, None):
+            if key == "change_ids":
+                changes = passed_keywords.get(key, None)
+                if isinstance(changes, str):
+                    changes = changes.split(",")
+                returned[key] = changes
+            else:
+                returned[key] = passed_keywords.get(key, None)
+
+    return returned
+
+
 def filevantage_scheduled_exclusion_payload(passed_keywords: dict) -> dict:
     """Craft a properly formatted FileVantage scheduled exclusion body payload.