Class: Falcon::IntelligenceIndicatorGraph

Inherits:
Object
  • Object
show all
Defined in:
lib/crimson-falcon/api/intelligence_indicator_graph.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ IntelligenceIndicatorGraph

Returns a new instance of IntelligenceIndicatorGraph.



35
36
37
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_clientObject

Returns the value of attribute api_client.



33
34
35
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#lookup_indicators(body, opts = {}) ⇒ RestapiLookupIndicatorResponse

Get indicators based on their value. Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 500 indicators in a single request.

Parameters:

Returns:



43
44
45
46
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 43

def lookup_indicators(body, opts = {})
  data, _status_code, _headers = lookup_indicators_with_http_info(body, opts)
  data
end

#lookup_indicators_with_http_info(body, opts = {}) ⇒ Array<(RestapiLookupIndicatorResponse, Integer, Hash)>

Get indicators based on their value. Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 500 indicators in a single request.

Parameters:

Returns:



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 53

def lookup_indicators_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.lookup_indicators ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.lookup_indicators"
  end
  # resource path
  local_var_path = '/intelligence/combined/lookup-indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'RestapiLookupIndicatorResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"IntelligenceIndicatorGraph.lookup_indicators",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#lookup_indicators\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#search_indicators(body, opts = {}) ⇒ RestapiIndicatorResponse

Search indicators based on FQL filter.

This method supports flexible parameter input through both query parameters and JSON request body.  ## Parameter Precedence Rules  | Parameter | Query Param | JSON Body | Precedence Rule | |-----------|-------------|-----------|-----------------| | filter    | ✅          | ✅        | **EXCLUSIVE** - Cannot specify both | | sort      | ✅          | ✅        | **Query param OVERRIDES** JSON body | | limit     | ✅          | ❌        | Query param only | | offset    | ✅          | ❌        | Query param only |  ### Usage Patterns: - **Query-only:** Use query parameters for simple requests - **Body-only:** Use JSON body for complex configurations - **Hybrid:** Combine both, following precedence rules above

Parameters:

Options Hash (opts):

  • :sort (String)

    Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.

  • :filter (String)

    FQL query specifying the filter parameters. **Filter parameters include:** Type, LastUpdated, KillChain, MaliciousConfidence, MaliciousConfidenceValidatedTime, FirstSeen, LastSeen, Adversaries.Name, Adversaries.Slug, Reports.Title, Reports.Slug, Threats.FamilyName, Vulnerabilities.CVE, Sectors.Name, FileDetails.SHA256, FileDetails.SHA1, FileDetails.MD5, DomainDetails.Detail, IPv4Details.IPv4, IPv6Details.IPv6, URLDetails.URL and others

  • :limit (Integer)

    Limit

  • :offset (String)

    Offset

Returns:



115
116
117
118
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 115

def search_indicators(body, opts = {})
  data, _status_code, _headers = search_indicators_with_http_info(body, opts)
  data
end

#search_indicators_with_http_info(body, opts = {}) ⇒ Array<(RestapiIndicatorResponse, Integer, Hash)>

Search indicators based on FQL filter.

This method supports flexible parameter input through both query parameters and JSON request body.  ## Parameter Precedence Rules  | Parameter | Query Param | JSON Body | Precedence Rule | |-----------|-------------|-----------|-----------------| | filter    | ✅          | ✅        | **EXCLUSIVE** - Cannot specify both | | sort      | ✅          | ✅        | **Query param OVERRIDES** JSON body | | limit     | ✅          | ❌        | Query param only | | offset    | ✅          | ❌        | Query param only |  ### Usage Patterns: - **Query-only:** Use query parameters for simple requests - **Body-only:** Use JSON body for complex configurations - **Hybrid:** Combine both, following precedence rules above

Parameters:

Options Hash (opts):

  • :sort (String)

    Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.

  • :filter (String)

    FQL query specifying the filter parameters. **Filter parameters include:** Type, LastUpdated, KillChain, MaliciousConfidence, MaliciousConfidenceValidatedTime, FirstSeen, LastSeen, Adversaries.Name, Adversaries.Slug, Reports.Title, Reports.Slug, Threats.FamilyName, Vulnerabilities.CVE, Sectors.Name, FileDetails.SHA256, FileDetails.SHA1, FileDetails.MD5, DomainDetails.Detail, IPv4Details.IPv4, IPv6Details.IPv6, URLDetails.URL and others

  • :limit (Integer)

    Limit

  • :offset (String)

    Offset

Returns:

  • (Array<(RestapiIndicatorResponse, Integer, Hash)>)

    RestapiIndicatorResponse data, response status code and response headers



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 129

def search_indicators_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.search_indicators ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.search_indicators"
  end
  # resource path
  local_var_path = '/intelligence/combined/indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'RestapiIndicatorResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"IntelligenceIndicatorGraph.search_indicators",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#search_indicators\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end