Class: Falcon::Iocs

Inherits:

Object

• Object
• Falcon::Iocs

Defined in:

lib/crimson-falcon/api/iocs.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #devices_count(type, value, opts = {}) ⇒ IocapiMsaReplyIOCDevicesCount

  Number of hosts in your customer account that have observed a given custom IOC.

• #devices_count_with_http_info(type, value, opts = {}) ⇒ Array<(IocapiMsaReplyIOCDevicesCount, Integer, Hash)>

  Number of hosts in your customer account that have observed a given custom IOC.

• #devices_ran_on(type, value, opts = {}) ⇒ IocapiMsaReplyDevicesRanOn

  Find hosts that have observed a given custom IOC.

• #devices_ran_on_with_http_info(type, value, opts = {}) ⇒ Array<(IocapiMsaReplyDevicesRanOn, Integer, Hash)>

  Find hosts that have observed a given custom IOC.

• #entities_processes(ids, opts = {}) ⇒ ProcessesapiMsaProcessDetailResponse

  For the provided ProcessID retrieve the process details.

• #entities_processes_with_http_info(ids, opts = {}) ⇒ Array<(ProcessesapiMsaProcessDetailResponse, Integer, Hash)>

  For the provided ProcessID retrieve the process details.

• #initialize(api_client = ApiClient.default) ⇒ Iocs constructor

  A new instance of Iocs.

• #processes_ran_on(type, value, device_id, opts = {}) ⇒ IocapiMsaReplyProcessesRanOn

  Search for processes associated with a custom IOC.

• #processes_ran_on_with_http_info(type, value, device_id, opts = {}) ⇒ Array<(IocapiMsaReplyProcessesRanOn, Integer, Hash)>

  Search for processes associated with a custom IOC.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ Iocs

Returns a new instance of Iocs.

# File 'lib/crimson-falcon/api/iocs.rb', line 35

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/iocs.rb', line 33

def api_client
  @api_client
end

Instance Method Details

#devices_count(type, value, opts = {}) ⇒ IocapiMsaReplyIOCDevicesCount

Number of hosts in your customer account that have observed a given custom IOC

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (IocapiMsaReplyIOCDevicesCount)

# File 'lib/crimson-falcon/api/iocs.rb', line 43

def devices_count(type, value, opts = {})
  data, _status_code, _headers = devices_count_with_http_info(type, value, opts)
  data
end

#devices_count_with_http_info(type, value, opts = {}) ⇒ Array<(IocapiMsaReplyIOCDevicesCount, Integer, Hash)>

Number of hosts in your customer account that have observed a given custom IOC

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(IocapiMsaReplyIOCDevicesCount, Integer, Hash)>) —

  IocapiMsaReplyIOCDevicesCount data, response status code and response headers

# File 'lib/crimson-falcon/api/iocs.rb', line 53

def devices_count_with_http_info(type, value, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Iocs.devices_count ...'
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Iocs.devices_count"
  end
  # verify the required parameter 'value' is set
  if @api_client.config.client_side_validation && value.nil?
    fail ArgumentError, "Missing the required parameter 'value' when calling Iocs.devices_count"
  end
  # resource path
  local_var_path = '/indicators/aggregates/devices-count/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'type'] = type
  query_params[:'value'] = value

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'IocapiMsaReplyIOCDevicesCount'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Iocs.devices_count",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Iocs#devices_count\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#devices_ran_on(type, value, opts = {}) ⇒ IocapiMsaReplyDevicesRanOn

Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (String) —

  The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.

• :offset (String) —

  The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.

Returns:

• (IocapiMsaReplyDevicesRanOn)

# File 'lib/crimson-falcon/api/iocs.rb', line 114

def devices_ran_on(type, value, opts = {})
  data, _status_code, _headers = devices_ran_on_with_http_info(type, value, opts)
  data
end

#devices_ran_on_with_http_info(type, value, opts = {}) ⇒ Array<(IocapiMsaReplyDevicesRanOn, Integer, Hash)>

Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (String) —

  The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.

• :offset (String) —

  The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.

Returns:

• (Array<(IocapiMsaReplyDevicesRanOn, Integer, Hash)>) —

  IocapiMsaReplyDevicesRanOn data, response status code and response headers

# File 'lib/crimson-falcon/api/iocs.rb', line 126

def devices_ran_on_with_http_info(type, value, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Iocs.devices_ran_on ...'
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Iocs.devices_ran_on"
  end
  # verify the required parameter 'value' is set
  if @api_client.config.client_side_validation && value.nil?
    fail ArgumentError, "Missing the required parameter 'value' when calling Iocs.devices_ran_on"
  end
  # resource path
  local_var_path = '/indicators/queries/devices/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'type'] = type
  query_params[:'value'] = value
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'IocapiMsaReplyDevicesRanOn'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Iocs.devices_ran_on",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Iocs#devices_ran_on\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#entities_processes(ids, opts = {}) ⇒ ProcessesapiMsaProcessDetailResponse

For the provided ProcessID retrieve the process details

Parameters:

• ids (Array<String>) —

  ProcessID for the running process you want to lookup

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (ProcessesapiMsaProcessDetailResponse)

# File 'lib/crimson-falcon/api/iocs.rb', line 186

def entities_processes(ids, opts = {})
  data, _status_code, _headers = entities_processes_with_http_info(ids, opts)
  data
end

#entities_processes_with_http_info(ids, opts = {}) ⇒ Array<(ProcessesapiMsaProcessDetailResponse, Integer, Hash)>

For the provided ProcessID retrieve the process details

Parameters:

• ids (Array<String>) —

  ProcessID for the running process you want to lookup

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(ProcessesapiMsaProcessDetailResponse, Integer, Hash)>) —

  ProcessesapiMsaProcessDetailResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/iocs.rb', line 195

def entities_processes_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Iocs.entities_processes ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling Iocs.entities_processes"
  end
  # resource path
  local_var_path = '/processes/entities/processes/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :multi)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'ProcessesapiMsaProcessDetailResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Iocs.entities_processes",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Iocs#entities_processes\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#processes_ran_on(type, value, device_id, opts = {}) ⇒ IocapiMsaReplyProcessesRanOn

Search for processes associated with a custom IOC

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• device_id (String) —

  Specify a host&#39;s ID to return only processes from that host. Get a host&#39;s ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (String) —

  The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.

• :offset (String) —

  The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.

Returns:

• (IocapiMsaReplyProcessesRanOn)

# File 'lib/crimson-falcon/api/iocs.rb', line 252

def processes_ran_on(type, value, device_id, opts = {})
  data, _status_code, _headers = processes_ran_on_with_http_info(type, value, device_id, opts)
  data
end

#processes_ran_on_with_http_info(type, value, device_id, opts = {}) ⇒ Array<(IocapiMsaReplyProcessesRanOn, Integer, Hash)>

Search for processes associated with a custom IOC

Parameters:

• type (String) —

  The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.

• value (String) —

  The string representation of the indicator

• device_id (String) —

  Specify a host&#39;s ID to return only processes from that host. Get a host&#39;s ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :limit (String) —

  The first process to return, where 0 is the latest offset. Use with the offset parameter to manage pagination of results.

• :offset (String) —

  The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.

Returns:

• (Array<(IocapiMsaReplyProcessesRanOn, Integer, Hash)>) —

  IocapiMsaReplyProcessesRanOn data, response status code and response headers

# File 'lib/crimson-falcon/api/iocs.rb', line 265

def processes_ran_on_with_http_info(type, value, device_id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: Iocs.processes_ran_on ...'
  end
  # verify the required parameter 'type' is set
  if @api_client.config.client_side_validation && type.nil?
    fail ArgumentError, "Missing the required parameter 'type' when calling Iocs.processes_ran_on"
  end
  # verify the required parameter 'value' is set
  if @api_client.config.client_side_validation && value.nil?
    fail ArgumentError, "Missing the required parameter 'value' when calling Iocs.processes_ran_on"
  end
  # verify the required parameter 'device_id' is set
  if @api_client.config.client_side_validation && device_id.nil?
    fail ArgumentError, "Missing the required parameter 'device_id' when calling Iocs.processes_ran_on"
  end
  # resource path
  local_var_path = '/indicators/queries/processes/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'type'] = type
  query_params[:'value'] = value
  query_params[:'device_id'] = device_id
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'IocapiMsaReplyProcessesRanOn'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"Iocs.processes_ran_on",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: Iocs#processes_ran_on\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end