Class: ThreatIntelligence::ThreatintelClient

Inherits:

Object

• Object
• ThreatIntelligence::ThreatintelClient

Defined in:

lib/oci/threat_intelligence/threatintel_client.rb

Overview

Use the Threat Intelligence API to view indicators of compromise and related items. For more information, see [Overview of Threat Intelligence](/Content/ThreatIntelligence/Concepts/threatintelligenceoverview.htm).

Instance Attribute Summary

• #api_client ⇒ OCI::ApiClient readonly

  Client used to make HTTP requests.

• #endpoint ⇒ String readonly

  Fully qualified endpoint URL.

• #region ⇒ String

  The region, which will usually correspond to a value in OCI::Regions::REGION_ENUM.

• #retry_config ⇒ OCI::Retry::RetryConfig readonly

  The default retry configuration to apply to all operations in this service client.

Instance Method Summary

• #get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response

  Gets a detailed indicator by identifier.

• #initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient constructor

  Creates a new ThreatintelClient.

• #list_indicator_counts(compartment_id, opts = {}) ⇒ Response

  Get the current count of each indicator type.

• #list_indicators(compartment_id, opts = {}) ⇒ Response

  Returns a list of IndicatorSummary objects.

• #list_threat_types(compartment_id, opts = {}) ⇒ Response

  Gets a list of threat types that are available to use as parameters when querying indicators.

• #logger ⇒ Logger

  The logger for this client.

Constructor Details

#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient

Creates a new ThreatintelClient. Notes:

If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Either a region or an endpoint must be specified.  If an endpoint is specified, it will be used instead of the
  region. A region may be specified in the config or via or the region parameter. If specified in both, then the
  region parameter will be used.

Parameters:

• config (Config) (defaults to: nil) —

  A Config object.

• region (String) (defaults to: nil) —

  A region used to determine the service endpoint. This will usually correspond to a value in OCI::Regions::REGION_ENUM, but may be an arbitrary string.

• endpoint (String) (defaults to: nil) —

  The fully qualified endpoint URL

• signer (OCI::BaseSigner) (defaults to: nil) —

  A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

• proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil) —

  If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

• retry_config (OCI::Retry::RetryConfig) (defaults to: nil) —

  The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation will not perform any retries

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 53

def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config

  if endpoint
    @endpoint = endpoint + '/20210831'
  else
    region ||= config.region
    region ||= signer.region if signer.respond_to?(:region)
    self.region = region
  end
  logger.info "ThreatintelClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_client ⇒ OCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:

• (OCI::ApiClient)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 13

def api_client
  @api_client
end

#endpoint ⇒ String (readonly)

Fully qualified endpoint URL

Returns:

• (String)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 17

def endpoint
  @endpoint
end

#region ⇒ String

The region, which will usually correspond to a value in OCI::Regions::REGION_ENUM.

Returns:

• (String)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 27

def region
  @region
end

#retry_config ⇒ OCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is `nil`, which means that an operation will not perform any retries

Returns:

• (OCI::Retry::RetryConfig)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 23

def retry_config
  @retry_config
end

Instance Method Details

#get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/threatintelligence/get_indicator.rb.html) to see an example of how to use get_indicator API.

Gets a detailed indicator by identifier

Parameters:

• indicator_id (String) —

  unique indicator identifier

• compartment_id (String) —

  The ID of the tenancy to use to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit `nil` value is provided then the operation will not retry

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type Indicator

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 110

def get_indicator(indicator_id, compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#get_indicator.' if logger

  raise "Missing the required parameter 'indicator_id' when calling get_indicator." if indicator_id.nil?
  raise "Missing the required parameter 'compartment_id' when calling get_indicator." if compartment_id.nil?
  raise "Parameter value for 'indicator_id' must not be blank" if OCI::Internal::Util.blank_string?(indicator_id)

  path = '/indicators/{indicatorId}'.sub('{indicatorId}', indicator_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#get_indicator') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::Indicator'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicator_counts(compartment_id, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/threatintelligence/list_indicator_counts.rb.html) to see an example of how to use list_indicator_counts API.

Get the current count of each indicator type. Results can be sorted ASC or DESC by count.

Parameters:

• compartment_id (String) —

  The ID of the tenancy to use to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit `nil` value is provided then the operation will not retry

• :opc_request_id (String) —

  The client request ID for tracing.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

Returns:

• (Response) —

  A Response object with data of type IndicatorCountCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 167

def list_indicator_counts(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicator_counts.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicator_counts." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/indicatorCounts'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicator_counts') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorCountCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicators(compartment_id, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/threatintelligence/list_indicators.rb.html) to see an example of how to use list_indicators API.

Returns a list of IndicatorSummary objects.

Allowed values are: confidence, timeUpdated

Parameters:

• compartment_id (String) —

  The ID of the tenancy to use to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit `nil` value is provided then the operation will not retry

• :threat_type_name (Array<String>) —

  The result set will include indicators that have any of the provided threat types. To filter for multiple threat types repeat the query parameter.

• :type (String) —

  The indicator type of entities to be returned.

• :value (String) —

  The indicator value of entities to be returned.

• :confidence_greater_than_or_equal_to (Integer) —

  The minimum confidence score of entities to be returned.

• :time_updated_greater_than_or_equal_to (DateTime) —

  The oldest update time of entities to be returned.

• :limit (Integer) —

  The maximum number of items to return. (default to 10)

• :page (String) —

  A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

• :sort_by (String) —

  The field to sort by. Only one field to sort by may be provided. (default to timeUpdated)

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type IndicatorSummaryCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 238

def list_indicators(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicators.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicators." if compartment_id.nil?

  if opts[:type] && !OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.include?(opts[:type])
    raise 'Invalid value for "type", must be one of the values in OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.'
  end

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  if opts[:sort_by] && !%w[confidence timeUpdated].include?(opts[:sort_by])
    raise 'Invalid value for "sort_by", must be one of confidence, timeUpdated.'
  end

  path = '/indicators'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:threatTypeName] = OCI::ApiClient.build_collection_params(opts[:threat_type_name], :multi) if opts[:threat_type_name] && !opts[:threat_type_name].empty?
  query_params[:type] = opts[:type] if opts[:type]
  query_params[:value] = opts[:value] if opts[:value]
  query_params[:confidenceGreaterThanOrEqualTo] = opts[:confidence_greater_than_or_equal_to] if opts[:confidence_greater_than_or_equal_to]
  query_params[:timeUpdatedGreaterThanOrEqualTo] = opts[:time_updated_greater_than_or_equal_to] if opts[:time_updated_greater_than_or_equal_to]
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]
  query_params[:sortBy] = opts[:sort_by] if opts[:sort_by]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicators') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_threat_types(compartment_id, opts = {}) ⇒ Response

Note:

Click [here](docs.cloud.oracle.com/en-us/iaas/tools/ruby-sdk-examples/latest/threatintelligence/list_threat_types.rb.html) to see an example of how to use list_threat_types API.

Gets a list of threat types that are available to use as parameters when querying indicators. This is sorted by threat type name according to the sort order query param.

Parameters:

• compartment_id (String) —

  The ID of the tenancy to use to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit `nil` value is provided then the operation will not retry

• :limit (Integer) —

  The maximum number of items to return. (default to 10)

• :page (String) —

  A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type ThreatTypesCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 318

def list_threat_types(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_threat_types.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_threat_types." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/threatTypes'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_threat_types') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::ThreatTypesCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#logger ⇒ Logger

Returns The logger for this client. May be nil.

Returns:

• (Logger) —

  The logger for this client. May be nil.

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 92

def logger
  @api_client.config.logger
end