Class: OCI::ThreatIntelligence::ThreatintelClient

Inherits:

Object

• Object
• OCI::ThreatIntelligence::ThreatintelClient

Defined in:

lib/oci/threat_intelligence/threatintel_client.rb

Overview

Use the Threat Intelligence API to search for information about known threat indicators, including suspicious IP addresses, domain names, and other digital fingerprints. Threat Intelligence is a managed database of curated threat intelligence that comes from first party Oracle security insights, open source feeds, and vendor-procured data. For more information, see the Threat Intelligence documentation.

Instance Attribute Summary

• #api_client ⇒ OCI::ApiClient readonly

  Client used to make HTTP requests.

• #endpoint ⇒ String readonly

  Fully qualified endpoint URL.

• #region ⇒ String

  The region, which will usually correspond to a value in Regions::REGION_ENUM.

• #retry_config ⇒ OCI::Retry::RetryConfig readonly

  The default retry configuration to apply to all operations in this service client.

Instance Method Summary

• #get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response

  Get detailed information about a threat indicator with a given identifier.

• #initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient constructor

  Creates a new ThreatintelClient.

• #list_indicator_counts(compartment_id, opts = {}) ⇒ Response

  Get the current count of each threat indicator type.

• #list_indicators(compartment_id, opts = {}) ⇒ Response

  Get a list of threat indicator summaries based on the search criteria.

• #list_threat_types(compartment_id, opts = {}) ⇒ Response

  Gets a list of threat types that are available to use as parameters when querying indicators.

• #logger ⇒ Logger

  The logger for this client.

• #summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) ⇒ Response

  Get indicator summaries based on advanced search criteria.

Constructor Details

#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient

Creates a new ThreatintelClient. Notes: If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Either a region or an endpoint must be specified. If an endpoint is specified, it will be used instead of the region. A region may be specified in the config or via or the region parameter. If specified in both, then the region parameter will be used.

Parameters:

• config (Config) (defaults to: nil) —

  A Config object.

• region (String) (defaults to: nil) —

  A region used to determine the service endpoint. This will usually correspond to a value in Regions::REGION_ENUM, but may be an arbitrary string.

• endpoint (String) (defaults to: nil) —

  The fully qualified endpoint URL

• signer (OCI::BaseSigner) (defaults to: nil) —

  A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

• proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil) —

  If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

• retry_config (OCI::Retry::RetryConfig) (defaults to: nil) —

  The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 55

def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config

  if endpoint
    @endpoint = endpoint + '/20220901'
  else
    region ||= config.region
    region ||= signer.region if signer.respond_to?(:region)
    self.region = region
  end
  logger.info "ThreatintelClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_client ⇒ OCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:

• (OCI::ApiClient)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 15

def api_client
  @api_client
end

#endpoint ⇒ String (readonly)

Fully qualified endpoint URL

Returns:

• (String)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 19

def endpoint
  @endpoint
end

#region ⇒ String

The region, which will usually correspond to a value in Regions::REGION_ENUM.

Returns:

• (String)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 29

def region
  @region
end

#retry_config ⇒ OCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

Returns:

• (OCI::Retry::RetryConfig)

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 25

def retry_config
  @retry_config
end

Instance Method Details

#get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use get_indicator API.

Get detailed information about a threat indicator with a given identifier.

Parameters:

• indicator_id (String) —

  The unique identifier (OCID) of the threat indicator.

• compartment_id (String) —

  The OCID of the tenancy (root compartment) that is used to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type Indicator

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 112

def get_indicator(indicator_id, compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#get_indicator.' if logger

  raise "Missing the required parameter 'indicator_id' when calling get_indicator." if indicator_id.nil?
  raise "Missing the required parameter 'compartment_id' when calling get_indicator." if compartment_id.nil?
  raise "Parameter value for 'indicator_id' must not be blank" if OCI::Internal::Util.blank_string?(indicator_id)

  path = '/indicators/{indicatorId}'.sub('{indicatorId}', indicator_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#get_indicator') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::Indicator'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicator_counts(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_indicator_counts API.

Get the current count of each threat indicator type. Indicator counts can be sorted in ascending or descending order.

Parameters:

• compartment_id (String) —

  The OCID of the tenancy (root compartment) that is used to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  The client request ID for tracing.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

Returns:

• (Response) —

  A Response object with data of type IndicatorCountCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 169

def list_indicator_counts(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicator_counts.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicator_counts." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/indicatorCounts'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicator_counts') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorCountCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicators(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_indicators API.

Get a list of threat indicator summaries based on the search criteria.

Allowed values are: confidence, timeCreated, timeUpdated, timeLastSeen

Parameters:

• compartment_id (String) —

  The OCID of the tenancy (root compartment) that is used to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :threat_type_name (Array<String>) —

  The threat type of entites to be returned. To filter for multiple threat types, repeat this parameter. (default to [])

• :type (String) —

  The indicator type of entities to be returned.

• :value (String) —

  The indicator value of entities to be returned.

• :confidence_greater_than_or_equal_to (Integer) —

  The minimum confidence score of entities to be returned. (default to 0)

• :time_updated_greater_than_or_equal_to (DateTime) —

  The oldest update time of entities to be returned.

• :time_updated_less_than (DateTime) —

  Return indicators updated before the provided time.

• :time_last_seen_greater_than_or_equal_to (DateTime) —

  The oldest last seen time of entities to be returned.

• :time_last_seen_less_than (DateTime) —

  Return indicators last seen before the provided time.

• :time_created_greater_than_or_equal_to (DateTime) —

  The oldest created/first seen time of entities to be returned.

• :time_created_less_than (DateTime) —

  Return indicators created/first seen before the provided time.

• :limit (Integer) —

  The maximum number of items to return. (default to 10)

• :page (String) —

  A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

• :sort_by (String) —

  The field to sort by. Only one field to sort by may be provided. (default to timeUpdated)

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type IndicatorSummaryCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 245

def list_indicators(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicators.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicators." if compartment_id.nil?

  if opts[:type] && !OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.include?(opts[:type])
    raise 'Invalid value for "type", must be one of the values in OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.'
  end

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  if opts[:sort_by] && !%w[confidence timeCreated timeUpdated timeLastSeen].include?(opts[:sort_by])
    raise 'Invalid value for "sort_by", must be one of confidence, timeCreated, timeUpdated, timeLastSeen.'
  end

  path = '/indicators'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:threatTypeName] = OCI::ApiClient.build_collection_params(opts[:threat_type_name], :multi) if opts[:threat_type_name] && !opts[:threat_type_name].empty?
  query_params[:type] = opts[:type] if opts[:type]
  query_params[:value] = opts[:value] if opts[:value]
  query_params[:confidenceGreaterThanOrEqualTo] = opts[:confidence_greater_than_or_equal_to] if opts[:confidence_greater_than_or_equal_to]
  query_params[:timeUpdatedGreaterThanOrEqualTo] = opts[:time_updated_greater_than_or_equal_to] if opts[:time_updated_greater_than_or_equal_to]
  query_params[:timeUpdatedLessThan] = opts[:time_updated_less_than] if opts[:time_updated_less_than]
  query_params[:timeLastSeenGreaterThanOrEqualTo] = opts[:time_last_seen_greater_than_or_equal_to] if opts[:time_last_seen_greater_than_or_equal_to]
  query_params[:timeLastSeenLessThan] = opts[:time_last_seen_less_than] if opts[:time_last_seen_less_than]
  query_params[:timeCreatedGreaterThanOrEqualTo] = opts[:time_created_greater_than_or_equal_to] if opts[:time_created_greater_than_or_equal_to]
  query_params[:timeCreatedLessThan] = opts[:time_created_less_than] if opts[:time_created_less_than]
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]
  query_params[:sortBy] = opts[:sort_by] if opts[:sort_by]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicators') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_threat_types(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_threat_types API.

Gets a list of threat types that are available to use as parameters when querying indicators. The list is sorted by threat type name according to the sort order query param.

Parameters:

• compartment_id (String) —

  The OCID of the tenancy (root compartment) that is used to filter results.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :limit (Integer) —

  The maximum number of items to return. (default to 10)

• :page (String) —

  A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

• :sort_order (String) —

  The sort order to use, either 'ASC' or 'DESC'.

• :opc_request_id (String) —

  The client request ID for tracing.

Returns:

• (Response) —

  A Response object with data of type ThreatTypesCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 330

def list_threat_types(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_threat_types.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_threat_types." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/threatTypes'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_threat_types') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::ThreatTypesCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#logger ⇒ Logger

Returns The logger for this client. May be nil.

Returns:

• (Logger) —

  The logger for this client. May be nil.

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 94

def logger
  @api_client.config.logger
end

#summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use summarize_indicators API.

Get indicator summaries based on advanced search criteria.

Parameters:

• compartment_id (String) —

  The OCID of the tenancy (root compartment) that is used to filter results.

• summarize_indicators_details (OCI::ThreatIntelligence::Models::SummarizeIndicatorsDetails) —

  Query Parameters to search for indicators.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  The client request ID for tracing.

• :limit (Integer) —

  The maximum number of items to return. (default to 10)

• :page (String) —

  A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

Returns:

• (Response) —

  A Response object with data of type IndicatorSummaryCollection

# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 394

def summarize_indicators(compartment_id, summarize_indicators_details, opts = {})
  logger.debug 'Calling operation ThreatintelClient#summarize_indicators.' if logger

  raise "Missing the required parameter 'compartment_id' when calling summarize_indicators." if compartment_id.nil?
  raise "Missing the required parameter 'summarize_indicators_details' when calling summarize_indicators." if summarize_indicators_details.nil?

  path = '/indicators/actions/summarize'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(summarize_indicators_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#summarize_indicators') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end