Class: OCI::ThreatIntelligence::ThreatintelClient

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/threat_intelligence/threatintel_client.rb

Overview

Use the Threat Intelligence API to search for information about known threat indicators, including suspicious IP addresses, domain names, and other digital fingerprints. Threat Intelligence is a managed database of curated threat intelligence that comes from first party Oracle security insights, open source feeds, and vendor-procured data. For more information, see the Threat Intelligence documentation.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient

Creates a new ThreatintelClient. Notes: If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Either a region or an endpoint must be specified. If an endpoint is specified, it will be used instead of the region. A region may be specified in the config or via or the region parameter. If specified in both, then the region parameter will be used.

Parameters:

  • config (Config) (defaults to: nil)

    A Config object.

  • region (String) (defaults to: nil)

    A region used to determine the service endpoint. This will usually correspond to a value in Regions::REGION_ENUM, but may be an arbitrary string.

  • endpoint (String) (defaults to: nil)

    The fully qualified endpoint URL

  • signer (OCI::BaseSigner) (defaults to: nil)

    A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

  • proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil)

    If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

  • retry_config (OCI::Retry::RetryConfig) (defaults to: nil)

    The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 55

def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config

  if endpoint
    @endpoint = endpoint + '/20220901'
  else
    region ||= config.region
    region ||= signer.region if signer.respond_to?(:region)
    self.region = region
  end
  logger.info "ThreatintelClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_clientOCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:



15
16
17
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 15

def api_client
  @api_client
end

#endpointString (readonly)

Fully qualified endpoint URL

Returns:

  • (String)


19
20
21
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 19

def endpoint
  @endpoint
end

#regionString

The region, which will usually correspond to a value in Regions::REGION_ENUM.

Returns:

  • (String)


29
30
31
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 29

def region
  @region
end

#retry_configOCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries



25
26
27
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 25

def retry_config
  @retry_config
end

Instance Method Details

#get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use get_indicator API.

Get detailed information about a threat indicator with a given identifier.

Parameters:

  • indicator_id (String)

    The unique identifier (OCID) of the threat indicator.

  • compartment_id (String)

    The OCID of the tenancy (root compartment) that is used to filter results.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :opc_request_id (String)

    The client request ID for tracing.

Returns:



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 112

def get_indicator(indicator_id, compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#get_indicator.' if logger

  raise "Missing the required parameter 'indicator_id' when calling get_indicator." if indicator_id.nil?
  raise "Missing the required parameter 'compartment_id' when calling get_indicator." if compartment_id.nil?
  raise "Parameter value for 'indicator_id' must not be blank" if OCI::Internal::Util.blank_string?(indicator_id)

  path = '/indicators/{indicatorId}'.sub('{indicatorId}', indicator_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#get_indicator') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::Indicator'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicator_counts(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_indicator_counts API.

Get the current count of each threat indicator type. Indicator counts can be sorted in ascending or descending order.

Parameters:

  • compartment_id (String)

    The OCID of the tenancy (root compartment) that is used to filter results.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :opc_request_id (String)

    The client request ID for tracing.

  • :sort_order (String)

    The sort order to use, either 'ASC' or 'DESC'.

Returns:



169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 169

def list_indicator_counts(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicator_counts.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicator_counts." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/indicatorCounts'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicator_counts') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorCountCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_indicators(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_indicators API.

Get a list of threat indicator summaries based on the search criteria.

Allowed values are: confidence, timeCreated, timeUpdated, timeLastSeen

Parameters:

  • compartment_id (String)

    The OCID of the tenancy (root compartment) that is used to filter results.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :threat_type_name (Array<String>)

    The threat type of entites to be returned. To filter for multiple threat types, repeat this parameter. (default to [])

  • :type (String)

    The indicator type of entities to be returned.

  • :value (String)

    The indicator value of entities to be returned.

  • :confidence_greater_than_or_equal_to (Integer)

    The minimum confidence score of entities to be returned. (default to 0)

  • :time_updated_greater_than_or_equal_to (DateTime)

    The oldest update time of entities to be returned.

  • :time_updated_less_than (DateTime)

    Return indicators updated before the provided time.

  • :time_last_seen_greater_than_or_equal_to (DateTime)

    The oldest last seen time of entities to be returned.

  • :time_last_seen_less_than (DateTime)

    Return indicators last seen before the provided time.

  • :time_created_greater_than_or_equal_to (DateTime)

    The oldest created/first seen time of entities to be returned.

  • :time_created_less_than (DateTime)

    Return indicators created/first seen before the provided time.

  • :limit (Integer)

    The maximum number of items to return. (default to 10)

  • :page (String)

    A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

  • :sort_order (String)

    The sort order to use, either 'ASC' or 'DESC'.

  • :sort_by (String)

    The field to sort by. Only one field to sort by may be provided. (default to timeUpdated)

  • :opc_request_id (String)

    The client request ID for tracing.

Returns:



245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 245

def list_indicators(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_indicators.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_indicators." if compartment_id.nil?

  if opts[:type] && !OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.include?(opts[:type])
    raise 'Invalid value for "type", must be one of the values in OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.'
  end

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  if opts[:sort_by] && !%w[confidence timeCreated timeUpdated timeLastSeen].include?(opts[:sort_by])
    raise 'Invalid value for "sort_by", must be one of confidence, timeCreated, timeUpdated, timeLastSeen.'
  end

  path = '/indicators'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:threatTypeName] = OCI::ApiClient.build_collection_params(opts[:threat_type_name], :multi) if opts[:threat_type_name] && !opts[:threat_type_name].empty?
  query_params[:type] = opts[:type] if opts[:type]
  query_params[:value] = opts[:value] if opts[:value]
  query_params[:confidenceGreaterThanOrEqualTo] = opts[:confidence_greater_than_or_equal_to] if opts[:confidence_greater_than_or_equal_to]
  query_params[:timeUpdatedGreaterThanOrEqualTo] = opts[:time_updated_greater_than_or_equal_to] if opts[:time_updated_greater_than_or_equal_to]
  query_params[:timeUpdatedLessThan] = opts[:time_updated_less_than] if opts[:time_updated_less_than]
  query_params[:timeLastSeenGreaterThanOrEqualTo] = opts[:time_last_seen_greater_than_or_equal_to] if opts[:time_last_seen_greater_than_or_equal_to]
  query_params[:timeLastSeenLessThan] = opts[:time_last_seen_less_than] if opts[:time_last_seen_less_than]
  query_params[:timeCreatedGreaterThanOrEqualTo] = opts[:time_created_greater_than_or_equal_to] if opts[:time_created_greater_than_or_equal_to]
  query_params[:timeCreatedLessThan] = opts[:time_created_less_than] if opts[:time_created_less_than]
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]
  query_params[:sortBy] = opts[:sort_by] if opts[:sort_by]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicators') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_threat_types(compartment_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_threat_types API.

Gets a list of threat types that are available to use as parameters when querying indicators. The list is sorted by threat type name according to the sort order query param.

Parameters:

  • compartment_id (String)

    The OCID of the tenancy (root compartment) that is used to filter results.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :limit (Integer)

    The maximum number of items to return. (default to 10)

  • :page (String)

    A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

  • :sort_order (String)

    The sort order to use, either 'ASC' or 'DESC'.

  • :opc_request_id (String)

    The client request ID for tracing.

Returns:



330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 330

def list_threat_types(compartment_id, opts = {})
  logger.debug 'Calling operation ThreatintelClient#list_threat_types.' if logger

  raise "Missing the required parameter 'compartment_id' when calling list_threat_types." if compartment_id.nil?

  if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.'
  end

  path = '/threatTypes'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_threat_types') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::ThreatTypesCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#loggerLogger

Returns The logger for this client. May be nil.

Returns:

  • (Logger)

    The logger for this client. May be nil.



94
95
96
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 94

def logger
  @api_client.config.logger
end

#summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use summarize_indicators API.

Get indicator summaries based on advanced search criteria.

Parameters:

  • compartment_id (String)

    The OCID of the tenancy (root compartment) that is used to filter results.

  • summarize_indicators_details (OCI::ThreatIntelligence::Models::SummarizeIndicatorsDetails)

    Query Parameters to search for indicators.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :opc_request_id (String)

    The client request ID for tracing.

  • :limit (Integer)

    The maximum number of items to return. (default to 10)

  • :page (String)

    A token representing the position at which to start retrieving results. This must come from the opc-next-page header field of a previous response.

Returns:



394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 394

def summarize_indicators(compartment_id, summarize_indicators_details, opts = {})
  logger.debug 'Calling operation ThreatintelClient#summarize_indicators.' if logger

  raise "Missing the required parameter 'compartment_id' when calling summarize_indicators." if compartment_id.nil?
  raise "Missing the required parameter 'summarize_indicators_details' when calling summarize_indicators." if summarize_indicators_details.nil?

  path = '/indicators/actions/summarize'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = compartment_id
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(summarize_indicators_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'ThreatintelClient#summarize_indicators') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end