Class: OCI::ThreatIntelligence::ThreatintelClient
- Inherits:
-
Object
- Object
- OCI::ThreatIntelligence::ThreatintelClient
- Defined in:
- lib/oci/threat_intelligence/threatintel_client.rb
Overview
Use the Threat Intelligence API to search for information about known threat indicators, including suspicious IP addresses, domain names, and other digital fingerprints. Threat Intelligence is a managed database of curated threat intelligence that comes from first party Oracle security insights, open source feeds, and vendor-procured data. For more information, see the Threat Intelligence documentation.
Instance Attribute Summary collapse
-
#api_client ⇒ OCI::ApiClient
readonly
Client used to make HTTP requests.
-
#endpoint ⇒ String
readonly
Fully qualified endpoint URL.
-
#region ⇒ String
The region, which will usually correspond to a value in Regions::REGION_ENUM.
-
#retry_config ⇒ OCI::Retry::RetryConfig
readonly
The default retry configuration to apply to all operations in this service client.
Instance Method Summary collapse
-
#get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response
Get detailed information about a threat indicator with a given identifier.
-
#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient
constructor
Creates a new ThreatintelClient.
-
#list_indicator_counts(compartment_id, opts = {}) ⇒ Response
Get the current count of each threat indicator type.
-
#list_indicators(compartment_id, opts = {}) ⇒ Response
Get a list of threat indicator summaries based on the search criteria.
-
#list_threat_types(compartment_id, opts = {}) ⇒ Response
Gets a list of threat types that are available to use as parameters when querying indicators.
-
#logger ⇒ Logger
The logger for this client.
-
#summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) ⇒ Response
Get indicator summaries based on advanced search criteria.
Constructor Details
#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ ThreatintelClient
Creates a new ThreatintelClient. Notes: If a config is not specified, then the global OCI.config will be used.
This client is not thread-safe
Either a region or an endpoint must be specified. If an endpoint is specified, it will be used instead of the region. A region may be specified in the config or via or the region parameter. If specified in both, then the region parameter will be used.
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 55 def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers) # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then # pass it to this constructor. # # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid # so try and load the config from the default file. config = OCI::Config.validate_and_build_config_with_signer(config, signer) signer = OCI::Signer.config_file_auth_builder(config) if signer.nil? @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings) @retry_config = retry_config if endpoint @endpoint = endpoint + '/20220901' else region ||= config.region region ||= signer.region if signer.respond_to?(:region) self.region = region end logger.info "ThreatintelClient endpoint set to '#{@endpoint}'." if logger end |
Instance Attribute Details
#api_client ⇒ OCI::ApiClient (readonly)
Client used to make HTTP requests.
15 16 17 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 15 def api_client @api_client end |
#endpoint ⇒ String (readonly)
Fully qualified endpoint URL
19 20 21 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 19 def endpoint @endpoint end |
#region ⇒ String
The region, which will usually correspond to a value in Regions::REGION_ENUM.
29 30 31 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 29 def region @region end |
#retry_config ⇒ OCI::Retry::RetryConfig (readonly)
The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil
, which means that an operation will not perform any retries
25 26 27 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 25 def retry_config @retry_config end |
Instance Method Details
#get_indicator(indicator_id, compartment_id, opts = {}) ⇒ Response
Click here to see an example of how to use get_indicator API.
Get detailed information about a threat indicator with a given identifier.
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 112 def get_indicator(indicator_id, compartment_id, opts = {}) logger.debug 'Calling operation ThreatintelClient#get_indicator.' if logger raise "Missing the required parameter 'indicator_id' when calling get_indicator." if indicator_id.nil? raise "Missing the required parameter 'compartment_id' when calling get_indicator." if compartment_id.nil? raise "Parameter value for 'indicator_id' must not be blank" if OCI::Internal::Util.blank_string?(indicator_id) path = '/indicators/{indicatorId}'.sub('{indicatorId}', indicator_id.to_s) operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} query_params[:compartmentId] = compartment_id # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = nil # rubocop:disable Metrics/BlockLength OCI::Retry.(applicable_retry_config(opts), call_name: 'ThreatintelClient#get_indicator') do @api_client.call_api( :GET, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::ThreatIntelligence::Models::Indicator' ) end # rubocop:enable Metrics/BlockLength end |
#list_indicator_counts(compartment_id, opts = {}) ⇒ Response
Click here to see an example of how to use list_indicator_counts API.
Get the current count of each threat indicator type. Indicator counts can be sorted in ascending or descending order.
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 169 def list_indicator_counts(compartment_id, opts = {}) logger.debug 'Calling operation ThreatintelClient#list_indicator_counts.' if logger raise "Missing the required parameter 'compartment_id' when calling list_indicator_counts." if compartment_id.nil? if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order]) raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.' end path = '/indicatorCounts' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} query_params[:compartmentId] = compartment_id query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order] # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = nil # rubocop:disable Metrics/BlockLength OCI::Retry.(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicator_counts') do @api_client.call_api( :GET, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::ThreatIntelligence::Models::IndicatorCountCollection' ) end # rubocop:enable Metrics/BlockLength end |
#list_indicators(compartment_id, opts = {}) ⇒ Response
Click here to see an example of how to use list_indicators API.
Get a list of threat indicator summaries based on the search criteria.
Allowed values are: confidence, timeCreated, timeUpdated, timeLastSeen
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 245 def list_indicators(compartment_id, opts = {}) logger.debug 'Calling operation ThreatintelClient#list_indicators.' if logger raise "Missing the required parameter 'compartment_id' when calling list_indicators." if compartment_id.nil? if opts[:type] && !OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.include?(opts[:type]) raise 'Invalid value for "type", must be one of the values in OCI::ThreatIntelligence::Models::INDICATOR_TYPE_ENUM.' end if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order]) raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.' end if opts[:sort_by] && !%w[confidence timeCreated timeUpdated timeLastSeen].include?(opts[:sort_by]) raise 'Invalid value for "sort_by", must be one of confidence, timeCreated, timeUpdated, timeLastSeen.' end path = '/indicators' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} query_params[:compartmentId] = compartment_id query_params[:threatTypeName] = OCI::ApiClient.build_collection_params(opts[:threat_type_name], :multi) if opts[:threat_type_name] && !opts[:threat_type_name].empty? query_params[:type] = opts[:type] if opts[:type] query_params[:value] = opts[:value] if opts[:value] query_params[:confidenceGreaterThanOrEqualTo] = opts[:confidence_greater_than_or_equal_to] if opts[:confidence_greater_than_or_equal_to] query_params[:timeUpdatedGreaterThanOrEqualTo] = opts[:time_updated_greater_than_or_equal_to] if opts[:time_updated_greater_than_or_equal_to] query_params[:timeUpdatedLessThan] = opts[:time_updated_less_than] if opts[:time_updated_less_than] query_params[:timeLastSeenGreaterThanOrEqualTo] = opts[:time_last_seen_greater_than_or_equal_to] if opts[:time_last_seen_greater_than_or_equal_to] query_params[:timeLastSeenLessThan] = opts[:time_last_seen_less_than] if opts[:time_last_seen_less_than] query_params[:timeCreatedGreaterThanOrEqualTo] = opts[:time_created_greater_than_or_equal_to] if opts[:time_created_greater_than_or_equal_to] query_params[:timeCreatedLessThan] = opts[:time_created_less_than] if opts[:time_created_less_than] query_params[:limit] = opts[:limit] if opts[:limit] query_params[:page] = opts[:page] if opts[:page] query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order] query_params[:sortBy] = opts[:sort_by] if opts[:sort_by] # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = nil # rubocop:disable Metrics/BlockLength OCI::Retry.(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_indicators') do @api_client.call_api( :GET, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection' ) end # rubocop:enable Metrics/BlockLength end |
#list_threat_types(compartment_id, opts = {}) ⇒ Response
Click here to see an example of how to use list_threat_types API.
Gets a list of threat types that are available to use as parameters when querying indicators. The list is sorted by threat type name according to the sort order query param.
330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 330 def list_threat_types(compartment_id, opts = {}) logger.debug 'Calling operation ThreatintelClient#list_threat_types.' if logger raise "Missing the required parameter 'compartment_id' when calling list_threat_types." if compartment_id.nil? if opts[:sort_order] && !OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.include?(opts[:sort_order]) raise 'Invalid value for "sort_order", must be one of the values in OCI::ThreatIntelligence::Models::SORT_ORDER_ENUM.' end path = '/threatTypes' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} query_params[:compartmentId] = compartment_id query_params[:limit] = opts[:limit] if opts[:limit] query_params[:page] = opts[:page] if opts[:page] query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order] # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = nil # rubocop:disable Metrics/BlockLength OCI::Retry.(applicable_retry_config(opts), call_name: 'ThreatintelClient#list_threat_types') do @api_client.call_api( :GET, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::ThreatIntelligence::Models::ThreatTypesCollection' ) end # rubocop:enable Metrics/BlockLength end |
#logger ⇒ Logger
Returns The logger for this client. May be nil.
94 95 96 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 94 def logger @api_client.config.logger end |
#summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) ⇒ Response
Click here to see an example of how to use summarize_indicators API.
Get indicator summaries based on advanced search criteria.
394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 |
# File 'lib/oci/threat_intelligence/threatintel_client.rb', line 394 def summarize_indicators(compartment_id, summarize_indicators_details, opts = {}) logger.debug 'Calling operation ThreatintelClient#summarize_indicators.' if logger raise "Missing the required parameter 'compartment_id' when calling summarize_indicators." if compartment_id.nil? raise "Missing the required parameter 'summarize_indicators_details' when calling summarize_indicators." if summarize_indicators_details.nil? path = '/indicators/actions/summarize' operation_signing_strategy = :standard # rubocop:disable Style/NegatedIf # Query Params query_params = {} query_params[:compartmentId] = compartment_id query_params[:limit] = opts[:limit] if opts[:limit] query_params[:page] = opts[:page] if opts[:page] # Header Params header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id] # rubocop:enable Style/NegatedIf post_body = @api_client.object_to_http_body(summarize_indicators_details) # rubocop:disable Metrics/BlockLength OCI::Retry.(applicable_retry_config(opts), call_name: 'ThreatintelClient#summarize_indicators') do @api_client.call_api( :POST, path, endpoint, header_params: header_params, query_params: query_params, operation_signing_strategy: operation_signing_strategy, body: post_body, return_type: 'OCI::ThreatIntelligence::Models::IndicatorSummaryCollection' ) end # rubocop:enable Metrics/BlockLength end |