otx_ruby 0.9.0 → 0.9.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.byebug_history +16 -0
  3. data/lib/otx_ruby.rb +1 -0
  4. data/lib/otx_ruby/base.rb +0 -1
  5. data/lib/otx_ruby/domain.rb +20 -0
  6. data/lib/otx_ruby/hostname.rb +20 -0
  7. data/lib/otx_ruby/ip.rb +17 -0
  8. data/lib/otx_ruby/types/ip/dns.rb +8 -0
  9. data/lib/otx_ruby/types/ip/nids_list.rb +9 -0
  10. data/lib/otx_ruby/version.rb +1 -1
  11. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a393a7e3ddff72c1b18faf37eaf3a9f6704ee5a8
4
- data.tar.gz: 7455235c496ac4f7aee1af952c19df1e4603967d
3
+ metadata.gz: e48854be702f228cf8ae62c774de7d18c381c9c2
4
+ data.tar.gz: a9aeca6b0829a98bfa74d67e5fde7cf0238544e8
5
5
  SHA512:
6
- metadata.gz: b81cb190205a665ea1da2fa520ded662e6bd9df970f18bf11cef85faf98c33eb9e853de35ac1615227990ac8d7db7e4e398ee83d2d539454e398b72f4b194b8c
7
- data.tar.gz: 8f742dd37289a728fa5f87d181b8fea156bfb8f2e44219ad8ea9939dca2b39c1e25bd5f5c48153f1f593c44904ebf9d008ec2a5bf580810b77d745bc6d52e5a7
6
+ metadata.gz: c9153d17a563053f1f37fb85b7d51f88664db7ba99b28c35d717529c721d4acabaadb6140ec8aabde9ac371a1622e73cd36466b53a7934d73ab61223e7399619
7
+ data.tar.gz: 2161c20ea706992433648b2fe3801ccd2f5defb5cdf461dfc04397a35b2a8a04d4516eb55829bac33da18aba7a13b2279f5dd5cef5ff027a0cfe39e49b9b009d
data/.byebug_history ADDED
@@ -0,0 +1,16 @@
1
+ exit
2
+ passive_dns[0].address
3
+ passive_dns[0]
4
+ passive_dns
5
+ exit
6
+ passive_dns
7
+ exit
8
+ d.passive_dns[1]['address']
9
+ d.passive_dns[1]
10
+ d.passive_dns[0]['hostname']
11
+ d.passive_dns[0]
12
+ d.passive_dns
13
+ d.first
14
+ d
15
+ exit
16
+ d.class
data/lib/otx_ruby.rb CHANGED
@@ -44,6 +44,7 @@ require "otx_ruby/types/ip/url"
44
44
  require "otx_ruby/types/ip/dns"
45
45
  require "otx_ruby/types/ip/http_scan"
46
46
  require "otx_ruby/types/ip/whois"
47
+ require "otx_ruby/types/ip/nids_list"
47
48
 
48
49
  #
49
50
  # Base AlienVault OTX Module
data/lib/otx_ruby/base.rb CHANGED
@@ -73,7 +73,6 @@ module OTX
73
73
  end
74
74
  end
75
75
 
76
-
77
76
  module OTX
78
77
  #
79
78
  # Base Data Types for Returned Data from API
data/lib/otx_ruby/domain.rb CHANGED
@@ -86,5 +86,25 @@ module OTX
86
86
 
87
87
  return whois
88
88
  end
89
+
90
+ #
91
+ # Tallies total NIDS rules linked to a domain
92
+ #
93
+ # @param domain [String] Domain to check for NIDS rules
94
+ # @param pda [Array] Passive DNS objects to check for linked NIDS rules
95
+ # @return [Integer] Total number of NIDS rules
96
+ #
97
+ def count_nids_list(domain, pda)
98
+ grant_access = self.instance_variable_get('@key')
99
+ ip_object = OTX::IP.new(grant_access)
100
+
101
+ total = 0
102
+ pda.each do |pdr|
103
+ nids_list = ip_object.get_nids_list(pdr.address)
104
+ total += nids_list.count
105
+ end
106
+
107
+ return total
108
+ end
89
109
  end
90
110
  end
data/lib/otx_ruby/hostname.rb CHANGED
@@ -91,5 +91,25 @@ module OTX
91
91
 
92
92
  return results
93
93
  end
94
+
95
+ #
96
+ # Tallies total NIDS rules linked to a hostname
97
+ #
98
+ # @param hostname [String] Hostname to check for NIDS rules
99
+ # @param pda [Array] Passive DNS objects to check for linked NIDS rules
100
+ # @return [Integer] Total number of NIDS rules
101
+ #
102
+ def count_nids_list(hostname, pda)
103
+ grant_access = self.instance_variable_get('@key')
104
+ ip_object = OTX::IP.new(grant_access)
105
+
106
+ total = 0
107
+ pda.each do |pdr|
108
+ nids_list = ip_object.get_nids_list(pdr.address)
109
+ total += nids_list.count
110
+ end
111
+
112
+ return total
113
+ end
94
114
  end
95
115
  end
data/lib/otx_ruby/ip.rb CHANGED
@@ -101,5 +101,22 @@ module OTX
101
101
 
102
102
  return results
103
103
  end
104
+
105
+ #
106
+ # NIDS rules associated with an IP
107
+ #
108
+ # @param ip [String] IP Address for lookup
109
+ # @param type [String] Format of IP Address e.g 'IPv4', 'IPv6'
110
+ # @return [Object] Object created from NIDS list json data
111
+ #
112
+ def get_nids_list(ip, type = :ipv4)
113
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/nids_list"
114
+
115
+ json_data = get(uri)
116
+
117
+ nids_list = OTX::Indicator::IP::NidsList.new(json_data)
118
+
119
+ return nids_list
120
+ end
104
121
  end
105
122
  end
data/lib/otx_ruby/types/ip/dns.rb CHANGED
@@ -2,6 +2,14 @@ module OTX
2
2
  module Indicator
3
3
  module IP
4
4
  class DNS < OTX::Type::Base
5
+ def get_ips
6
+ ips = []
7
+ @passive_dns.each do |r|
8
+ ips << r['address']
9
+ end
10
+
11
+ return ips
12
+ end
5
13
  end
6
14
  end
7
15
  end
data/lib/otx_ruby/types/ip/nids_list.rb ADDED
@@ -0,0 +1,9 @@
1
+ module OTX
2
+ module Indicator
3
+ module IP
4
+ class NidsList < OTX::Type::Base
5
+ attr_accessor :count, :limit, :results
6
+ end
7
+ end
8
+ end
9
+ end
data/lib/otx_ruby/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module OTX
2
2
  # Library Version Number
3
- VERSION = "0.9.0"
3
+ VERSION = "0.9.5"
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: otx_ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.9.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen Kapp
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-12-21 00:00:00.000000000 Z
11
+ date: 2018-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -115,6 +115,7 @@ executables: []
115
115
  extensions: []
116
116
  extra_rdoc_files: []
117
117
  files:
118
+ - ".byebug_history"
118
119
  - ".gitignore"
119
120
  - Gemfile
120
121
  - LICENSE.md
@@ -154,6 +155,7 @@ files:
154
155
  - lib/otx_ruby/types/ip/geo.rb
155
156
  - lib/otx_ruby/types/ip/http_scan.rb
156
157
  - lib/otx_ruby/types/ip/malware.rb
158
+ - lib/otx_ruby/types/ip/nids_list.rb
157
159
  - lib/otx_ruby/types/ip/reputation.rb
158
160
  - lib/otx_ruby/types/ip/url.rb
159
161
  - lib/otx_ruby/types/ip/whois.rb
@@ -186,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
186
188
  version: '0'
187
189
  requirements: []
188
190
  rubyforge_project:
189
- rubygems_version: 2.6.14
191
+ rubygems_version: 2.6.12
190
192
  signing_key:
191
193
  specification_version: 4
192
194
  summary: AlienVault OTX Ruby Gem