otx_ruby 0.9.0 → 0.9.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a393a7e3ddff72c1b18faf37eaf3a9f6704ee5a8
-  data.tar.gz: 7455235c496ac4f7aee1af952c19df1e4603967d
+  metadata.gz: e48854be702f228cf8ae62c774de7d18c381c9c2
+  data.tar.gz: a9aeca6b0829a98bfa74d67e5fde7cf0238544e8
 SHA512:
-  metadata.gz: b81cb190205a665ea1da2fa520ded662e6bd9df970f18bf11cef85faf98c33eb9e853de35ac1615227990ac8d7db7e4e398ee83d2d539454e398b72f4b194b8c
-  data.tar.gz: 8f742dd37289a728fa5f87d181b8fea156bfb8f2e44219ad8ea9939dca2b39c1e25bd5f5c48153f1f593c44904ebf9d008ec2a5bf580810b77d745bc6d52e5a7
+  metadata.gz: c9153d17a563053f1f37fb85b7d51f88664db7ba99b28c35d717529c721d4acabaadb6140ec8aabde9ac371a1622e73cd36466b53a7934d73ab61223e7399619
+  data.tar.gz: 2161c20ea706992433648b2fe3801ccd2f5defb5cdf461dfc04397a35b2a8a04d4516eb55829bac33da18aba7a13b2279f5dd5cef5ff027a0cfe39e49b9b009d

data/.byebug_history

@@ -0,0 +1,16 @@
+exit
+passive_dns[0].address
+passive_dns[0]
+passive_dns
+exit
+passive_dns
+exit
+d.passive_dns[1]['address']
+d.passive_dns[1]
+d.passive_dns[0]['hostname']
+d.passive_dns[0]
+d.passive_dns
+d.first
+d
+exit
+d.class

data/lib/otx_ruby.rb

@@ -44,6 +44,7 @@ require "otx_ruby/types/ip/url"
 require "otx_ruby/types/ip/dns"
 require "otx_ruby/types/ip/http_scan"
 require "otx_ruby/types/ip/whois"
+require "otx_ruby/types/ip/nids_list"
 
 #
 # Base AlienVault OTX Module

data/lib/otx_ruby/base.rb

@@ -73,7 +73,6 @@ module OTX
   end
 end
 
-
 module OTX
   #
   # Base Data Types for Returned Data from API

data/lib/otx_ruby/domain.rb

@@ -86,5 +86,25 @@ module OTX
 
       return whois
     end
+
+    #
+    # Tallies total NIDS rules linked to a domain
+    #
+    # @param domain [String] Domain to check for NIDS rules
+    # @param pda [Array] Passive DNS objects to check for linked NIDS rules
+    # @return [Integer] Total number of NIDS rules
+    #
+    def count_nids_list(domain, pda)
+      grant_access = self.instance_variable_get('@key')
+      ip_object = OTX::IP.new(grant_access)
+
+      total = 0
+      pda.each do |pdr|
+        nids_list = ip_object.get_nids_list(pdr.address)
+        total += nids_list.count
+      end
+
+      return total
+    end
   end
 end

data/lib/otx_ruby/hostname.rb

@@ -91,5 +91,25 @@ module OTX
 
       return results
     end
+
+    #
+    # Tallies total NIDS rules linked to a hostname
+    #
+    # @param hostname [String] Hostname to check for NIDS rules
+    # @param pda [Array] Passive DNS objects to check for linked NIDS rules
+    # @return [Integer] Total number of NIDS rules
+    #
+    def count_nids_list(hostname, pda)
+      grant_access = self.instance_variable_get('@key')
+      ip_object = OTX::IP.new(grant_access)
+
+      total = 0
+      pda.each do |pdr|
+        nids_list = ip_object.get_nids_list(pdr.address)
+        total += nids_list.count
+      end
+
+      return total
+    end
   end
 end

data/lib/otx_ruby/ip.rb

@@ -101,5 +101,22 @@ module OTX
 
       return results
     end
+
+    #
+    # NIDS rules associated with an IP
+    #
+    # @param ip [String] IP Address for lookup
+    # @param type [String] Format of IP Address e.g 'IPv4', 'IPv6'
+    # @return [Object] Object created from NIDS list json data
+    #
+    def get_nids_list(ip, type = :ipv4)
+      uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/nids_list"
+
+      json_data = get(uri)
+
+      nids_list = OTX::Indicator::IP::NidsList.new(json_data)
+
+      return nids_list
+    end
   end
 end

data/lib/otx_ruby/types/ip/dns.rb

@@ -2,6 +2,14 @@ module OTX
   module Indicator
     module IP
       class DNS < OTX::Type::Base
+        def get_ips
+          ips = []
+          @passive_dns.each do |r|
+            ips << r['address']
+          end
+
+          return ips
+        end
       end
     end
   end

data/lib/otx_ruby/types/ip/nids_list.rb

@@ -0,0 +1,9 @@
+module OTX
+  module Indicator
+    module IP
+      class NidsList < OTX::Type::Base
+        attr_accessor :count, :limit, :results
+      end
+    end
+  end
+end

data/lib/otx_ruby/version.rb

@@ -1,4 +1,4 @@
 module OTX
   # Library Version Number
-  VERSION = "0.9.0"
+  VERSION = "0.9.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: otx_ruby
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.9.5
 platform: ruby
 authors:
 - Stephen Kapp
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-21 00:00:00.000000000 Z
+date: 2018-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -115,6 +115,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".byebug_history"
 - ".gitignore"
 - Gemfile
 - LICENSE.md
@@ -154,6 +155,7 @@ files:
 - lib/otx_ruby/types/ip/geo.rb
 - lib/otx_ruby/types/ip/http_scan.rb
 - lib/otx_ruby/types/ip/malware.rb
+- lib/otx_ruby/types/ip/nids_list.rb
 - lib/otx_ruby/types/ip/reputation.rb
 - lib/otx_ruby/types/ip/url.rb
 - lib/otx_ruby/types/ip/whois.rb
@@ -186,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: AlienVault OTX Ruby Gem