otx_ruby 0.6.2 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/otx_ruby/base.rb +1 -0
- data/lib/otx_ruby/reputation.rb +23 -0
- data/lib/otx_ruby/types/activity.rb +19 -0
- data/lib/otx_ruby/types/data.rb +7 -0
- data/lib/otx_ruby/types/event.rb +1 -1
- data/lib/otx_ruby/types/indicators.rb +2 -3
- data/lib/otx_ruby/types/ip_reputation.rb +31 -0
- data/lib/otx_ruby/types/pulse.rb +2 -2
- data/lib/otx_ruby/version.rb +1 -1
- data/lib/otx_ruby.rb +11 -6
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 59f7c70b2d3ead15a343ec6309d290e02810c7f9
|
|
4
|
+
data.tar.gz: 7f0473fda29c689cabf291493acbf838e476a5d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e639869d6db18a78e9d3215ec64586f2d9544592d56ff9bc69ad1a299a4339b67fe5591c0c3f7116a7c484f910fadb634401678ed4973a79f59e6269e1937f1
|
|
7
|
+
data.tar.gz: a1968a159ec1d5d0f214dcb49462c9a4313d79b256f4787d92f1c9507b78cda2608d07fc0b7e5747e2aeb9b64163fdd6ba1cb53b47d1813ae3d1b99df94ca058
|
data/lib/otx_ruby/base.rb
CHANGED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module OTX
|
|
2
|
+
#
|
|
3
|
+
# Retrieve and parse into the appropriate object the reputation for an IP Address from the OTX System
|
|
4
|
+
#
|
|
5
|
+
class Reputation < OTX::Base
|
|
6
|
+
#
|
|
7
|
+
# Download an individually identified IP Address Reputation and parse the output
|
|
8
|
+
#
|
|
9
|
+
# @param ip [String] The ip address to check the reputation
|
|
10
|
+
# @param type [Symbol] Type of address, IPv6 or IPv4
|
|
11
|
+
# @return [OTX::Pulse] Parsed Pulse
|
|
12
|
+
#
|
|
13
|
+
def get_reputation(ip, type=:ipv4)
|
|
14
|
+
uri = "api/v1/indicators/#{type == :ipv6 ? "IPv6" : "IPv4"}/#{ip}/reputation"
|
|
15
|
+
|
|
16
|
+
json_data = get(uri)
|
|
17
|
+
|
|
18
|
+
reputation = OTX::Indicator::IP::Reputation.new(json_data["reputation"])
|
|
19
|
+
|
|
20
|
+
return reputation
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module OTX
|
|
2
|
+
module Indicator
|
|
3
|
+
class Activity < OTX::Type::Base
|
|
4
|
+
attr_accessor :domain, :name, :visible, :url, :data,
|
|
5
|
+
:source, :vt, :file, :data_key, :md5, :status, :first_date, :data_key,
|
|
6
|
+
:last_date
|
|
7
|
+
|
|
8
|
+
def initialize(attributes={})
|
|
9
|
+
attributes.each do |key, value|
|
|
10
|
+
if key != 'data'
|
|
11
|
+
send("#{key.downcase}=", value)
|
|
12
|
+
else
|
|
13
|
+
@data = OTX::Indicator::Data.new(value)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
data/lib/otx_ruby/types/event.rb
CHANGED
|
@@ -12,7 +12,6 @@ module OTX
|
|
|
12
12
|
# @attr [String] is_active value 0 or 1 if active
|
|
13
13
|
# @attr [String] role
|
|
14
14
|
# @attr [String] observations
|
|
15
|
-
# @attr [String] created Date record was created
|
|
16
15
|
# @attr [String] expiration
|
|
17
16
|
# @attr [Array] access_groups
|
|
18
17
|
# @attr [String] access_reason
|
|
@@ -37,7 +36,7 @@ module OTX
|
|
|
37
36
|
# CVE - Common Vulnerability and Exposure (CVE) entry describing a software vulnerability that can be exploited to engage in malicious activity.
|
|
38
37
|
#
|
|
39
38
|
class Indicators < OTX::Type::Base
|
|
40
|
-
attr_accessor :
|
|
41
|
-
:expiration, :observations, :role
|
|
39
|
+
attr_accessor :_id, :indicator, :type, :description, :title, :content, :is_active, :access_reason, :access_type, :access_groups,
|
|
40
|
+
:expiration, :observations, :role
|
|
42
41
|
end
|
|
43
42
|
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
module OTX
|
|
2
|
+
module Indicator
|
|
3
|
+
module IP
|
|
4
|
+
class Reputation < OTX::Type::Base
|
|
5
|
+
#
|
|
6
|
+
# Needs details for attributes
|
|
7
|
+
#
|
|
8
|
+
attr_accessor :as, :threat_score, :first_seen, :city, :allow_ping, :reputation_rel_checked, :counts,
|
|
9
|
+
:lon, :status, :last_seen, :state, :activities, :server_type, :matched_bl, :address, :lat, :date_added,
|
|
10
|
+
:country, :up, :reputation_rel, :matched_wl, :domains, :reputation_val_checked, :reputation_val, :id
|
|
11
|
+
|
|
12
|
+
def _id=(id)
|
|
13
|
+
@id = id['$id']
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def initialize(attributes={})
|
|
17
|
+
attributes.each do |key, value|
|
|
18
|
+
if key != 'activities'
|
|
19
|
+
send("#{key.downcase}=", value)
|
|
20
|
+
else
|
|
21
|
+
@activities = []
|
|
22
|
+
value.each do |activity|
|
|
23
|
+
@activities << OTX::Indicator::Activity.new(activity)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
data/lib/otx_ruby/types/pulse.rb
CHANGED
|
@@ -22,10 +22,10 @@ module OTX
|
|
|
22
22
|
# @attr [Array<String>] industries
|
|
23
23
|
#
|
|
24
24
|
class Pulse < OTX::Type::Base
|
|
25
|
-
attr_accessor :
|
|
25
|
+
attr_accessor :name, :description, :author_name,
|
|
26
26
|
:tags, :references, :revision, :indicators, :tlp, :public, :in_group,
|
|
27
27
|
:group_id, :group_name, :groups, :adversary, :targeted_countries,
|
|
28
|
-
:industries
|
|
28
|
+
:industries
|
|
29
29
|
|
|
30
30
|
def initialize(attributes={})
|
|
31
31
|
attributes.each do |key, value|
|
data/lib/otx_ruby/version.rb
CHANGED
data/lib/otx_ruby.rb
CHANGED
|
@@ -2,12 +2,17 @@ require 'faraday'
|
|
|
2
2
|
require 'oj'
|
|
3
3
|
|
|
4
4
|
require "otx_ruby/version"
|
|
5
|
-
require "otx_ruby/base
|
|
6
|
-
require "otx_ruby/subscribed
|
|
7
|
-
require "otx_ruby/events
|
|
8
|
-
require "otx_ruby/pulses
|
|
9
|
-
require "otx_ruby/
|
|
10
|
-
require "otx_ruby/types/
|
|
5
|
+
require "otx_ruby/base"
|
|
6
|
+
require "otx_ruby/subscribed"
|
|
7
|
+
require "otx_ruby/events"
|
|
8
|
+
require "otx_ruby/pulses"
|
|
9
|
+
require "otx_ruby/reputation"
|
|
10
|
+
require "otx_ruby/types/pulse"
|
|
11
|
+
require "otx_ruby/types/event"
|
|
12
|
+
require "otx_ruby/types/indicators"
|
|
13
|
+
require "otx_ruby/types/ip_reputation"
|
|
14
|
+
require "otx_ruby/types/activity"
|
|
15
|
+
require "otx_ruby/types/data"
|
|
11
16
|
|
|
12
17
|
#
|
|
13
18
|
# Base AlienVault OTX Module
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: otx_ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen Kapp
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-01
|
|
11
|
+
date: 2017-02-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -127,9 +127,13 @@ files:
|
|
|
127
127
|
- lib/otx_ruby/base.rb
|
|
128
128
|
- lib/otx_ruby/events.rb
|
|
129
129
|
- lib/otx_ruby/pulses.rb
|
|
130
|
+
- lib/otx_ruby/reputation.rb
|
|
130
131
|
- lib/otx_ruby/subscribed.rb
|
|
132
|
+
- lib/otx_ruby/types/activity.rb
|
|
133
|
+
- lib/otx_ruby/types/data.rb
|
|
131
134
|
- lib/otx_ruby/types/event.rb
|
|
132
135
|
- lib/otx_ruby/types/indicators.rb
|
|
136
|
+
- lib/otx_ruby/types/ip_reputation.rb
|
|
133
137
|
- lib/otx_ruby/types/pulse.rb
|
|
134
138
|
- lib/otx_ruby/version.rb
|
|
135
139
|
- otx_ruby.gemspec
|