threatstack 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (25) hide show
  1. checksums.yaml +4 -4
  2. data/lib/threatstack/client.rb +28 -29
  3. data/lib/threatstack/entities/agent.rb +7 -0
  4. data/lib/threatstack/entities/alert.rb +20 -0
  5. data/lib/threatstack/entities/event.rb +13 -0
  6. data/lib/threatstack/{log → entities}/log.rb +2 -4
  7. data/lib/threatstack/entities/organization.rb +7 -0
  8. data/lib/threatstack/entities/policy.rb +12 -0
  9. data/lib/threatstack/entities/rule.rb +12 -0
  10. data/lib/threatstack/entities/user_identity.rb +32 -0
  11. data/lib/threatstack/response.rb +41 -0
  12. data/lib/threatstack/version.rb +1 -1
  13. metadata +12 -16
  14. data/lib/threatstack/agent/agent.rb +0 -9
  15. data/lib/threatstack/agent/response.rb +0 -16
  16. data/lib/threatstack/alert/alert.rb +0 -22
  17. data/lib/threatstack/alert/event.rb +0 -15
  18. data/lib/threatstack/alert/response.rb +0 -15
  19. data/lib/threatstack/alert/rule.rb +0 -13
  20. data/lib/threatstack/alert/user_identity.rb +0 -34
  21. data/lib/threatstack/log/response.rb +0 -14
  22. data/lib/threatstack/organization/organization.rb +0 -10
  23. data/lib/threatstack/organization/response.rb +0 -15
  24. data/lib/threatstack/policy/policy.rb +0 -15
  25. data/lib/threatstack/policy/response.rb +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: aed12a775d43b98bc2776069f65c0819ada51bbf
4
- data.tar.gz: dcf402416927ce1904bfc7d30ebd85c175063751
3
+ metadata.gz: 187538b81d44fb05e61ceed262abe656e82a2a4d
4
+ data.tar.gz: 4bf4c21c0ea8af3cc10f96044427763f5800b3c3
5
5
  SHA512:
6
- metadata.gz: 2a9cd8bdd9f8855b92d55740196fbeca5437f50641ef4654bbbc4320ba7884d0a470d75fd67b37c52bc0db0764249e5d81dd0eb7adbbc1bc08db684bb571d42c
7
- data.tar.gz: 525cd3784586441ab50946c21863c366bb0a9d2fc39eb5b849df4462536ed1960b700ae15ff2ad14a8941f880bced24d3ca4de86bda3e5abab015cb74721a13d
6
+ metadata.gz: 628ec3682dac755b55796c97fca8611786ea5a90fdf1412bf18f7081a1f30b47ae4e37ae836ce017ee5e23834086b5d1e3a5a446409d2e1a26d1341f8fa64c4e
7
+ data.tar.gz: 5746ae5b1648fd66e077b81a15f9341d8a5c18e38560fe455e900e820012f14d4b4bcf39a46316c2acd9f9612b8535c80aa5f77b489d06e84b1ea877d01fe447
data/lib/threatstack/client.rb CHANGED
@@ -1,67 +1,66 @@
1
1
  require 'open-uri'
2
2
  require 'httparty'
3
- require 'threatstack/alert/response'
4
- require 'threatstack/alert/alert'
5
- require 'threatstack/agent/response'
6
- require 'threatstack/agent/agent'
7
- require 'threatstack/policy/response'
8
- require 'threatstack/policy/policy'
9
- require 'threatstack/organization/response'
10
- require 'threatstack/log/response'
3
+ require 'threatstack/response'
4
+ require 'threatstack/entities/agent'
5
+ require 'threatstack/entities/alert'
6
+ require 'threatstack/entities/log'
7
+ require 'threatstack/entities/organization'
8
+ require 'threatstack/entities/policy'
11
9
 
12
10
  module Threatstack
13
11
  class ThreatstackError < StandardError; end
14
12
 
15
13
  class Client
16
- THREATSTACK_API = 'https://app.threatstack.com/api/v1'
14
+ THREATSTACK_API = 'https://app.threatstack.com/api'.freeze
17
15
 
18
- attr_reader :token, :org_id
16
+ attr_reader :token, :org_id, :api_version
19
17
 
20
- def initialize(token)
18
+ def initialize(token, api_version = 'v1')
19
+ @api_version = api_version
21
20
  @token = token
22
21
  end
23
22
 
24
- def alerts(params = {})
25
- response = do_request(:get, 'alerts', params)
26
- Alert::Response.new(response).alerts
27
- end
28
-
29
- def alert(alert_id, params = {})
30
- raise ThreatstackError, "Must specify alert id" unless alert_id
31
- response = do_request(:get, "alerts/#{alert_id}", params)
32
- Alert::Alert.new(response)
33
- end
34
-
35
23
  def agents(params = {})
36
24
  response = do_request(:get, 'agents', params)
37
- Agent::Response.new(response).agents
25
+ Response.new(:agent, response).agents
38
26
  end
39
27
 
40
28
  def agent(agent_id, params = {})
41
29
  raise ThreatstackError, "Must specify agent id" unless agent_id
42
30
  response = do_request(:get, "agents/#{agent_id}", params)
43
- Agent::Agent.new(response)
31
+ Agent.new(response)
32
+ end
33
+
34
+ def alerts(params = {})
35
+ response = do_request(:get, 'alerts', params)
36
+ Response.new(:alert, response).alerts
37
+ end
38
+
39
+ def alert(alert_id, params = {})
40
+ raise ThreatstackError, "Must specify alert id" unless alert_id
41
+ response = do_request(:get, "alerts/#{alert_id}", params)
42
+ Alert.new(response)
44
43
  end
45
44
 
46
45
  def policies(params = {})
47
46
  response = do_request(:get, 'policies', params)
48
- Policy::Response.new(response).policies
47
+ Response.new(:policy, response).policies
49
48
  end
50
49
 
51
50
  def policy(policy_id, params = {})
52
51
  raise ThreatstackError, "Must specify policy id" unless policy_id
53
52
  response = do_request(:get, "policies/#{policy_id}", params)
54
- Policy::Policy.new(response)
53
+ Policy.new(response)
55
54
  end
56
55
 
57
56
  def organizations(params = {})
58
57
  response = do_request(:get, 'organizations', params)
59
- Organization::Response.new(response).organizations
58
+ Response.new(:organization, response).organizations
60
59
  end
61
60
 
62
61
  def logs(params = {})
63
62
  response = do_request(:get, 'logs', params)
64
- Log::Response.new(response).logs
63
+ Response.new(:log, response).logs
65
64
  end
66
65
 
67
66
  def search(query, params = {})
@@ -84,7 +83,7 @@ module Threatstack
84
83
  params[:fields] = params[:fields].join(',') if params[:fields]&.is_a?(Array)
85
84
 
86
85
  query = params.each_pair.map { |k, v| "#{k}=#{v}" }.join('&')
87
- uri = "#{THREATSTACK_API}/#{path}"
86
+ uri = "#{THREATSTACK_API}/#{api_version}/#{path}"
88
87
  uri += "?#{URI::encode(query)}" if params.any?
89
88
  uri
90
89
  end
data/lib/threatstack/entities/agent.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'threatstack/serializable'
2
+
3
+ module Threatstack
4
+ class Agent
5
+ include Serializable
6
+ end
7
+ end
data/lib/threatstack/entities/alert.rb ADDED
@@ -0,0 +1,20 @@
1
+ require 'threatstack/entities/event'
2
+ require 'threatstack/entities/rule'
3
+ require 'threatstack/serializable'
4
+
5
+ module Threatstack
6
+ class Alert
7
+ include Serializable
8
+ attributes :latest_events, :rule
9
+
10
+ def latest_events
11
+ raw['latest_events'].map do |event|
12
+ Event.new(event)
13
+ end
14
+ end
15
+
16
+ def rule
17
+ Rule.new(raw['rule'])
18
+ end
19
+ end
20
+ end
data/lib/threatstack/entities/event.rb ADDED
@@ -0,0 +1,13 @@
1
+ require 'threatstack/entities/user_identity'
2
+ require 'threatstack/serializable'
3
+
4
+ module Threatstack
5
+ class Event
6
+ include Serializable
7
+ attributes :user_identity
8
+
9
+ def user_identity
10
+ UserIdentity.new(raw['userIdentity'])
11
+ end
12
+ end
13
+ end
data/lib/threatstack/{log → entities}/log.rb RENAMED
@@ -1,9 +1,7 @@
1
1
  require 'threatstack/serializable'
2
2
 
3
3
  module Threatstack
4
- module Log
5
- class Log
6
- include Serializable
7
- end
4
+ class Log
5
+ include Serializable
8
6
  end
9
7
  end
data/lib/threatstack/entities/organization.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'threatstack/serializable'
2
+
3
+ module Threatstack
4
+ class Organization
5
+ include Serializable
6
+ end
7
+ end
data/lib/threatstack/entities/policy.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'threatstack/entities/rule'
2
+
3
+ module Threatstack
4
+ class Policy
5
+ include Serializable
6
+ attributes :rules
7
+
8
+ def rules
9
+ raw['alert_policy'].map{ |r| Rule.new(r) }
10
+ end
11
+ end
12
+ end
data/lib/threatstack/entities/rule.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'threatstack/serializable'
2
+
3
+ module Threatstack
4
+ class Rule
5
+ include Serializable
6
+ attributes :original_rule
7
+
8
+ def original_rule
9
+ Rule.new(raw['original_rule'])
10
+ end
11
+ end
12
+ end
data/lib/threatstack/entities/user_identity.rb ADDED
@@ -0,0 +1,32 @@
1
+ require 'threatstack/serializable'
2
+
3
+ module Threatstack
4
+ class UserIdentity
5
+ include Serializable
6
+ attributes :user_name, :session_context, :invoked_by, :account_id, :access_key_id, :principal_id
7
+
8
+ def user_name
9
+ raw['userName']
10
+ end
11
+
12
+ def session_context
13
+ raw['sessionContext']
14
+ end
15
+
16
+ def invoked_by
17
+ raw['invokedBy']
18
+ end
19
+
20
+ def account_id
21
+ raw['accountId']
22
+ end
23
+
24
+ def access_key_id
25
+ raw['accessKeyId']
26
+ end
27
+
28
+ def principal_id
29
+ raw['principalId']
30
+ end
31
+ end
32
+ end
data/lib/threatstack/response.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'threatstack/entities/agent'
2
+ require 'threatstack/entities/alert'
3
+ require 'threatstack/entities/log'
4
+ require 'threatstack/entities/organization'
5
+ require 'threatstack/entities/policy'
6
+
7
+ module Threatstack
8
+ class InvalidEntity < StandardError; end
9
+ class Response
10
+ attr_reader :entity, :raw
11
+ def initialize(entity, raw)
12
+ @raw = raw
13
+ @entity = entity
14
+ end
15
+
16
+ def agents
17
+ raise InvalidEntity unless entity == :agent
18
+ raw.map{ |a| Agent.new(a) }
19
+ end
20
+
21
+ def alerts
22
+ raise InvalidEntity unless entity == :alert
23
+ raw.map{ |a| Alert.new(a) }
24
+ end
25
+
26
+ def logs
27
+ raise InvalidEntity unless entity == :log
28
+ raw.map{ |a| Log.new(a) }
29
+ end
30
+
31
+ def organizations
32
+ raise InvalidEntity unless entity == :organization
33
+ raw.map{ |a| Organization.new(a) }
34
+ end
35
+
36
+ def policies
37
+ raise InvalidEntity unless entity == :policy
38
+ raw.map{ |a| Policy.new(a) }
39
+ end
40
+ end
41
+ end
data/lib/threatstack/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Threatstack
2
- VERSION = "0.1.1"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: threatstack
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Canty
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-06-08 00:00:00.000000000 Z
11
+ date: 2017-09-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -96,20 +96,16 @@ files:
96
96
  - bin/console
97
97
  - bin/setup
98
98
  - lib/threatstack.rb
99
- - lib/threatstack/agent/agent.rb
100
- - lib/threatstack/agent/response.rb
101
- - lib/threatstack/alert/alert.rb
102
- - lib/threatstack/alert/event.rb
103
- - lib/threatstack/alert/response.rb
104
- - lib/threatstack/alert/rule.rb
105
- - lib/threatstack/alert/user_identity.rb
106
99
  - lib/threatstack/client.rb
107
- - lib/threatstack/log/log.rb
108
- - lib/threatstack/log/response.rb
109
- - lib/threatstack/organization/organization.rb
110
- - lib/threatstack/organization/response.rb
111
- - lib/threatstack/policy/policy.rb
112
- - lib/threatstack/policy/response.rb
100
+ - lib/threatstack/entities/agent.rb
101
+ - lib/threatstack/entities/alert.rb
102
+ - lib/threatstack/entities/event.rb
103
+ - lib/threatstack/entities/log.rb
104
+ - lib/threatstack/entities/organization.rb
105
+ - lib/threatstack/entities/policy.rb
106
+ - lib/threatstack/entities/rule.rb
107
+ - lib/threatstack/entities/user_identity.rb
108
+ - lib/threatstack/response.rb
113
109
  - lib/threatstack/serializable.rb
114
110
  - lib/threatstack/version.rb
115
111
  - threatstack-0.1.0.gem
@@ -134,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
134
130
  version: '0'
135
131
  requirements: []
136
132
  rubyforge_project:
137
- rubygems_version: 2.6.10
133
+ rubygems_version: 2.6.11
138
134
  signing_key:
139
135
  specification_version: 4
140
136
  summary: Threatstack API integration for Ruby
data/lib/threatstack/agent/agent.rb DELETED
@@ -1,9 +0,0 @@
1
- require 'threatstack/agent/agent'
2
-
3
- module Threatstack
4
- module Agent
5
- class Agent
6
- include Serializable
7
- end
8
- end
9
- end
data/lib/threatstack/agent/response.rb DELETED
@@ -1,16 +0,0 @@
1
- require 'threatstack/agent/agent'
2
-
3
- module Threatstack
4
- module Agent
5
- class Response
6
- attr_reader :raw
7
- def initialize(raw)
8
- @raw = raw
9
- end
10
-
11
- def agents
12
- raw.map{ |a| Agent.new(a) }
13
- end
14
- end
15
- end
16
- end
data/lib/threatstack/alert/alert.rb DELETED
@@ -1,22 +0,0 @@
1
- require 'threatstack/alert/event'
2
- require 'threatstack/alert/rule'
3
- require 'threatstack/serializable'
4
-
5
- module Threatstack
6
- module Alert
7
- class Alert
8
- include Serializable
9
- attributes :latest_events, :rule
10
-
11
- def latest_events
12
- raw['latest_events'].map do |event|
13
- Event.new(event)
14
- end
15
- end
16
-
17
- def rule
18
- Rule.new(raw['rule'])
19
- end
20
- end
21
- end
22
- end
data/lib/threatstack/alert/event.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'threatstack/alert/user_identity'
2
- require 'threatstack/serializable'
3
-
4
- module Threatstack
5
- module Alert
6
- class Event
7
- include Serializable
8
- attributes :user_identity
9
-
10
- def user_identity
11
- UserIdentity.new(raw['userIdentity'])
12
- end
13
- end
14
- end
15
- end
data/lib/threatstack/alert/response.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'threatstack/alert/alert'
2
- require 'threatstack/serializable'
3
-
4
- module Threatstack
5
- module Alert
6
- class Response
7
- include Serializable
8
- attributes :alerts
9
-
10
- def alerts
11
- raw.map{ |a| Alert.new(a) }
12
- end
13
- end
14
- end
15
- end
data/lib/threatstack/alert/rule.rb DELETED
@@ -1,13 +0,0 @@
1
- require 'threatstack/serializable'
2
- module Threatstack
3
- module Alert
4
- class Rule
5
- include Serializable
6
- attributes :original_rule
7
-
8
- def original_rule
9
- Rule.new(raw['original_rule'])
10
- end
11
- end
12
- end
13
- end
data/lib/threatstack/alert/user_identity.rb DELETED
@@ -1,34 +0,0 @@
1
- require 'threatstack/serializable'
2
-
3
- module Threatstack
4
- module Alert
5
- class UserIdentity
6
- include Serializable
7
- attributes :user_name, :session_context, :invoked_by, :account_id, :access_key_id, :principal_id
8
-
9
- def user_name
10
- raw['userName']
11
- end
12
-
13
- def session_context
14
- raw['sessionContext']
15
- end
16
-
17
- def invoked_by
18
- raw['invokedBy']
19
- end
20
-
21
- def account_id
22
- raw['accountId']
23
- end
24
-
25
- def access_key_id
26
- raw['accessKeyId']
27
- end
28
-
29
- def principal_id
30
- raw['principalId']
31
- end
32
- end
33
- end
34
- end
data/lib/threatstack/log/response.rb DELETED
@@ -1,14 +0,0 @@
1
- require 'threatstack/log/log'
2
-
3
- module Threatstack
4
- module Log
5
- class Response
6
- include Serializable
7
- attributes :logs
8
-
9
- def logs
10
- raw.map{ |a| Log.new(a) }
11
- end
12
- end
13
- end
14
- end
data/lib/threatstack/organization/organization.rb DELETED
@@ -1,10 +0,0 @@
1
- require 'threatstack/organization/organization'
2
- require 'threatstack/serializable'
3
-
4
- module Threatstack
5
- module Organization
6
- class Organization
7
- include Serializable
8
- end
9
- end
10
- end
data/lib/threatstack/organization/response.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'threatstack/organization/organization'
2
- require 'threatstack/serializable'
3
-
4
- module Threatstack
5
- module Organization
6
- class Response
7
- include Serializable
8
- attributes :organizations
9
-
10
- def organizations
11
- raw.map{ |a| Organization.new(a) }
12
- end
13
- end
14
- end
15
- end
data/lib/threatstack/policy/policy.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'threatstack/policy/policy'
2
- require 'threatstack/alert/rule'
3
-
4
- module Threatstack
5
- module Policy
6
- class Policy
7
- include Serializable
8
- attributes :rules
9
-
10
- def rules
11
- raw['alert_policy'].map{ |r| Threatstack::Alert::Rule.new(r) }
12
- end
13
- end
14
- end
15
- end
data/lib/threatstack/policy/response.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'threatstack/policy/policy'
2
- require 'threatstack/serializable'
3
-
4
- module Threatstack
5
- module Policy
6
- class Response
7
- include Serializable
8
- attributes :policies
9
-
10
- def policies
11
- raw.map{ |a| Policy.new(a) }
12
- end
13
- end
14
- end
15
- end