threatstack 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/threatstack/client.rb +28 -29
- data/lib/threatstack/entities/agent.rb +7 -0
- data/lib/threatstack/entities/alert.rb +20 -0
- data/lib/threatstack/entities/event.rb +13 -0
- data/lib/threatstack/{log → entities}/log.rb +2 -4
- data/lib/threatstack/entities/organization.rb +7 -0
- data/lib/threatstack/entities/policy.rb +12 -0
- data/lib/threatstack/entities/rule.rb +12 -0
- data/lib/threatstack/entities/user_identity.rb +32 -0
- data/lib/threatstack/response.rb +41 -0
- data/lib/threatstack/version.rb +1 -1
- metadata +12 -16
- data/lib/threatstack/agent/agent.rb +0 -9
- data/lib/threatstack/agent/response.rb +0 -16
- data/lib/threatstack/alert/alert.rb +0 -22
- data/lib/threatstack/alert/event.rb +0 -15
- data/lib/threatstack/alert/response.rb +0 -15
- data/lib/threatstack/alert/rule.rb +0 -13
- data/lib/threatstack/alert/user_identity.rb +0 -34
- data/lib/threatstack/log/response.rb +0 -14
- data/lib/threatstack/organization/organization.rb +0 -10
- data/lib/threatstack/organization/response.rb +0 -15
- data/lib/threatstack/policy/policy.rb +0 -15
- data/lib/threatstack/policy/response.rb +0 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 187538b81d44fb05e61ceed262abe656e82a2a4d
|
|
4
|
+
data.tar.gz: 4bf4c21c0ea8af3cc10f96044427763f5800b3c3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 628ec3682dac755b55796c97fca8611786ea5a90fdf1412bf18f7081a1f30b47ae4e37ae836ce017ee5e23834086b5d1e3a5a446409d2e1a26d1341f8fa64c4e
|
|
7
|
+
data.tar.gz: 5746ae5b1648fd66e077b81a15f9341d8a5c18e38560fe455e900e820012f14d4b4bcf39a46316c2acd9f9612b8535c80aa5f77b489d06e84b1ea877d01fe447
|
data/lib/threatstack/client.rb
CHANGED
|
@@ -1,67 +1,66 @@
|
|
|
1
1
|
require 'open-uri'
|
|
2
2
|
require 'httparty'
|
|
3
|
-
require 'threatstack/
|
|
4
|
-
require 'threatstack/
|
|
5
|
-
require 'threatstack/
|
|
6
|
-
require 'threatstack/
|
|
7
|
-
require 'threatstack/
|
|
8
|
-
require 'threatstack/
|
|
9
|
-
require 'threatstack/organization/response'
|
|
10
|
-
require 'threatstack/log/response'
|
|
3
|
+
require 'threatstack/response'
|
|
4
|
+
require 'threatstack/entities/agent'
|
|
5
|
+
require 'threatstack/entities/alert'
|
|
6
|
+
require 'threatstack/entities/log'
|
|
7
|
+
require 'threatstack/entities/organization'
|
|
8
|
+
require 'threatstack/entities/policy'
|
|
11
9
|
|
|
12
10
|
module Threatstack
|
|
13
11
|
class ThreatstackError < StandardError; end
|
|
14
12
|
|
|
15
13
|
class Client
|
|
16
|
-
THREATSTACK_API = 'https://app.threatstack.com/api
|
|
14
|
+
THREATSTACK_API = 'https://app.threatstack.com/api'.freeze
|
|
17
15
|
|
|
18
|
-
attr_reader :token, :org_id
|
|
16
|
+
attr_reader :token, :org_id, :api_version
|
|
19
17
|
|
|
20
|
-
def initialize(token)
|
|
18
|
+
def initialize(token, api_version = 'v1')
|
|
19
|
+
@api_version = api_version
|
|
21
20
|
@token = token
|
|
22
21
|
end
|
|
23
22
|
|
|
24
|
-
def alerts(params = {})
|
|
25
|
-
response = do_request(:get, 'alerts', params)
|
|
26
|
-
Alert::Response.new(response).alerts
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def alert(alert_id, params = {})
|
|
30
|
-
raise ThreatstackError, "Must specify alert id" unless alert_id
|
|
31
|
-
response = do_request(:get, "alerts/#{alert_id}", params)
|
|
32
|
-
Alert::Alert.new(response)
|
|
33
|
-
end
|
|
34
|
-
|
|
35
23
|
def agents(params = {})
|
|
36
24
|
response = do_request(:get, 'agents', params)
|
|
37
|
-
|
|
25
|
+
Response.new(:agent, response).agents
|
|
38
26
|
end
|
|
39
27
|
|
|
40
28
|
def agent(agent_id, params = {})
|
|
41
29
|
raise ThreatstackError, "Must specify agent id" unless agent_id
|
|
42
30
|
response = do_request(:get, "agents/#{agent_id}", params)
|
|
43
|
-
Agent
|
|
31
|
+
Agent.new(response)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def alerts(params = {})
|
|
35
|
+
response = do_request(:get, 'alerts', params)
|
|
36
|
+
Response.new(:alert, response).alerts
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def alert(alert_id, params = {})
|
|
40
|
+
raise ThreatstackError, "Must specify alert id" unless alert_id
|
|
41
|
+
response = do_request(:get, "alerts/#{alert_id}", params)
|
|
42
|
+
Alert.new(response)
|
|
44
43
|
end
|
|
45
44
|
|
|
46
45
|
def policies(params = {})
|
|
47
46
|
response = do_request(:get, 'policies', params)
|
|
48
|
-
|
|
47
|
+
Response.new(:policy, response).policies
|
|
49
48
|
end
|
|
50
49
|
|
|
51
50
|
def policy(policy_id, params = {})
|
|
52
51
|
raise ThreatstackError, "Must specify policy id" unless policy_id
|
|
53
52
|
response = do_request(:get, "policies/#{policy_id}", params)
|
|
54
|
-
Policy
|
|
53
|
+
Policy.new(response)
|
|
55
54
|
end
|
|
56
55
|
|
|
57
56
|
def organizations(params = {})
|
|
58
57
|
response = do_request(:get, 'organizations', params)
|
|
59
|
-
|
|
58
|
+
Response.new(:organization, response).organizations
|
|
60
59
|
end
|
|
61
60
|
|
|
62
61
|
def logs(params = {})
|
|
63
62
|
response = do_request(:get, 'logs', params)
|
|
64
|
-
|
|
63
|
+
Response.new(:log, response).logs
|
|
65
64
|
end
|
|
66
65
|
|
|
67
66
|
def search(query, params = {})
|
|
@@ -84,7 +83,7 @@ module Threatstack
|
|
|
84
83
|
params[:fields] = params[:fields].join(',') if params[:fields]&.is_a?(Array)
|
|
85
84
|
|
|
86
85
|
query = params.each_pair.map { |k, v| "#{k}=#{v}" }.join('&')
|
|
87
|
-
uri = "#{THREATSTACK_API}/#{path}"
|
|
86
|
+
uri = "#{THREATSTACK_API}/#{api_version}/#{path}"
|
|
88
87
|
uri += "?#{URI::encode(query)}" if params.any?
|
|
89
88
|
uri
|
|
90
89
|
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'threatstack/entities/event'
|
|
2
|
+
require 'threatstack/entities/rule'
|
|
3
|
+
require 'threatstack/serializable'
|
|
4
|
+
|
|
5
|
+
module Threatstack
|
|
6
|
+
class Alert
|
|
7
|
+
include Serializable
|
|
8
|
+
attributes :latest_events, :rule
|
|
9
|
+
|
|
10
|
+
def latest_events
|
|
11
|
+
raw['latest_events'].map do |event|
|
|
12
|
+
Event.new(event)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule
|
|
17
|
+
Rule.new(raw['rule'])
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require 'threatstack/serializable'
|
|
2
|
+
|
|
3
|
+
module Threatstack
|
|
4
|
+
class UserIdentity
|
|
5
|
+
include Serializable
|
|
6
|
+
attributes :user_name, :session_context, :invoked_by, :account_id, :access_key_id, :principal_id
|
|
7
|
+
|
|
8
|
+
def user_name
|
|
9
|
+
raw['userName']
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def session_context
|
|
13
|
+
raw['sessionContext']
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def invoked_by
|
|
17
|
+
raw['invokedBy']
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def account_id
|
|
21
|
+
raw['accountId']
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def access_key_id
|
|
25
|
+
raw['accessKeyId']
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def principal_id
|
|
29
|
+
raw['principalId']
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'threatstack/entities/agent'
|
|
2
|
+
require 'threatstack/entities/alert'
|
|
3
|
+
require 'threatstack/entities/log'
|
|
4
|
+
require 'threatstack/entities/organization'
|
|
5
|
+
require 'threatstack/entities/policy'
|
|
6
|
+
|
|
7
|
+
module Threatstack
|
|
8
|
+
class InvalidEntity < StandardError; end
|
|
9
|
+
class Response
|
|
10
|
+
attr_reader :entity, :raw
|
|
11
|
+
def initialize(entity, raw)
|
|
12
|
+
@raw = raw
|
|
13
|
+
@entity = entity
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def agents
|
|
17
|
+
raise InvalidEntity unless entity == :agent
|
|
18
|
+
raw.map{ |a| Agent.new(a) }
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def alerts
|
|
22
|
+
raise InvalidEntity unless entity == :alert
|
|
23
|
+
raw.map{ |a| Alert.new(a) }
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def logs
|
|
27
|
+
raise InvalidEntity unless entity == :log
|
|
28
|
+
raw.map{ |a| Log.new(a) }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def organizations
|
|
32
|
+
raise InvalidEntity unless entity == :organization
|
|
33
|
+
raw.map{ |a| Organization.new(a) }
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def policies
|
|
37
|
+
raise InvalidEntity unless entity == :policy
|
|
38
|
+
raw.map{ |a| Policy.new(a) }
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
data/lib/threatstack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: threatstack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Canty
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -96,20 +96,16 @@ files:
|
|
|
96
96
|
- bin/console
|
|
97
97
|
- bin/setup
|
|
98
98
|
- lib/threatstack.rb
|
|
99
|
-
- lib/threatstack/agent/agent.rb
|
|
100
|
-
- lib/threatstack/agent/response.rb
|
|
101
|
-
- lib/threatstack/alert/alert.rb
|
|
102
|
-
- lib/threatstack/alert/event.rb
|
|
103
|
-
- lib/threatstack/alert/response.rb
|
|
104
|
-
- lib/threatstack/alert/rule.rb
|
|
105
|
-
- lib/threatstack/alert/user_identity.rb
|
|
106
99
|
- lib/threatstack/client.rb
|
|
107
|
-
- lib/threatstack/
|
|
108
|
-
- lib/threatstack/
|
|
109
|
-
- lib/threatstack/
|
|
110
|
-
- lib/threatstack/
|
|
111
|
-
- lib/threatstack/
|
|
112
|
-
- lib/threatstack/policy
|
|
100
|
+
- lib/threatstack/entities/agent.rb
|
|
101
|
+
- lib/threatstack/entities/alert.rb
|
|
102
|
+
- lib/threatstack/entities/event.rb
|
|
103
|
+
- lib/threatstack/entities/log.rb
|
|
104
|
+
- lib/threatstack/entities/organization.rb
|
|
105
|
+
- lib/threatstack/entities/policy.rb
|
|
106
|
+
- lib/threatstack/entities/rule.rb
|
|
107
|
+
- lib/threatstack/entities/user_identity.rb
|
|
108
|
+
- lib/threatstack/response.rb
|
|
113
109
|
- lib/threatstack/serializable.rb
|
|
114
110
|
- lib/threatstack/version.rb
|
|
115
111
|
- threatstack-0.1.0.gem
|
|
@@ -134,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
134
130
|
version: '0'
|
|
135
131
|
requirements: []
|
|
136
132
|
rubyforge_project:
|
|
137
|
-
rubygems_version: 2.6.
|
|
133
|
+
rubygems_version: 2.6.11
|
|
138
134
|
signing_key:
|
|
139
135
|
specification_version: 4
|
|
140
136
|
summary: Threatstack API integration for Ruby
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
require 'threatstack/alert/event'
|
|
2
|
-
require 'threatstack/alert/rule'
|
|
3
|
-
require 'threatstack/serializable'
|
|
4
|
-
|
|
5
|
-
module Threatstack
|
|
6
|
-
module Alert
|
|
7
|
-
class Alert
|
|
8
|
-
include Serializable
|
|
9
|
-
attributes :latest_events, :rule
|
|
10
|
-
|
|
11
|
-
def latest_events
|
|
12
|
-
raw['latest_events'].map do |event|
|
|
13
|
-
Event.new(event)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def rule
|
|
18
|
-
Rule.new(raw['rule'])
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'threatstack/alert/user_identity'
|
|
2
|
-
require 'threatstack/serializable'
|
|
3
|
-
|
|
4
|
-
module Threatstack
|
|
5
|
-
module Alert
|
|
6
|
-
class Event
|
|
7
|
-
include Serializable
|
|
8
|
-
attributes :user_identity
|
|
9
|
-
|
|
10
|
-
def user_identity
|
|
11
|
-
UserIdentity.new(raw['userIdentity'])
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
require 'threatstack/serializable'
|
|
2
|
-
|
|
3
|
-
module Threatstack
|
|
4
|
-
module Alert
|
|
5
|
-
class UserIdentity
|
|
6
|
-
include Serializable
|
|
7
|
-
attributes :user_name, :session_context, :invoked_by, :account_id, :access_key_id, :principal_id
|
|
8
|
-
|
|
9
|
-
def user_name
|
|
10
|
-
raw['userName']
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def session_context
|
|
14
|
-
raw['sessionContext']
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def invoked_by
|
|
18
|
-
raw['invokedBy']
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def account_id
|
|
22
|
-
raw['accountId']
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def access_key_id
|
|
26
|
-
raw['accessKeyId']
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def principal_id
|
|
30
|
-
raw['principalId']
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'threatstack/organization/organization'
|
|
2
|
-
require 'threatstack/serializable'
|
|
3
|
-
|
|
4
|
-
module Threatstack
|
|
5
|
-
module Organization
|
|
6
|
-
class Response
|
|
7
|
-
include Serializable
|
|
8
|
-
attributes :organizations
|
|
9
|
-
|
|
10
|
-
def organizations
|
|
11
|
-
raw.map{ |a| Organization.new(a) }
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'threatstack/policy/policy'
|
|
2
|
-
require 'threatstack/alert/rule'
|
|
3
|
-
|
|
4
|
-
module Threatstack
|
|
5
|
-
module Policy
|
|
6
|
-
class Policy
|
|
7
|
-
include Serializable
|
|
8
|
-
attributes :rules
|
|
9
|
-
|
|
10
|
-
def rules
|
|
11
|
-
raw['alert_policy'].map{ |r| Threatstack::Alert::Rule.new(r) }
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'threatstack/policy/policy'
|
|
2
|
-
require 'threatstack/serializable'
|
|
3
|
-
|
|
4
|
-
module Threatstack
|
|
5
|
-
module Policy
|
|
6
|
-
class Response
|
|
7
|
-
include Serializable
|
|
8
|
-
attributes :policies
|
|
9
|
-
|
|
10
|
-
def policies
|
|
11
|
-
raw.map{ |a| Policy.new(a) }
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|