Class: Falcon::IntelligenceIndicatorGraph

Inherits:
Object
  • Object
show all
Defined in:
lib/crimson-falcon/api/intelligence_indicator_graph.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ IntelligenceIndicatorGraph

Returns a new instance of IntelligenceIndicatorGraph.



36
37
38
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_clientObject

Returns the value of attribute api_client.



34
35
36
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#lookup_indicators(body, opts = {}) ⇒ RestapiLookupIndicatorResponse

Get indicators based on their value. Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 100 indicators in a single request.

Parameters:

Returns:



44
45
46
47
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 44

def lookup_indicators(body, opts = {})
  data, _status_code, _headers = lookup_indicators_with_http_info(body, opts)
  data
end

#lookup_indicators_with_http_info(body, opts = {}) ⇒ Array<(RestapiLookupIndicatorResponse, Integer, Hash)>

Get indicators based on their value. Look up intelligence data for multiple indicators. Supports various indicator types including domains, IP addresses, and file hashes (MD5, SHA1, SHA256). Provide up to 100 indicators in a single request.

Parameters:

Returns:



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 54

def lookup_indicators_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.lookup_indicators ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.lookup_indicators"
  end
  # resource path
  local_var_path = '/intelligence/combined/lookup-indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'RestapiLookupIndicatorResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"IntelligenceIndicatorGraph.lookup_indicators",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#lookup_indicators\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#search_indicators(body, opts = {}) ⇒ RestapiIndicatorResponse

Search indicators based on FQL filter.

Parameters:

Options Hash (opts):

  • :sort (String)

    Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.

  • :filter (String)

    FQL query specifying the filter parameters.

  • :limit (Integer)

    Limit

  • :offset (String)

    Offset

Returns:



115
116
117
118
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 115

def search_indicators(body, opts = {})
  data, _status_code, _headers = search_indicators_with_http_info(body, opts)
  data
end

#search_indicators_with_http_info(body, opts = {}) ⇒ Array<(RestapiIndicatorResponse, Integer, Hash)>

Search indicators based on FQL filter.

Parameters:

Options Hash (opts):

  • :sort (String)

    Parameter to specify the order(field examples: FileDetails.SHA256, URLDetails.URL, PublishDate, MaliciousConfidence) Ex: &#39;PublishDate|asc&#39;.

  • :filter (String)

    FQL query specifying the filter parameters.

  • :limit (Integer)

    Limit

  • :offset (String)

    Offset

Returns:

  • (Array<(RestapiIndicatorResponse, Integer, Hash)>)

    RestapiIndicatorResponse data, response status code and response headers



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/crimson-falcon/api/intelligence_indicator_graph.rb', line 128

def search_indicators_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: IntelligenceIndicatorGraph.search_indicators ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling IntelligenceIndicatorGraph.search_indicators"
  end
  # resource path
  local_var_path = '/intelligence/combined/indicators/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'RestapiIndicatorResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"IntelligenceIndicatorGraph.search_indicators",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: IntelligenceIndicatorGraph#search_indicators\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end