Class: Threatinator::Event

Inherits:

Model::Base

• Object
• Model::Base
• Threatinator::Event

Defined in:

lib/threatinator/event.rb

Defined Under Namespace

Classes: EventHeader

Constant Summary

VALID_TYPES =

Set.new([:c2, :attacker, :malware_host, :spamming, :scanning, :phishing])

Instance Attribute Summary

• #feed_name ⇒ Object readonly

  Returns the value of attribute feed_name.

• #feed_provider ⇒ Object readonly

  Returns the value of attribute feed_provider.

• #fqdns ⇒ Object readonly

  Returns the value of attribute fqdns.

• #ipv4s ⇒ Object readonly

  Returns the value of attribute ipv4s.

• #type ⇒ Object readonly

  Returns the value of attribute type.

• #urls ⇒ Object readonly

  Returns the value of attribute urls.

Instance Method Summary

• #header ⇒ Object
• #initialize(opts = {}) ⇒ Event constructor

  A new instance of Event.

• #to_serializable_hash ⇒ Object

Methods inherited from Model::Base

#validate!

Constructor Details

#initialize(opts = {}) ⇒ Event

Returns a new instance of Event.

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :feed_provider (String) —

  The name of the feed provider

• :feed_name (String) —

  The name of the feed

• :type (Symbol) —

  The ‘type’ of feed.

• :ipv4s (#each) —

  A collection of ipv4s

• :fqdns (#each) —

  A collection of FQDNs

• :urls (#each) —

  A collection of Urls

# File 'lib/threatinator/event.rb', line 30

def initialize(opts = {})
  @feed_provider = opts[:feed_provider]
  @feed_name = opts[:feed_name]
  @type = opts[:type]
  @ipv4s = Threatinator::Model::Observables::Ipv4Collection.new(opts[:ipv4s] || [])
  @fqdns = Threatinator::Model::Observables::FqdnCollection.new(opts[:fqdns] || [])
  @urls = Threatinator::Model::Observables::UrlCollection.new(opts[:urls] || [])
  super()
end

Instance Attribute Details

#feed_name ⇒ Object (readonly)

Returns the value of attribute feed_name.

# File 'lib/threatinator/event.rb', line 11

def feed_name
  @feed_name
end

#feed_provider ⇒ Object (readonly)

Returns the value of attribute feed_provider.

# File 'lib/threatinator/event.rb', line 11

def feed_provider
  @feed_provider
end

#fqdns ⇒ Object (readonly)

Returns the value of attribute fqdns.

# File 'lib/threatinator/event.rb', line 11

def fqdns
  @fqdns
end

#ipv4s ⇒ Object (readonly)

Returns the value of attribute ipv4s.

# File 'lib/threatinator/event.rb', line 11

def ipv4s
  @ipv4s
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/threatinator/event.rb', line 11

def type
  @type
end

#urls ⇒ Object (readonly)

Returns the value of attribute urls.

# File 'lib/threatinator/event.rb', line 11

def urls
  @urls
end

Instance Method Details

#header ⇒ Object

# File 'lib/threatinator/event.rb', line 40

def header
  event_header = EventHeader.new(@feed_provider, @feed_name, @type)
end

#to_serializable_hash ⇒ Object

# File 'lib/threatinator/event.rb', line 44

def to_serializable_hash

  ret = {
    import_time: Time.now.utc.to_i,
    feed_provider: @feed_provider,
    feed_name: @feed_name,
    source: 'threatinator'
  }
  if @type
    ret[:tags] = @type.to_s
  end

  ret[:ipv4s] = @ipv4s.list
  ret[:fqdns] = @fqdns.list
  ret[:urls] = @urls.list
  ret
end