class Threatstack::Client
Constants
- THREATSTACK_API
Attributes
api_version[R]
last_pagination_token[R]
org_id[R]
token[R]
Public Class Methods
new(token, organization_id: nil, api_version: 'v2')
click to toggle source
# File lib/threatstack/client.rb, line 17 def initialize(token, organization_id: nil, api_version: 'v2') @api_version = api_version @token = token @org_id = organization_id if api_version == 'v1' raise ThreatstackError, "This version of threatstack-ruby does not support Threatstack API v1" end end
Public Instance Methods
agent(agent_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 33 def agent(agent_id, params = {}) raise ThreatstackError, "Must specify agent id" unless agent_id response = do_request(:get, "agents/#{agent_id}", params) Agent.new(response, self) end
agents(params = {})
click to toggle source
ALERTS ###
# File lib/threatstack/client.rb, line 28 def agents(params = {}) response = do_request(:get, 'agents', params) Response.new(response['agents'], self, entity: :agent).agents end
alert(alert_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 50 def alert(alert_id, params = {}) raise ThreatstackError, "Must specify alert id" unless alert_id response = do_request(:get, "alerts/#{alert_id}", params) Alert.new(response, self) end
alerts(params = {})
click to toggle source
ALERTS ###
# File lib/threatstack/client.rb, line 40 def alerts(params = {}) response = do_request(:get, 'alerts', params) Response.new(response['alerts'], self, entity: :alert).alerts end
cves_by_agent(agent, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 97 def cves_by_agent(agent, params = {}) raise ThreatstackError, "Must specify agent" unless agent uri = "vulnerabilities/agent/#{agent}" uri += "/suppressed" if params[:suppressed] response = do_request(:get, uri, params) response['cves'] end
dismissed_alerts(params = {})
click to toggle source
# File lib/threatstack/client.rb, line 45 def dismissed_alerts(params = {}) response = do_request(:get, 'alerts/dismissed', params) Response.new(response['alerts'], self, entity: :alert).alerts end
event(alert_id, event_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 61 def event(alert_id, event_id, params = {}) response = do_request(:get, "alerts/#{alert_id}/events/#{event_id}", params) GenericObject.new(response['details'], self, entity: :event) end
package_vulnerabilities(package, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 81 def package_vulnerabilities(package, params = {}) raise ThreatstackError, "Must specify package" unless package uri = "vulnerabilities/package/#{package}" uri += "/suppressed" if params[:suppressed] response = do_request(:get, uri, params) Response.new(response['packages'], self, entity: :package).list end
rule(ruleset_id, rule_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 130 def rule(ruleset_id, rule_id, params = {}) raise ThreatstackError, "Must specify ruleset id and rule id" unless ruleset_id && rule_id response = do_request(:get, "rulesets/#{ruleset_id}/rules/#{rule_id}", params) Rule.new(response, self) end
rules(ruleset_id, params = {})
click to toggle source
Rules ###
# File lib/threatstack/client.rb, line 125 def rules(ruleset_id, params = {}) response = do_request(:get, "rulesets/#{ruleset_id}/rules", params) Response.new(response['rules'], self, entity: :rule).rules end
ruleset(ruleset_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 117 def ruleset(ruleset_id, params = {}) raise ThreatstackError, "Must specify ruleset id" unless ruleset_id response = do_request(:get, "rulesets/#{ruleset_id}", params) Ruleset.new(response, self) end
rulesets(params = {})
click to toggle source
Rulesets ###
# File lib/threatstack/client.rb, line 112 def rulesets(params = {}) response = do_request(:get, 'rulesets', params) Response.new(response['rulesets'], self, entity: :ruleset).rulesets end
server_vulnerabilities(server, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 89 def server_vulnerabilities(server, params = {}) raise ThreatstackError, "Must specify server" unless server uri = "vulnerabilities/server/#{server}" uri += "/suppressed" if params[:suppressed] response = do_request(:get, uri, params) response['cves'] end
servers(monitored = true, params = {})
click to toggle source
Servers ###
# File lib/threatstack/client.rb, line 138 def servers(monitored = true, params = {}) uri = "servers" uri += "/non-monitored" unless monitored response = do_request(:get, uri, params) Response.new(response['servers'], self, entity: :server).list end
severity_counts(params = {})
click to toggle source
# File lib/threatstack/client.rb, line 56 def severity_counts(params = {}) response = do_request(:get, "alerts/severity-counts", params) Response.new(response['severityCounts'], self, entity: :severity_count).list end
vulnerabilities(params = {})
click to toggle source
CVEs ###
# File lib/threatstack/client.rb, line 68 def vulnerabilities(params = {}) uri = "vulnerabilities" uri += "/suppressed" if params[:suppressed] response = do_request(:get, uri, params) Response.new(response['cves'], self, entity: :cve).cves end
vulnerability(vuln_id, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 75 def vulnerability(vuln_id, params = {}) raise ThreatstackError, "Must specify vulnerability id" unless vuln_id response = do_request(:get, "vulnerabilities/#{vuln_id}", params) Cve.new(response, self) end
vulnerability_suppressions(params = {})
click to toggle source
# File lib/threatstack/client.rb, line 105 def vulnerability_suppressions(params = {}) response = do_request(:get, "vulnerabilities/suppressions", params) Response.new(response['suppressions'], self, entity: :suppression).list end
Private Instance Methods
build_uri(path, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 157 def build_uri(path, params = {}) params[:from] = params[:from].utc if params[:from] params[:until] = params[:until].utc if params[:until] params[:fields] = params[:fields].join(',') if params[:fields]&.is_a?(Array) query = params.each_pair.map { |k, v| "#{k}=#{v}" }.join('&') uri = "#{THREATSTACK_API}/#{api_version}/#{path}" uri += "?#{URI::encode(query)}" if params.any? uri end
do_request(method, path, params = {})
click to toggle source
# File lib/threatstack/client.rb, line 147 def do_request(method, path, params = {}) headers = { "Authorization" => token, "Organization-Id" => org_id } response = HTTParty.public_send(method, build_uri(path, params), headers: headers).parsed_response if response.instance_of?(Hash) && response['status'] == 'error' raise ThreatstackError, response['message'] end @last_pagination_token = response['token'] response end