Arbor::Atlas

The arbor-atlas gem provides a very thin wrapper around Arbor Atlas' web interface, https://atlas.arbor.net/.

The ATLAS portal today is a public resource that delivers a sub-set of the intelligence derived from the ATLAS sensor network on host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures.

Installation

Add this line to your application's Gemfile:

gem 'arbor-atlas'

And then execute:

$ bundle

Or install it yourself as:

$ gem install arbor-atlas

Usage

require 'arbor-atlas'
username = "your atlas username"
password = "your atlas password"
arbor = Arbor::Atlas.new(username, password)
ip_rec = arbor.lookup("1.2.3.4")
net_rec = arbor.lookup("1.2.3.0/24")
asn_rec = arbor.lookup("AS701")
cc_rec = arbor.lookup("US")
cve_rec = arbor.lookup("CVE-2006-4139")

all the records are simply hashes like the following

pp ip_rec # =>
{"report"=>
  {"title"=>"ATLAS Host Report: Global 1.2.3.4",
   "scans"=>
    {"sources"=>
      {"country"=>
        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}},
       "asn"=>
        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}},
       "host"=>
        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}}},
     "services"=>
      {"service"=>
        {"entity"=>{"name"=>"Other", "percent"=>"0.0%", "bytes_avg"=>"0"}}}},
   "background"=>
    {"country"=>"AU",
     "asn"=>nil,
     "blacklist"=>
      {"dnsbl"=>
        [{"server"=>"dnsbl.ahbl.org", "status"=>"OK"},
         {"server"=>"bl.spamcop.net", "status"=>"OK"},
         {"server"=>"dnsbl.njabl.org", "status"=>"OK"},
         {"server"=>"sbl-xbl.spamhaus.org", "status"=>"OK"},
         {"server"=>"multi.surbl.org", "status"=>"OK"},
         {"server"=>"dnsbl.sorbs.net", "status"=>"OK"},
         {"server"=>"virbl.dnsbl.bit.nl", "status"=>"OK"},
         {"server"=>"dnsbl.dronebl.org", "status"=>"OK"}]}},
   "attacks"=>
    {"attack_changes"=>
      {"attacks"=>"0.00",
       "change"=>{"absolute"=>"0.0", "percent"=>"0.0"},
       "cve"=>nil,
       "description"=>"Other"},
     "sources"=>
      {"country"=>
        {"entity"=>
          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}},
       "asn"=>
        {"entity"=>
          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}},
       "host"=>
        {"entity"=>
          {"name"=>"Other", "percent"=>"0.0%", "attacks_avg"=>"0.00"}}}},
   "servers"=>
    {"phishing"=>
      {"brands"=>nil,
       "servers"=>
        {"country"=>
          {"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}},
         "asn"=>{"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}},
         "host"=>
          {"entity"=>{"name"=>"Other", "urls"=>"0", "percent"=>"0.0%"}}}},
     "botnets"=>
      {"country"=>
        {"entity"=>{"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}},
       "asn"=>
        {"entity"=>{"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}},
       "host"=>
        {"entity"=>
          {"name"=>"Other", "controllers"=>"0", "percent"=>"0.0%"}}}}}}

Contributing

Fork it
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request