Class: Hachi::Clients::Alert

Inherits:

Base

• Object
• Base
• Hachi::Clients::Alert

Defined in:

lib/hachi/clients/alert.rb

Instance Attribute Summary

Attributes inherited from Base

#api_endpoint, #api_key

Instance Method Summary

• #create(title:, description:, type:, source:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, source_ref: nil, artifacts: nil, follow: nil) ⇒ Hash

  Create an alert.

• #delete_by_id(id) ⇒ String

  Delete an alert.

• #get_by_id(id) ⇒ Hash

  Get an alert.

• #list ⇒ Array

  List alerts.

• #mark_as_read(id) ⇒ Hash

  Mark an alert as read.

• #mark_as_unread(id) ⇒ Hash

  Mark an alert as unread.

• #merge_into_case(*ids, case_id) ⇒ Hash

  Merge an alert / alerts in a case.

• #promote_to_case(id) ⇒ Hash

  Create a case from an alert.

• #search(query, range: "all", sort: nil) ⇒ Array

  Find alerts.

• #update(id, title: nil, description: nil, severity: nil, tags: nil, tlp: nil, artifacts: nil) ⇒ Hash

  Update an alert.

Methods inherited from Base

#delete, #get, #initialize, #patch, #post

Constructor Details

This class inherits a constructor from Hachi::Clients::Base

Instance Method Details

#create(title:, description:, type:, source:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, source_ref: nil, artifacts: nil, follow: nil) ⇒ Hash

Create an alert

Parameters:

• title (String)
• description (String)
• severity (String, nil) (defaults to: nil)
• date (String, nil) (defaults to: nil)
• tags (String, nil) (defaults to: nil)
• tlp (String, nil) (defaults to: nil)
• status (String, nil) (defaults to: nil)
• type (String, nil)
• source (String, nil)
• source_ref (String, nil) (defaults to: nil)
• artifacts (String, nil) (defaults to: nil)
• follow (String, nil) (defaults to: nil)

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 58

def create(title:, description:, type:, source:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, source_ref: nil, artifacts: nil, follow: nil)
  alert = Models::Alert.new(
    title: title,
    description: description,
    severity: severity,
    date: date,
    tags: tags,
    tlp: tlp,
    status: status,
    type: type,
    source: source,
    source_ref: source_ref,
    artifacts: artifacts,
    follow: follow,
  )
  post("/api/alert", json: alert.payload) { |json| json }
end

#delete_by_id(id) ⇒ String

Delete an alert

Parameters:

• id (String) —

  Alert ID

Returns:

• (String)

# File 'lib/hachi/clients/alert.rb', line 36

def delete_by_id(id)
  delete("/api/alert/#{id}") { |json| json }
end

#get_by_id(id) ⇒ Hash

Get an alert

Parameters:

• id (String) —

  Alert ID

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 25

def get_by_id(id)
  get("/api/alert/#{id}") { |json| json }
end

#list ⇒ Array

List alerts

Returns:

• (Array)

# File 'lib/hachi/clients/alert.rb', line 14

def list
  get("/api/alert") { |json| json }
end

#mark_as_read(id) ⇒ Hash

Mark an alert as read

Parameters:

• id (String) —

  Alert ID

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 96

def mark_as_read(id)
  post("/api/alert/#{id}/markAsRead") { |json| json }
end

#mark_as_unread(id) ⇒ Hash

Mark an alert as unread

Parameters:

• id (String) —

  Alert ID

Returns:

• (Hash) —

  hash

# File 'lib/hachi/clients/alert.rb', line 107

def mark_as_unread(id)
  post("/api/alert/#{id}/markAsUnread") { |json| json }
end

#merge_into_case(*ids, case_id) ⇒ Hash

Merge an alert / alerts in a case

Parameters:

• *ids (String, Array) —

  Alert ID(s)

• case_id (String) —

  Case ID

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 130

def merge_into_case(*ids, case_id)
  params = {
    alertIds: ids.flatten,
    caseId: case_id
  }
  post("/api/alert/merge/_bulk", json: params) { |json| json }
end

#promote_to_case(id) ⇒ Hash

Create a case from an alert

Parameters:

• id (String) —

  Alert ID

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 118

def promote_to_case(id)
  post("/api/alert/#{id}/createCase") { |json| json }
end

#search(query, range: "all", sort: nil) ⇒ Array

Find alerts

Parameters:

• query (Hash)
• range (String) (defaults to: "all")
• sort (String, nil) (defaults to: nil)

Returns:

• (Array)

# File 'lib/hachi/clients/alert.rb', line 85

def search(query, range: "all", sort: nil)
  _search("/api/alert/_search", query: query, range: range, sort: sort) { |json| json }
end

#update(id, title: nil, description: nil, severity: nil, tags: nil, tlp: nil, artifacts: nil) ⇒ Hash

Update an alert

Parameters:

• id (String, nil)
• title (String, nil) (defaults to: nil)
• description (String, nil) (defaults to: nil)
• severity (String, nil) (defaults to: nil)
• tags (String, nil) (defaults to: nil)
• tlp (String, nil) (defaults to: nil)
• artifacts (String, nil) (defaults to: nil)

Returns:

• (Hash)

# File 'lib/hachi/clients/alert.rb', line 151

def update(id, title: nil, description: nil, severity: nil, tags: nil, tlp: nil, artifacts: nil)
  attributes = {
    title: title,
    description: description,
    severity: severity,
    tags: tags,
    tlp: tlp,
    artifacts: artifacts,
  }.compact
  patch("/api/alert/#{id}", json: attributes) { |json| json }
end