Class: MISP::Attribute

Inherits:
Base
  • Object
show all
Defined in:
lib/misp/attribute.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**attributes) ⇒ Attribute

Returns a new instance of Attribute.



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'lib/misp/attribute.rb', line 41

def initialize(**attributes)
  attributes = normalize_attributes(attributes)

  @id = attributes.dig(:id)
  @type = attributes.dig(:type)
  @category = attributes.dig(:category)
  @to_ids = attributes.dig(:to_ids)
  @uuid = attributes.dig(:uuid)
  @event_id = attributes.dig(:event_id)
  @distribution = attributes.dig(:distribution)
  @timestamp = attributes.dig(:timestamp)
  @comment = attributes.dig(:comment)
  @sharing_group_id = attributes.dig(:sharing_group_id)
  @deleted = attributes.dig(:deleted)
  @disable_correlation = attributes.dig(:disable_correlation)
  @value = attributes.dig(:value)
  @data = attributes.dig(:data)

  @sharing_groups = build_plural_attribute(items: attributes.dig(:SharingGroup), klass: SharingGroup)
  @shadow_attributes = build_plural_attribute(items: attributes.dig(:ShadowAttribute), klass: Attribute )
  @tags = build_plural_attribute(items: attributes.dig(:Tag), klass: Tag)
end

Instance Attribute Details

#categoryString

Returns:

  • (String)


10
11
12
# File 'lib/misp/attribute.rb', line 10

def category
  @category
end

#commentString

Returns:

  • (String)


22
23
24
# File 'lib/misp/attribute.rb', line 22

def comment
  @comment
end

#dataString

Returns:

  • (String)


32
33
34
# File 'lib/misp/attribute.rb', line 32

def data
  @data
end

#deletedBoolean

Returns:

  • (Boolean)


26
27
28
# File 'lib/misp/attribute.rb', line 26

def deleted
  @deleted
end

#disable_correlationBoolean

Returns:

  • (Boolean)


28
29
30
# File 'lib/misp/attribute.rb', line 28

def disable_correlation
  @disable_correlation
end

#distributionString

Returns:

  • (String)


18
19
20
# File 'lib/misp/attribute.rb', line 18

def distribution
  @distribution
end

#event_idString (readonly)

Returns:

  • (String)


16
17
18
# File 'lib/misp/attribute.rb', line 16

def event_id
  @event_id
end

#idString (readonly)

Returns:

  • (String)


6
7
8
# File 'lib/misp/attribute.rb', line 6

def id
  @id
end

#shadow_attributesArray<MISP::Attribute>

Returns:



37
38
39
# File 'lib/misp/attribute.rb', line 37

def shadow_attributes
  @shadow_attributes
end

#sharing_group_idString

Returns:

  • (String)


24
25
26
# File 'lib/misp/attribute.rb', line 24

def sharing_group_id
  @sharing_group_id
end

#sharing_groupsArray<MISP::SharingGroup>

Returns:



35
36
37
# File 'lib/misp/attribute.rb', line 35

def sharing_groups
  @sharing_groups
end

#tagsArray<MISP::Tag>

Returns:



39
40
41
# File 'lib/misp/attribute.rb', line 39

def tags
  @tags
end

#timestampString

Returns:

  • (String)


20
21
22
# File 'lib/misp/attribute.rb', line 20

def timestamp
  @timestamp
end

#to_idsBoolean

Returns:

  • (Boolean)


12
13
14
# File 'lib/misp/attribute.rb', line 12

def to_ids
  @to_ids
end

#typeString

Returns:

  • (String)


8
9
10
# File 'lib/misp/attribute.rb', line 8

def type
  @type
end

#uuidString (readonly)

Returns:

  • (String)


14
15
16
# File 'lib/misp/attribute.rb', line 14

def uuid
  @uuid
end

#valueString

Returns:

  • (String)


30
31
32
# File 'lib/misp/attribute.rb', line 30

def value
  @value
end

Class Method Details

.create(event_id, **attributes) ⇒ Object



186
187
188
# File 'lib/misp/attribute.rb', line 186

def create(event_id, **attributes)
  new(attributes).create(event_id)
end

.delete(id) ⇒ Object



182
183
184
# File 'lib/misp/attribute.rb', line 182

def delete(id)
  new(id: id).delete
end

.get(id) ⇒ Object



178
179
180
# File 'lib/misp/attribute.rb', line 178

def get(id)
  new(id: id).get
end

.search(**params) ⇒ Object



190
191
192
# File 'lib/misp/attribute.rb', line 190

def search(**params)
  new.search params
end

Instance Method Details

#add_tag(tag) ⇒ MISP::Tag

Add a tag to an attribute

Parameters:

Returns:



158
159
160
161
162
# File 'lib/misp/attribute.rb', line 158

def add_tag(tag)
  tag = Tag.new(tag) unless tag.is_a?(MISP::Tag)
  payload = { uuid: uuid, tag: tag.name }
  _post("/tags/attachTagToObject", payload) { |json| Tag.new json }
end

#create(event_id) ⇒ MISP::Attribute

Create an attribute

Returns:



114
115
116
# File 'lib/misp/attribute.rb', line 114

def create(event_id)
  _post("/attributes/add/#{event_id}", wrap(to_h)) { |attribute| Attribute.new attribute }
end

#deleteHash

Delete an attribute

Returns:

  • (Hash)


105
106
107
# File 'lib/misp/attribute.rb', line 105

def delete
  _post("/attributes/delete/#{id}") { |json| json }
end

#getMISP::Attribute

Get an attribute

Returns:



96
97
98
# File 'lib/misp/attribute.rb', line 96

def get
  _get("/attributes/#{id}") { |attribute| Attribute.new attribute }
end

#remove_tag(tag) ⇒ Hash

Remove a tag from an attribute

Parameters:

Returns:

  • (Hash)


171
172
173
174
175
# File 'lib/misp/attribute.rb', line 171

def remove_tag(tag)
  tag = Tag.new(tag) unless tag.is_a?(MISP::Tag)
  payload = { uuid: uuid, tag: tag.name }
  _post("/tags/removeTagFromObject", payload) { |json| json }
end

#search(**params) ⇒ Array<MISP::Attributes>

Search for attributes

Parameters:

  • **params (Hash)

    parameters

Returns:

  • (Array<MISP::Attributes>)


138
139
140
141
142
143
144
145
146
147
148
149
# File 'lib/misp/attribute.rb', line 138

def search(**params)
  base = {
    returnFormat: "json",
    limit: "100",
    page: "0"
  }

  _post("/attributes/restSearch", base.merge(params)) do |json|
    attributes = json.dig(:response, :Attribute) || []
    attributes.map { |attribute| Attribute.new attribute }
  end
end

#to_hHash

Returns a hash representation of the attribute data.

Returns:

  • (Hash)


69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/misp/attribute.rb', line 69

def to_h
  {
    id: id,
    type: type,
    category: category,
    to_ids: to_ids,
    uuid: uuid,
    event_id: event_id,
    distribution: distribution,
    timestamp: timestamp,
    comment: comment,
    sharing_group_id: sharing_group_id,
    deleted: deleted,
    disable_correlation: disable_correlation,
    value: value,
    data: data,
    SharingGroup: sharing_groups.map(&:to_h),
    ShadowAttribute: shadow_attributes.map(&:to_h),
    Tag: tags.map(&:to_h)
  }.compact
end

#update(**attrs) ⇒ MISP::Attribute

Update an attribute

Parameters:

  • **attrs (Hash)

    attributes

Returns:



125
126
127
128
129
# File 'lib/misp/attribute.rb', line 125

def update(**attrs)
  payload = to_h.merge(attrs)
  payload[:timestamp] = nil
  _post("/attributes/edit/#{id}", wrap(payload)) { |json| Attribute.new json.dig(:response, :Attribute) }
end