Class: MISP::Event
Instance Attribute Summary collapse
- #analysis ⇒ String
- #attribute_count ⇒ String
- #attributes ⇒ Array<MISP::Attribute>
- #date ⇒ String
- #disable_correlation ⇒ Boolean
- #distribution ⇒ String
- #event_creator_email ⇒ String
-
#galaxies ⇒ Array<<MISP::Galaxy>]
Array<<MISP::Galaxy>].
- #id ⇒ String readonly
- #info ⇒ String
- #locked ⇒ Boolean
- #org ⇒ MISP::Org?
- #org_id ⇒ String
- #orgc ⇒ MISP::Orgc?
- #orgc_id ⇒ String
- #proposal_email_lock ⇒ Boolean
- #publish_timestamp ⇒ String
- #published ⇒ Boolean
- #related_events ⇒ Array<MISP::Event>
- #shadow_attributes ⇒ Array<MISP::Attribute>
- #sharing_group_id ⇒ String
- #sharing_groups ⇒ Array<MISP::SharingGroup>
-
#tags ⇒ Array<<MISP::Tag>]
Array<<MISP::Tag>].
- #threat_level_id ⇒ String
- #timestamp ⇒ String
- #uuid ⇒ String readonly
Class Method Summary collapse
- .create(**attrs) ⇒ Object
- .delete(id) ⇒ Object
- .get(id) ⇒ Object
- .list ⇒ Object
- .search(**params) ⇒ Object
- .update(id, **attrs) ⇒ Object
Instance Method Summary collapse
-
#add_attribute(attribute) ⇒ MISP::Event
Add an attribute to an event.
-
#add_tag(tag) ⇒ MISP::Event
Add a tag to an event.
-
#create(**attrs) ⇒ MISP::Event
Create an event.
-
#delete ⇒ Hash
Delete an event.
-
#get(id) ⇒ MISP::Event
Get an event.
-
#initialize(**attrs) ⇒ Event
constructor
A new instance of Event.
-
#list ⇒ Array<MISP::Event>
List events.
-
#search(**params) ⇒ Array<MISP::Event>
Search for events.
-
#to_h ⇒ Hash
Returns a hash representation of the attribute data.
-
#update(**attrs) ⇒ MISP::Event
Update an event.
Constructor Details
#initialize(**attrs) ⇒ Event
Returns a new instance of Event.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/misp/event.rb', line 60 def initialize(**attrs) attrs = normalize_attributes(attrs) @id = attrs.dig(:id) @orgc_id = attrs.dig(:orgc_id) @org_id = attrs.dig(:org_id) @date = attrs.dig(:date) @threat_level_id = attrs.dig(:threat_level_id) @info = attrs.dig(:info) @published = attrs.dig(:published) || false @uuid = attrs.dig(:uuid) @attribute_count = attrs.dig(:attribute_count) @analysis = attrs.dig(:analysis) @timestamp = attrs.dig(:timestamp) @distribution = attrs.dig(:distribution) @proposal_email_lock = attrs.dig(:proposal_email_lock) @locked = attrs.dig(:locked) || false @publish_timestamp = attrs.dig(:publish_timestamp) @sharing_group_id = attrs.dig(:sharing_group_id) @disable_correlation = attrs.dig(:disable_correlation) @event_creator_email = attrs.dig(:event_creator_email) @org = build_attribute(item: attrs.dig(:Org), klass: Org) @orgc = build_attribute(item: attrs.dig(:Orgc), klass: Orgc) @sharing_groups = build_plural_attribute(items: attrs.dig(:SharingGroup), klass: SharingGroup) @attributes = build_plural_attribute(items: attrs.dig(:Attribute), klass: Attribute) @shadow_attributes = build_plural_attribute(items: attrs.dig(:ShadowAttribute), klass: Attribute ) @related_events = build_plural_attribute(items: attrs.dig(:RelatedEvent), klass: Attribute) @galaxies = build_plural_attribute(items: attrs.dig(:Galaxy), klass: Galaxy) @tags = build_plural_attribute(items: attrs.dig(:Tag), klass: Tag) end |
Instance Attribute Details
#analysis ⇒ String
24 25 26 |
# File 'lib/misp/event.rb', line 24 def analysis @analysis end |
#attribute_count ⇒ String
22 23 24 |
# File 'lib/misp/event.rb', line 22 def attribute_count @attribute_count end |
#attributes ⇒ Array<MISP::Attribute>
50 51 52 |
# File 'lib/misp/event.rb', line 50 def attributes @attributes end |
#date ⇒ String
12 13 14 |
# File 'lib/misp/event.rb', line 12 def date @date end |
#disable_correlation ⇒ Boolean
38 39 40 |
# File 'lib/misp/event.rb', line 38 def disable_correlation @disable_correlation end |
#distribution ⇒ String
28 29 30 |
# File 'lib/misp/event.rb', line 28 def distribution @distribution end |
#event_creator_email ⇒ String
40 41 42 |
# File 'lib/misp/event.rb', line 40 def event_creator_email @event_creator_email end |
#galaxies ⇒ Array<<MISP::Galaxy>]
Returns Array<<MISP::Galaxy>].
56 57 58 |
# File 'lib/misp/event.rb', line 56 def galaxies @galaxies end |
#id ⇒ String (readonly)
6 7 8 |
# File 'lib/misp/event.rb', line 6 def id @id end |
#info ⇒ String
16 17 18 |
# File 'lib/misp/event.rb', line 16 def info @info end |
#locked ⇒ Boolean
32 33 34 |
# File 'lib/misp/event.rb', line 32 def locked @locked end |
#org_id ⇒ String
10 11 12 |
# File 'lib/misp/event.rb', line 10 def org_id @org_id end |
#orgc_id ⇒ String
8 9 10 |
# File 'lib/misp/event.rb', line 8 def orgc_id @orgc_id end |
#proposal_email_lock ⇒ Boolean
30 31 32 |
# File 'lib/misp/event.rb', line 30 def proposal_email_lock @proposal_email_lock end |
#publish_timestamp ⇒ String
34 35 36 |
# File 'lib/misp/event.rb', line 34 def @publish_timestamp end |
#published ⇒ Boolean
18 19 20 |
# File 'lib/misp/event.rb', line 18 def published @published end |
#related_events ⇒ Array<MISP::Event>
54 55 56 |
# File 'lib/misp/event.rb', line 54 def @related_events end |
#shadow_attributes ⇒ Array<MISP::Attribute>
52 53 54 |
# File 'lib/misp/event.rb', line 52 def shadow_attributes @shadow_attributes end |
#sharing_group_id ⇒ String
36 37 38 |
# File 'lib/misp/event.rb', line 36 def sharing_group_id @sharing_group_id end |
#sharing_groups ⇒ Array<MISP::SharingGroup>
48 49 50 |
# File 'lib/misp/event.rb', line 48 def sharing_groups @sharing_groups end |
#tags ⇒ Array<<MISP::Tag>]
Returns Array<<MISP::Tag>].
58 59 60 |
# File 'lib/misp/event.rb', line 58 def @tags end |
#threat_level_id ⇒ String
14 15 16 |
# File 'lib/misp/event.rb', line 14 def threat_level_id @threat_level_id end |
#timestamp ⇒ String
26 27 28 |
# File 'lib/misp/event.rb', line 26 def @timestamp end |
#uuid ⇒ String (readonly)
20 21 22 |
# File 'lib/misp/event.rb', line 20 def uuid @uuid end |
Class Method Details
.create(**attrs) ⇒ Object
228 229 230 |
# File 'lib/misp/event.rb', line 228 def create(**attrs) new.create attrs end |
.delete(id) ⇒ Object
232 233 234 |
# File 'lib/misp/event.rb', line 232 def delete(id) new(id: id).delete end |
.get(id) ⇒ Object
224 225 226 |
# File 'lib/misp/event.rb', line 224 def get(id) new.get id end |
.list ⇒ Object
236 237 238 |
# File 'lib/misp/event.rb', line 236 def list new.list end |
.search(**params) ⇒ Object
244 245 246 |
# File 'lib/misp/event.rb', line 244 def search(**params) new.search params end |
.update(id, **attrs) ⇒ Object
240 241 242 |
# File 'lib/misp/event.rb', line 240 def update(id, **attrs) new(id: id).update attrs end |
Instance Method Details
#add_attribute(attribute) ⇒ MISP::Event
Add an attribute to an event. Requires an update or create call afterwards.
206 207 208 209 210 |
# File 'lib/misp/event.rb', line 206 def add_attribute(attribute) attribute = Attribute.new(attribute) unless attribute.is_a?(Attribute) attributes << attribute self end |
#add_tag(tag) ⇒ MISP::Event
Add a tag to an event. Requires an update or create call afterwards.
217 218 219 220 221 |
# File 'lib/misp/event.rb', line 217 def add_tag(tag) tag = Tag.new(tag) unless tag.is_a?(MISP::Tag) << tag self end |
#create(**attrs) ⇒ MISP::Event
Create an event
145 146 147 148 |
# File 'lib/misp/event.rb', line 145 def create(**attrs) payload = to_h.merge(attrs) _post("/events/add", wrap(payload)) { |event| Event.new event } end |
#delete ⇒ Hash
Delete an event
155 156 157 |
# File 'lib/misp/event.rb', line 155 def delete _delete("/events/#{id}") { |json| json } end |
#get(id) ⇒ MISP::Event
Get an event
134 135 136 |
# File 'lib/misp/event.rb', line 134 def get(id) _get("/events/#{id}") { |event| Event.new event } end |
#list ⇒ Array<MISP::Event>
List events
164 165 166 167 168 169 170 |
# File 'lib/misp/event.rb', line 164 def list _get("/events/index") do |events| events.map do |event| Event.new event end end end |
#search(**params) ⇒ Array<MISP::Event>
Search for events
188 189 190 191 192 193 194 195 196 197 198 199 |
# File 'lib/misp/event.rb', line 188 def search(**params) base = { returnFormat: "json", limit: "100", page: "0" } _post("/events/restSearch", base.merge(params)) do |json| events = json.dig(:response) || [] events.map { |event| Event.new event } end end |
#to_h ⇒ Hash
Returns a hash representation of the attribute data.
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/misp/event.rb', line 98 def to_h compact( id: id, orgc_id: orgc_id, org_id: org_id, date: date, threat_level_id: threat_level_id, info: info, published: published, uuid: uuid, attribute_count: attribute_count, analysis: analysis, timestamp: , distribution: distribution, proposal_email_lock: proposal_email_lock, locked: locked, publish_timestamp: , sharing_group_id: sharing_group_id, disable_correlation: disable_correlation, event_creator_email: event_creator_email, Org: org.to_h, Orgc: orgc.to_h, SharingGroup: sharing_groups.map(&:to_h), Attribute: attributes.map(&:to_h), ShadowAttribute: shadow_attributes.map(&:to_h), RelatedEvent: .map(&:to_h), Galaxy: galaxies.map(&:to_h), Tag: .map(&:to_h) ) end |
#update(**attrs) ⇒ MISP::Event
Update an event
177 178 179 180 181 |
# File 'lib/misp/event.rb', line 177 def update(**attrs) payload = to_h.merge(attrs) payload[:timestamp] = nil _post("/events/#{id}", wrap(payload)) { |event| Event.new event } end |