Class: Threatstack::Client

Inherits:

Object

• Object
• Threatstack::Client

Defined in:

lib/threatstack/client.rb

Constant Summary

THREATSTACK_API =

'https://api.threatstack.com'.freeze

Instance Attribute Summary

• #api_version ⇒ Object readonly

  Returns the value of attribute api_version.

• #last_pagination_token ⇒ Object readonly

  Returns the value of attribute last_pagination_token.

• #org_id ⇒ Object readonly

  Returns the value of attribute org_id.

• #token ⇒ Object readonly

  Returns the value of attribute token.

Instance Method Summary

• #agent(agent_id, params = {}) ⇒ Object
• #agents(params = {}) ⇒ Object

  ALERTS ###.

• #alert(alert_id, params = {}) ⇒ Object
• #alerts(params = {}) ⇒ Object

  ALERTS ###.

• #cves_by_agent(agent, params = {}) ⇒ Object
• #dismissed_alerts(params = {}) ⇒ Object
• #event(alert_id, event_id, params = {}) ⇒ Object
• #initialize(token, organization_id: nil, api_version: 'v2') ⇒ Client constructor

  A new instance of Client.

• #package_vulnerabilities(package, params = {}) ⇒ Object
• #rule(ruleset_id, rule_id, params = {}) ⇒ Object
• #rules(ruleset_id, params = {}) ⇒ Object

  Rules ###.

• #ruleset(ruleset_id, params = {}) ⇒ Object
• #rulesets(params = {}) ⇒ Object

  Rulesets ###.

• #server_vulnerabilities(server, params = {}) ⇒ Object
• #servers(monitored = true, params = {}) ⇒ Object

  Servers ###.

• #severity_counts(params = {}) ⇒ Object
• #vulnerabilities(params = {}) ⇒ Object

  CVEs ###.

• #vulnerability(vuln_id, params = {}) ⇒ Object
• #vulnerability_suppressions(params = {}) ⇒ Object

Constructor Details

#initialize(token, organization_id: nil, api_version: 'v2') ⇒ Client

Returns a new instance of Client.

# File 'lib/threatstack/client.rb', line 17

def initialize(token, organization_id: nil, api_version: 'v2')
  @api_version = api_version
  @token = token
  @org_id = organization_id
  if api_version == 'v1'
    raise ThreatstackError, "This version of threatstack-ruby does not support Threatstack API v1"
  end
end

Instance Attribute Details

#api_version ⇒ Object (readonly)

Returns the value of attribute api_version.

# File 'lib/threatstack/client.rb', line 15

def api_version
  @api_version
end

#last_pagination_token ⇒ Object (readonly)

Returns the value of attribute last_pagination_token.

# File 'lib/threatstack/client.rb', line 15

def last_pagination_token
  @last_pagination_token
end

#org_id ⇒ Object (readonly)

Returns the value of attribute org_id.

# File 'lib/threatstack/client.rb', line 15

def org_id
  @org_id
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/threatstack/client.rb', line 15

def token
  @token
end

Instance Method Details

#agent(agent_id, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 33

def agent(agent_id, params = {})
  raise ThreatstackError, "Must specify agent id" unless agent_id
  response = do_request(:get, "agents/#{agent_id}", params)
  Agent.new(response, self)
end

#agents(params = {}) ⇒ Object

ALERTS ###

# File 'lib/threatstack/client.rb', line 28

def agents(params = {})
  response = do_request(:get, 'agents', params)
  Response.new(response['agents'], self, entity: :agent).agents
end

#alert(alert_id, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 50

def alert(alert_id, params = {})
  raise ThreatstackError, "Must specify alert id" unless alert_id
  response = do_request(:get, "alerts/#{alert_id}", params)
  Alert.new(response, self)
end

#alerts(params = {}) ⇒ Object

ALERTS ###

# File 'lib/threatstack/client.rb', line 40

def alerts(params = {})
  response = do_request(:get, 'alerts', params)
  Response.new(response['alerts'], self, entity: :alert).alerts
end

#cves_by_agent(agent, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 97

def cves_by_agent(agent, params = {})
  raise ThreatstackError, "Must specify agent" unless agent
  uri = "vulnerabilities/agent/#{agent}"
  uri += "/suppressed" if params[:suppressed]
  response = do_request(:get, uri, params)
  response['cves']
end

#dismissed_alerts(params = {}) ⇒ Object

# File 'lib/threatstack/client.rb', line 45

def dismissed_alerts(params = {})
  response = do_request(:get, 'alerts/dismissed', params)
  Response.new(response['alerts'], self, entity: :alert).alerts
end

#event(alert_id, event_id, params = {}) ⇒ Object

# File 'lib/threatstack/client.rb', line 61

def event(alert_id, event_id, params = {})
  response = do_request(:get, "alerts/#{alert_id}/events/#{event_id}", params)
  GenericObject.new(response['details'], self, entity: :event)
end

#package_vulnerabilities(package, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 81

def package_vulnerabilities(package, params = {})
  raise ThreatstackError, "Must specify package" unless package
  uri = "vulnerabilities/package/#{package}"
  uri += "/suppressed" if params[:suppressed]
  response = do_request(:get, uri, params)
  Response.new(response['packages'], self, entity: :package).list
end

#rule(ruleset_id, rule_id, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 130

def rule(ruleset_id, rule_id, params = {})
  raise ThreatstackError, "Must specify ruleset id and rule id" unless ruleset_id && rule_id
  response = do_request(:get, "rulesets/#{ruleset_id}/rules/#{rule_id}", params)
  Rule.new(response, self)
end

#rules(ruleset_id, params = {}) ⇒ Object

Rules ###

# File 'lib/threatstack/client.rb', line 125

def rules(ruleset_id, params = {})
  response = do_request(:get, "rulesets/#{ruleset_id}/rules", params)
  Response.new(response['rules'], self, entity: :rule).rules
end

#ruleset(ruleset_id, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 117

def ruleset(ruleset_id, params = {})
  raise ThreatstackError, "Must specify ruleset id" unless ruleset_id
  response = do_request(:get, "rulesets/#{ruleset_id}", params)
  Ruleset.new(response, self)
end

#rulesets(params = {}) ⇒ Object

Rulesets ###

# File 'lib/threatstack/client.rb', line 112

def rulesets(params = {})
  response = do_request(:get, 'rulesets', params)
  Response.new(response['rulesets'], self, entity: :ruleset).rulesets
end

#server_vulnerabilities(server, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 89

def server_vulnerabilities(server, params = {})
  raise ThreatstackError, "Must specify server" unless server
  uri = "vulnerabilities/server/#{server}"
  uri += "/suppressed" if params[:suppressed]
  response = do_request(:get, uri, params)
  response['cves']
end

#servers(monitored = true, params = {}) ⇒ Object

Servers ###

# File 'lib/threatstack/client.rb', line 138

def servers(monitored = true, params = {})
  uri = "servers"
  uri += "/non-monitored" unless monitored
  response = do_request(:get, uri, params)
  Response.new(response['servers'], self, entity: :server).list
end

#severity_counts(params = {}) ⇒ Object

# File 'lib/threatstack/client.rb', line 56

def severity_counts(params = {})
  response = do_request(:get, "alerts/severity-counts", params)
  Response.new(response['severityCounts'], self, entity: :severity_count).list
end

#vulnerabilities(params = {}) ⇒ Object

CVEs ###

# File 'lib/threatstack/client.rb', line 68

def vulnerabilities(params = {})
  uri = "vulnerabilities"
  uri += "/suppressed" if params[:suppressed]
  response = do_request(:get, uri, params)
  Response.new(response['cves'], self, entity: :cve).cves
end

#vulnerability(vuln_id, params = {}) ⇒ Object

Raises:

• (ThreatstackError)

# File 'lib/threatstack/client.rb', line 75

def vulnerability(vuln_id, params = {})
  raise ThreatstackError, "Must specify vulnerability id" unless vuln_id
  response = do_request(:get, "vulnerabilities/#{vuln_id}", params)
  Cve.new(response, self)
end

#vulnerability_suppressions(params = {}) ⇒ Object

# File 'lib/threatstack/client.rb', line 105

def vulnerability_suppressions(params = {})
  response = do_request(:get, "vulnerabilities/suppressions", params)
  Response.new(response['suppressions'], self, entity: :suppression).list
end