lib/misp/event.rb in misp-0.1.0 vs lib/misp/event.rb in misp-0.1.1
- old
+ new
@@ -1,36 +1,62 @@
# frozen_string_literal: true
module MISP
class Event < Base
+ # @return [String]
attr_reader :id
+ # @return [String]
attr_accessor :orgc_id
+ # @return [String]
attr_accessor :org_id
+ # @return [String]
attr_accessor :date
+ # @return [String]
attr_accessor :threat_level_id
+ # @return [String]
attr_accessor :info
+ # @return [Boolean]
attr_accessor :published
+ # @return [String]
attr_reader :uuid
+ # @return [String]
attr_accessor :attribute_count
+ # @return [String]
attr_accessor :analysis
+ # @return [String]
attr_accessor :timestamp
+ # @return [String]
attr_accessor :distribution
+ # @return [Boolean]
attr_accessor :proposal_email_lock
+ # @return [Boolean]
attr_accessor :locked
+ # @return [String]
attr_accessor :publish_timestamp
+ # @return [String]
attr_accessor :sharing_group_id
+ # @return [Boolean]
attr_accessor :disable_correlation
+ # @return [String]
attr_accessor :event_creator_email
+ # @return [MISP::Org, nil]
attr_accessor :org
+ # @return [MISP::Orgc, nil]
attr_accessor :orgc
+ # @return [Array<MISP::SharingGroup>]
attr_accessor :sharing_groups
+ # @return [Array<MISP::Attribute>]
attr_accessor :attributes
+ # @return [Array<MISP::Attribute>]
attr_accessor :shadow_attributes
+ # @return [Array<MISP::Event>]
attr_accessor :related_events
+ # @return [Array<<MISP::Galaxy>]
attr_accessor :galaxies
+ # @return [Array<<MISP::Tag>]
attr_accessor :tags
def initialize(**attrs)
attrs = normalize_attributes(attrs)
@@ -62,10 +88,15 @@
@related_events = build_plural_attribute(items: attrs.dig(:RelatedEvent), klass: Attribute)
@galaxies = build_plural_attribute(items: attrs.dig(:Galaxy), klass: Galaxy)
@tags = build_plural_attribute(items: attrs.dig(:Tag), klass: Tag)
end
+ #
+ # Returns a hash representation of the attribute data.
+ #
+ # @return [Hash]
+ #
def to_h
compact(
id: id,
orgc_id: orgc_id,
org_id: org_id,
@@ -93,83 +124,127 @@
Galaxy: galaxies.map(&:to_h),
Tag: tags.map(&:to_h)
)
end
+ #
+ # Get an event
+ #
+ # @return [MISP::Event]
+ #
def get(id)
- _get("/events/#{id}") { |event| Event.new symbolize_keys(event) }
+ _get("/events/#{id}") { |event| Event.new event }
end
- def self.get(id)
- new.get id
- end
-
+ #
+ # Create an event
+ #
+ # @param [Hash] **attrs attributes
+ #
+ # @return [MISP::Event]
+ #
def create(**attrs)
payload = to_h.merge(attrs)
- _post("/events/add", wrap(payload)) { |event| Event.new symbolize_keys(event) }
+ _post("/events/add", wrap(payload)) { |event| Event.new event }
end
- def self.create(**attrs)
- new.create attrs
- end
-
+ #
+ # Delete an event
+ #
+ # @return [Hash]
+ #
def delete
_delete("/events/#{id}") { |json| json }
end
- def self.delete(id)
- new(id: id).delete
- end
-
+ #
+ # List events
+ #
+ # @return [Array<MISP::Event>]
+ #
def list
_get("/events/index") do |events|
events.map do |event|
- Event.new symbolize_keys(event)
+ Event.new event
end
end
end
- def self.list
- new.list
- end
-
+ #
+ # Update an event
+ #
+ # @return [MISP::Event]
+ #
def update(**attrs)
payload = to_h.merge(attrs)
payload[:timestamp] = nil
- _post("/events/#{id}", wrap(payload)) { |event| Event.new symbolize_keys(event) }
+ _post("/events/#{id}", wrap(payload)) { |event| Event.new event }
end
- def self.update(id, **attrs)
- new(id: id).update attrs
- end
-
+ #
+ # Search for events
+ #
+ # @return [Array<MISP::Event>]
+ #
def search(**params)
base = {
returnFormat: "json",
limit: "100",
page: "0"
}
_post("/events/restSearch", base.merge(params)) do |json|
- events = json.dig("response") || []
- events.map { |event| Event.new symbolize_keys(event) }
+ events = json.dig(:response) || []
+ events.map { |event| Event.new event }
end
end
- def self.search(**params)
- new.search params
- end
-
+ #
+ # Add an attribute to an event. Requires an update or create call afterwards.
+ #
+ # @return [MISP::Event]
+ #
def add_attribute(attribute)
- attribute = Attribute.new(symbolize_keys(attribute)) unless attribute.is_a?(Attribute)
+ attribute = Attribute.new(attribute) unless attribute.is_a?(Attribute)
attributes << attribute
self
end
+ #
+ # Add a tag to an event. Requires an update or create call afterwards.
+ #
+ # @return [MISP::Event]
+ #
def add_tag(tag)
- tag = Tag.new(symbolize_keys(tag)) unless tag.is_a?(MISP::Tag)
+ tag = Tag.new(tag) unless tag.is_a?(MISP::Tag)
tags << tag
self
+ end
+
+ class << self
+ def get(id)
+ new.get id
+ end
+
+ def create(**attrs)
+ new.create attrs
+ end
+
+ def delete(id)
+ new(id: id).delete
+ end
+
+ def list
+ new.list
+ end
+
+ def update(id, **attrs)
+ new(id: id).update attrs
+ end
+
+ def search(**params)
+ new.search params
+ end
end
private
def compact(hash)