Skip to content

Instantly share code, notes, and snippets.

@GambitK
Last active August 29, 2015 14:17
Show Gist options
  • Save GambitK/b4dba6b3e1475da6ea42 to your computer and use it in GitHub Desktop.
Save GambitK/b4dba6b3e1475da6ea42 to your computer and use it in GitHub Desktop.
require 'logger'
require 'json'
require 'httpclient'
require 'uri'
require 'pp'
SDK_VERSION = '0.02'
API_VERSION = 'v2'
class Client
attr_accessor :remote, :token, :no_verify_ssl, :log, :handle,
:query, :submit, :logger, :config_path, :columns, :submission, :search_id
def initialize params = {}
params.each { |key, value| send "#{key}=", value }
@handle = HTTPClient.new(:agent_name => 'rb-cif-sdk/' + SDK_VERSION)
unless @verify_ssl
@handle.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
@headers = {
'Accept' => 'application/vnd.cif.v' + API_VERSION + '+json',
'Authorization' => 'Token token=' + params['token'].to_s,
'Content-Type' => 'application/json',
'User-Agent' => 'cif-sdk-ruby/' + SDK_VERSION
}
end
def _make_request(uri='',type='get',params={})
case type
when 'get'
self.logger.debug { "uri: " + @remote + "#{uri}" }
self.logger.debug { "params: #{params}" }
uri = URI(@remote + uri)
res = @handle.get(uri,params, @headers)
when 'put'
uri = URI(@remote)
self.logger.debug { "uri: #{uri}.to_s" }
res = @handle.post(uri,params['data'],@headers)
end
case res.status_code
when 200...299
return JSON.parse(res.body)
when 300...399
@logger.debug { "received: #{res.status_code}" }
when 400...401
@logger.warn { 'unauthorized, bad or missing token' }
when 404
@logger.warn { "invalid remote uri: #{uri}.to_s" }
when 500...600
@logger.fatal { 'router failure, contact administrator' }
end
return nil
end
def ping
start = Time.now()
rv = self._make_request(uri='/ping')
return nil unless(rv)
return (Time.now()-start)
end
def search(filters)
if filters['id']
res = self._make_request(uri="/observables/" + filters['id'],type='get')
else
res = self._make_request(uri="/observables",type='get',params=filters)
end
return res
end
def submit(data=nil)
# '{"observable":"example.com","confidence":"50",":tlp":"amber",
# "provider":"me.com","tags":["zeus","botnet"]}'
#data = JSON.generate(data) if data.is_a?(::Hash)
params = {
'data' => data
}
res = self._make_request(uri='/observables',type='put',params)
return nil unless(res)
return res
end
end
command = 'search'
logger = Logger.new(STDOUT)
#logger.level = logger::DEBUG
conf = {}
conf['logger'] = logger
conf['columns'] = ['reporttime','cc','confidence']
conf['config_path'] = ENV['HOME'] + '/.cif.yml'
conf['remote'] = 'https://10.0.0.19'
conf['token'] = 'bc6049e7c5d479db663e72cc3309dfe7d9dff7e734f7397d5886169ca8a9711d'
cif = Client.new(conf)
filters = {
'query' => '61.240.144.116',
'limit' => 1
}
result = cif.search(filters)
puts result.keys
This is the resulting data
{"tags"=>["suspicious", "rdata"], "firsttime"=>"2015-03-12T06:49:39Z", "id"=>"ecfc279764196b80283c90ceedfbe5c78489a1cb54796e24c31ac8f2b7608640", "related"=>"05afbd68e280d9682ec4bdffee124ea5bcb355cc628f9ef227c251248bdd62c0", "protocol"=>6, "otype"=>"fqdn", "provider"=>"spamhaus.org", "portlist"=>nil, "observable"=>"ns2.altairhost.com", "tlp"=>"amber", "group"=>["everyone"], "altid_tlp"=>"green", "altid"=>"http://www.spamhaus.org/query/dbl?domain=adoptionagenciesworld.com", "rdata"=>["ns1.altairhost.com"], "reporttime"=>"2015-03-12T06:49:35Z", "confidence"=>16.086, "lasttime"=>"2015-03-12T06:49:35Z", "application"=>nil, "lang"=>"EN", "rtype"=>"NS"}
this is the message where it says it returned an array:
ciflib.rb:108:in `<main>': undefined method `keys' for #<Array:0x000000032b81f0> (NoMethodError)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment