class OTX::Domain
Public Instance Methods
count_nids_list(domain, pda)
click to toggle source
Tallies total NIDS
rules linked to a domain
@param domain [String] Domain
to check for NIDS
rules @param pda [Array] Passive DNS objects to check for linked NIDS
rules @return [Integer] Total number of NIDS
rules
# File lib/otx_ruby/domain.rb, line 97 def count_nids_list(domain, pda) grant_access = self.instance_variable_get('@key') ip_object = OTX::IP.new(grant_access) total = 0 pda.each do |pdr| nids_list = ip_object.get_nids_list(pdr.address) total += nids_list.count end return total end
get_general(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 3 def get_general(domain) uri = "/api/v1/indicators/domain/#{domain}/general" json_data = get(uri) general = OTX::Indicator::IP::General.new(json_data) return general end
get_geo(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 13 def get_geo(domain) uri = "/api/v1/indicators/domain/#{domain}/geo" json_data = get(uri) geo = OTX::Indicator::IP::Geo.new(json_data) return geo end
get_malware(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 23 def get_malware(domain) uri = "/api/v1/indicators/domain/#{domain}/malware" malwares = [] params = {} begin json_data = get(uri, params) page = json_data['next'] params = URI::decode_www_form(URI(page).query).to_h unless page.nil? malwares += json_data['data'] end while page && !json_data['data'].empty? results = [] malwares.each do |malware| results << OTX::Indicator::IP::Malware.new(malware) end return results end
get_passive_dns(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 67 def get_passive_dns(domain) uri = "/api/v1/indicators/domain/#{domain}/passive_dns" json_data = get(uri) results = [] json_data['passive_dns'].each do |dns| results << OTX::Indicator::IP::DNS.new(dns) end return results end
get_url_list(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 45 def get_url_list(domain) uri = "/api/v1/indicators/domain/#{domain}/url_list" page = 0 url_list = [] begin page += 1 params = {limit: 20, page: page} json_data = get(uri, params) has_next = json_data['has_next'] url_list += json_data['url_list'] end while has_next results = [] url_list.each do |url| results << OTX::Indicator::IP::URL.new(url) end return results end
whois(domain)
click to toggle source
# File lib/otx_ruby/domain.rb, line 80 def whois(domain) uri = "/api/v1/indicators/domain/#{domain}/whois" json_data = get(uri) whois = OTX::Indicator::IP::Whois.new(json_data) return whois end