rubrik_polaris.radar package¶
Submodules¶
rubrik_polaris.radar.anomaly module¶
Collection of methods for analysis.
-
rubrik_polaris.radar.anomaly.
get_analysis_status
(self, activity_series_id, cluster_id)¶ Retrieve the analysis status result.
- Parameters
activity_series_id – The ID of the Polaris Event Series.
cluster_id – Cluster UUID for analysis.
- Returns
Dictionary containing download link
- Return type
dict
- Raises
RequestException – If the query to Polaris returned an error
rubrik_polaris.radar.csv module¶
Collection of methods to obtain csv results.
-
rubrik_polaris.radar.csv.
get_csv_result
(self, cluster_id, snapshot_id, snappable_id)¶ Retrieve the download link for the Radar CSV analyzed file .
- Parameters
cluster_id (str) – Cluster ID for analysis.
snapshot_id (str) – Snapshot ID for analysis.
snappable_id (str) – Snappable(Object) ID for analysis.
- Returns
Dictionary containing download link
- Return type
dict
- Raises
ValueError – If input is invalid
RequestException – If the query to Polaris returned an error
rubrik_polaris.radar.ioc module¶
-
rubrik_polaris.radar.ioc.
trigger_ioc_scan
(self, object_ids: Union[str, List[str]], cluster_id: str, indicators_of_compromise: Union[dict, list], scan_name: Optional[str] = None, max_matches_per_snapshot: Optional[int] = None, snapshot_scan_limit: Optional[dict] = None, maximum_file_size_to_scan: Optional[int] = None, minimum_file_size_to_scan: Optional[int] = None, path_to_include: Optional[Union[str, List[str]]] = None, path_to_exclude: Optional[Union[str, List[str]]] = None, path_to_exempt: Optional[Union[str, List[str]]] = None, requested_hash_types: Optional[Union[str, List[str]]] = None)¶ Triggers an Radar IOC scan on multiple systems for specified IOC’s in a cluster.
- Parameters
object_ids (str|list) – ID/ID’s of objects to scan.
cluster_id (str) – Cluster ID on which to run the IOC scan.
indicators_of_compromise (dict|list) – Indicators to scan for. Provide a single object or list of objects of type IndicatorOfCompromiseInput.
scan_name (str) – Name of the scan to trigger.
max_matches_per_snapshot (int) – Maximum number of matches per snapshot, per IOC. Scanning for an IOC within a snapshot will terminate once this many matches have been detected.
snapshot_scan_limit (dict) – Limit which snapshots to include in the malware scan. Provide input object of type MalwareScanSnapshotLimitInput
maximum_file_size_to_scan (int) – Maximum size of file in bytes that will be included in scan.
minimum_file_size_to_scan (int) – Minimum size of file in bytes that will be included in scan.
path_to_include (str|list) – Paths that will be included in the scan.
path_to_exclude (str|list) – Paths that will be excluded from the scan.
path_to_exempt (str|list) – Paths that will be exempted from exclusion in the scan.
requested_hash_types (str|list) – HashType type enum value.
- Returns
Dictionary containing the scan results
- Return type
dict
- Raises
ValueError – If input is invalid
RequestException – If the query to Polaris returned an error
-
rubrik_polaris.radar.ioc.
get_ioc_scan_list
(self, cluster_id)¶ Get the list of Radar IOC scans on a cluster.
- Parameters
cluster_id (str) – Cluster ID whose IOC scans are to be listed.
- Returns
Dictionary containing the list of IOC scans
- Return type
dict
- Raises
ValueError – If input is invalid
RequestException – If the query to Polaris returned an error
-
rubrik_polaris.radar.ioc.
get_ioc_scan_result
(self, scan_id: str, cluster_id: str)¶ Retrieve the results of a Radar IOC scan.
- Parameters
scan_id (str) – IOC scan ID.
cluster_id (str) – Cluster ID on which IOC scan was ran.
- Returns
Dictionary containing the scan results
- Return type
dict
- Raises
ValueError – If input is invalid
RequestException – If the query to Polaris returned an error
Module contents¶
Collection of functions that interact with Ransomware primitives.