rubrik_polaris.radar package

Submodules

rubrik_polaris.radar.anomaly module

Collection of methods for analysis.

rubrik_polaris.radar.anomaly.get_analysis_status(self, activity_series_id, cluster_id)

Retrieve the analysis status result.

Parameters
  • activity_series_id – The ID of the Polaris Event Series.

  • cluster_id – Cluster UUID for analysis.

Returns

Dictionary containing download link

Return type

dict

Raises

RequestException – If the query to Polaris returned an error

rubrik_polaris.radar.csv module

Collection of methods to obtain csv results.

rubrik_polaris.radar.csv.get_csv_result(self, cluster_id, snapshot_id, snappable_id)

Retrieve the download link for the Radar CSV analyzed file .

Parameters
  • cluster_id (str) – Cluster ID for analysis.

  • snapshot_id (str) – Snapshot ID for analysis.

  • snappable_id (str) – Snappable(Object) ID for analysis.

Returns

Dictionary containing download link

Return type

dict

Raises
  • ValueError – If input is invalid

  • RequestException – If the query to Polaris returned an error

rubrik_polaris.radar.ioc module

rubrik_polaris.radar.ioc.trigger_ioc_scan(self, object_ids: Union[str, List[str]], cluster_id: str, indicators_of_compromise: Union[dict, list], scan_name: Optional[str] = None, max_matches_per_snapshot: Optional[int] = None, snapshot_scan_limit: Optional[dict] = None, maximum_file_size_to_scan: Optional[int] = None, minimum_file_size_to_scan: Optional[int] = None, path_to_include: Optional[Union[str, List[str]]] = None, path_to_exclude: Optional[Union[str, List[str]]] = None, path_to_exempt: Optional[Union[str, List[str]]] = None, requested_hash_types: Optional[Union[str, List[str]]] = None)

Triggers an Radar IOC scan on multiple systems for specified IOC’s in a cluster.

Parameters
  • object_ids (str|list) – ID/ID’s of objects to scan.

  • cluster_id (str) – Cluster ID on which to run the IOC scan.

  • indicators_of_compromise (dict|list) – Indicators to scan for. Provide a single object or list of objects of type IndicatorOfCompromiseInput.

  • scan_name (str) – Name of the scan to trigger.

  • max_matches_per_snapshot (int) – Maximum number of matches per snapshot, per IOC. Scanning for an IOC within a snapshot will terminate once this many matches have been detected.

  • snapshot_scan_limit (dict) – Limit which snapshots to include in the malware scan. Provide input object of type MalwareScanSnapshotLimitInput

  • maximum_file_size_to_scan (int) – Maximum size of file in bytes that will be included in scan.

  • minimum_file_size_to_scan (int) – Minimum size of file in bytes that will be included in scan.

  • path_to_include (str|list) – Paths that will be included in the scan.

  • path_to_exclude (str|list) – Paths that will be excluded from the scan.

  • path_to_exempt (str|list) – Paths that will be exempted from exclusion in the scan.

  • requested_hash_types (str|list) – HashType type enum value.

Returns

Dictionary containing the scan results

Return type

dict

Raises
  • ValueError – If input is invalid

  • RequestException – If the query to Polaris returned an error

rubrik_polaris.radar.ioc.get_ioc_scan_list(self, cluster_id)

Get the list of Radar IOC scans on a cluster.

Parameters

cluster_id (str) – Cluster ID whose IOC scans are to be listed.

Returns

Dictionary containing the list of IOC scans

Return type

dict

Raises
  • ValueError – If input is invalid

  • RequestException – If the query to Polaris returned an error

rubrik_polaris.radar.ioc.get_ioc_scan_result(self, scan_id: str, cluster_id: str)

Retrieve the results of a Radar IOC scan.

Parameters
  • scan_id (str) – IOC scan ID.

  • cluster_id (str) – Cluster ID on which IOC scan was ran.

Returns

Dictionary containing the scan results

Return type

dict

Raises
  • ValueError – If input is invalid

  • RequestException – If the query to Polaris returned an error

Module contents

Collection of functions that interact with Ransomware primitives.