Intel471Ex.Reports (intel471_ex v0.1.0)

Functions for working with various report types from the Intel 471 Titan API.

Summary

Functions

Search breach alerts using filter criteria.

Get a single report by UID.

Get a breach alert by UID.

Search malware intelligence reports.

Search information reports using filter criteria.

Search situation reports using filter criteria.

Search spot reports using filter criteria.

Functions

breach_alerts(params \\ %{})

@spec breach_alerts(map()) :: {:ok, map()} | {:error, any()}

Search breach alerts using filter criteria.

Parameters

  • params: A map of query parameters for filtering breach alerts
    • :breachAlert - Free text reports search
    • :actor - Search by actor or actor group names
    • :victim - Search by victim
    • :confidence - Search by confidence level

Examples

iex> Intel471Ex.Reports.breach_alerts(%{breachAlert: "Communications"})
{:ok, %{"breach_alerts_total_count" => 2337, "breach_alerts" => [...]}}

get(uid)

@spec get(String.t()) :: {:ok, map()} | {:error, any()}

Get a single report by UID.

Parameters

  • uid: The unique identifier of the report

Examples

iex> Intel471Ex.Reports.get("32537c9c6dce18ce6ea4d5106540f089")
{:ok, %{...}}

get_breach_alert(uid)

@spec get_breach_alert(String.t()) :: {:ok, map()} | {:error, any()}

Get a breach alert by UID.

Parameters

  • uid: The unique identifier of the breach alert

Examples

iex> Intel471Ex.Reports.get_breach_alert("8c5e0e87e683c62bb0a50baeff732152")
{:ok, %{...}}

malware_reports(params \\ %{})

@spec malware_reports(map()) :: {:ok, map()} | {:error, any()}

Search malware intelligence reports.

Parameters

  • params: A map of query parameters for filtering malware reports
    • :malwareReport - Free text malware reports search
    • :threatType - Search by threat type
    • :malwareFamily - Search by malware family

Examples

iex> Intel471Ex.Reports.malware_reports(%{malwareFamily: "lokibot"})
{:ok, %{"malwareReportTotalCount" => 52, "malwareReports" => [...]}}

search(params \\ %{})

@spec search(map()) :: {:ok, map()} | {:error, any()}

Search information reports using filter criteria.

Parameters

  • params: A map of query parameters for filtering reports
    • :report - Search text in reports, subjects, and entities
    • :reportLocation - Search reports by country or region
    • :reportTag - Search reports by tag
    • :reportTitle - Search reports by title
    • :victim - Search reports by purported victim
    • :documentType - Search reports by document type
    • :gir - Search by General Intel Requirements
    • :from - Search data starting from given creation time
    • :until - Search data ending before given creation time

Examples

iex> Intel471Ex.Reports.search(%{report: "ransomware"})
{:ok, %{"reportTotalCount" => 28, "reports" => [...]}}

situation_reports(params \\ %{})

@spec situation_reports(map()) :: {:ok, map()} | {:error, any()}

Search situation reports using filter criteria.

Parameters

  • params: A map of query parameters for filtering situation reports
    • :situationReport - Free text reports search
    • :victim - Search by purported victim
    • :gir - Search by General Intel Requirements

Examples

iex> Intel471Ex.Reports.situation_reports(%{situationReport: "malware"})
{:ok, %{"situationReportsTotalCount" => 11, "situationReports" => [...]}}

spot_reports(params \\ %{})

@spec spot_reports(map()) :: {:ok, map()} | {:error, any()}

Search spot reports using filter criteria.

Parameters

  • params: A map of query parameters for filtering spot reports
    • :spotReport - Free text reports search
    • :victim - Search by purported victim
    • :gir - Search by General Intel Requirements

Examples

iex> Intel471Ex.Reports.spot_reports(%{spotReport: "malware"})
{:ok, %{"spotReportsTotalCount" => 123, "spotReports" => [...]}}