Remove IOK functions and live matches due to API changes

Example/Program.cs

@@ -1,5 +1,4 @@
 using System;
-using System.Linq;
 using System.Threading.Tasks;
 using PhishReport;
 
@@ -15,41 +14,23 @@ public static async Task Main()
             Console.WriteLine("Instructions on how to obtain this are in the Github repository.");
 
             string key = Console.ReadLine();
-
-            Console.WriteLine();
-
             Client = new(key);
 
-            Console.WriteLine($"> Starting a phishing takedown");
+            Console.WriteLine($"\n> Starting a phishing takedown");
             PhishingTakedown takedown1 = await Client.CreateTakedown("https://156890f.com/Login/index");
             Console.WriteLine($"ID: {takedown1.Id}");
             Console.WriteLine($"URL: {takedown1.Url}");
 
-            Console.WriteLine();
-            Console.WriteLine($"> Getting a phishing takedown");
+            Console.WriteLine($"\n> Getting a phishing takedown");
             PhishingTakedown takedown2 = await Client.GetTakedown("case_4ExZCRk3PAh");
             Console.WriteLine($"ID: {takedown2.Id}");
             Console.WriteLine($"URL: {takedown2.Url}");
 
-            Console.WriteLine();
-            Console.WriteLine($"> Getting the latest Indicator of Kit (IOK) matches");
-            IokMatch[] matches = await Client.GetIokMatches();
-            Console.WriteLine($"Received {matches.Length} matches from the following indicators: {string.Join(", ", matches.Select(x => x.IndicatorId).Distinct())}");
-
-            Console.WriteLine();
-            Console.WriteLine($"> Getting IOK matches of a scan");
+            Console.WriteLine($"\n> Getting IOK matches of a scan");
             string[] scanMatches = await Client.GetIokMatches("4a0809fd-c30c-4d29-9c72-660980e53860");
             Console.WriteLine($"Scan matches the following indicators ({scanMatches.Length}): {string.Join(", ", scanMatches)}");
 
-            Console.WriteLine();
-            Console.WriteLine("> Polling for new Indicator of Kit (IOK) matches at 1 minute intervals");
-            Client.IokMatched += (sender, match) =>
-            {
-                Console.WriteLine($"{match.IndicatorId} match on {match.Url}, source: https://urlscan.io/result/{match.UrlscanUuid}/");
-            };
-
-            Console.WriteLine();
-            Console.WriteLine("Demo finished");
+            Console.WriteLine("\nDemo finished");
             Console.ReadKey();
         }
     }

PhishReport/NuGet.md

@@ -32,11 +32,12 @@ Need more examples? Under the `Example` directory you can find a working demo pr
 - Extensive **XML documentation**
 - **No external dependencies** (makes use of built-in `HttpClient` and `JsonSerializer`)
 - **Custom exceptions** (`PhishReportException`) for easy debugging
+- Example project to demonstrate all capabilities of the library
 
 ## Features
 - Create phishing takedowns
 - Fetch existing reported cases
-- Process newly created [Indicator of Kit](https://phish.report/IOK/) matches
+- Evaluate Urlscan results for [Indicator of Kit](https://phish.report/IOK/) matches
 
 ## Code Samples
 

PhishReport/PhishReport.cs

@@ -4,7 +4,6 @@
 using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
-using Timer = System.Timers.Timer;
 
 namespace PhishReport
 {
@@ -25,27 +24,6 @@ public class PhishReportClient
             DefaultRequestVersion = Constants.HttpVersion
         };
 
-        private EventHandler<IokMatch> IoKHandler;
-        /// <summary>
-        /// Triggers whenever a new scan on Urlscan matches one of the kit indicators.
-        /// </summary>
-        public event EventHandler<IokMatch> IokMatched
-        {
-            add
-            {
-                IoKHandler += value;
-                if (IoKHandler.GetInvocationList().Length == 1) StartPolling();
-            }
-            remove
-            {
-                IoKHandler -= value;
-                if (IoKHandler is null || IoKHandler.GetInvocationList().Length == 0) StopPolling();
-            }
-        }
-
-        private IokMatch[] LastIokMatches;
-        private Timer IokTimer;
-
         /// <summary>
         /// Create a new instance of the Phish.Report client.
         /// </summary>
@@ -98,23 +76,6 @@ public async Task<PhishingTakedown> GetTakedown(string id)
             return await res.Deseralize<PhishingTakedown>();
         }
 
-        /// <summary>
-        /// Get the Indicator of Kit matches for a specific page, the latest one is loaded by default.
-        /// <para>Learn more about IoK: <a href="https://phish.report/IOK/">https://phish.report/IOK/</a></para>
-        /// </summary>
-        /// <param name="page">The index of a page that you want to get.</param>
-        /// <returns>An array of <see cref="IokMatch"/> with the requested Indicator of Kit matches, ordered by their submission date.</returns>
-        /// <exception cref="PhishReportException"></exception>
-        /// <exception cref="ArgumentOutOfRangeException"></exception>
-        public async Task<IokMatch[]> GetIokMatches(int page = 1)
-        {
-            if (page < 0) throw new ArgumentOutOfRangeException(nameof(page), "IoK page cannot be a negative value.");
-
-            HttpResponseMessage res = await Client.Request(HttpMethod.Get, $"iok/matches{(page == 1 ? "" : $"?page={page}")}");
-
-            return (await res.Deseralize<IokMatchContainer>()).Matches;
-        }
-
         /// <summary>
         /// Get IOK matches of an existing Urlscan result.
         /// <para>
@@ -154,54 +115,5 @@ public async Task<string[]> GetIokMatches(string uuid)
 
             return Constants.IokIndicatorRegex.Matches(messageBody).Select(match => match.Groups.Values.Last().Value).ToArray();
         }
-
-        /// <summary>
-        /// Start polling Indicator of Kit for new matches.
-        /// </summary>
-        private async void StartPolling()
-        {
-            if (IokTimer is null)
-            {
-                IokTimer = new()
-                {
-                    Interval = Constants.IoKPollInterval
-                };
-
-                IokTimer.Elapsed += async (o, e) => await PollIoK();
-            }
-
-            IokTimer.Start();
-
-            LastIokMatches = await GetIokMatches();
-        }
-
-        /// <summary>
-        /// Stop polling Indicator of Kit for new matches.
-        /// </summary>
-        private void StopPolling()
-        {
-            if (IokTimer is null) return;
-
-            IokTimer.Stop();
-            LastIokMatches = null;
-        }
-
-        /// <summary>
-        /// Poll Indicator of Kit to find new Indicator of Kit matches and trigger event handlers.
-        /// </summary>
-        private async Task PollIoK()
-        {
-            IokMatch[] found;
-            IokMatch[] matches = await GetIokMatches();
-
-            if (LastIokMatches is null) found = matches;
-            else found = matches.Where(match => LastIokMatches.All(last => match.UrlscanUuid != last.UrlscanUuid)).ToArray();
-
-            LastIokMatches = matches;
-
-            found = found.OrderBy(match => Constants.LowPriorityIndicators.Contains(match.IndicatorId)).ToArray();
-
-            foreach (IokMatch match in found) IoKHandler.Invoke(this, match);
-        }
     }
 }

README.md

@@ -36,11 +36,12 @@ Need more examples? Under the `Example` directory you can find a working demo pr
 - Extensive **XML documentation**
 - **No external dependencies** (makes use of built-in `HttpClient` and `JsonSerializer`)
 - **Custom exceptions** (`PhishReportException`) for easy debugging
+- Example project to demonstrate all capabilities of the library
 
 ## Features
 - Create phishing takedowns
 - Fetch existing reported cases
-- Process newly created [Indicator of Kit](https://phish.report/IOK/) matches
+- Evaluate Urlscan results for [Indicator of Kit](https://phish.report/IOK/) matches
 
 ## Code Samples