hachi 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +53 -0
  3. data/.rspec +3 -0
  4. data/.travis.yml +7 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +82 -0
  8. data/Rakefile +6 -0
  9. data/bin/console +14 -0
  10. data/bin/setup +8 -0
  11. data/hachi.gemspec +33 -0
  12. data/lib/hachi/api.rb +18 -0
  13. data/lib/hachi/clients/alert.rb +40 -0
  14. data/lib/hachi/clients/artifact.rb +48 -0
  15. data/lib/hachi/clients/base.rb +104 -0
  16. data/lib/hachi/clients/case.rb +52 -0
  17. data/lib/hachi/models/alert.rb +87 -0
  18. data/lib/hachi/models/artifact.rb +38 -0
  19. data/lib/hachi/models/case.rb +72 -0
  20. data/lib/hachi/version.rb +5 -0
  21. data/lib/hachi.rb +18 -0
  22. metadata +147 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a94e022e1b2936129782ed6b1fbe367da78f1b6438473f9f0caa0491eb717dcc
4
+ data.tar.gz: 5d676f455886a20254fdb8763be410dcd3dd66c618688a2b9c68d20840b67a1f
5
+ SHA512:
6
+ metadata.gz: 872f23c2706dab7b0cd866ac36e7f6fd9fe6d9fbcaa2cb773c8c2391aeb354d09fb515056dc81aae47be0461dcc78832e4bf36efb704df0322753c63e4bda6e8
7
+ data.tar.gz: 00636aae8a8b8a1eb080bc804a85ffb5ee6584a0932e8508d696a5c46e8644a4193ce2b20bcad6bf1248f4cb1a891af13acf0ef69234ebaa81155d45c6f00fc5
data/.gitignore ADDED
@@ -0,0 +1,53 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+
52
+ # RSpec
53
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.1
7
+ before_install: gem install bundler -v 2.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in hachi.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Manabu Niseki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,82 @@
1
+ # Hachi
2
+
3
+ [![Build Status](https://travis-ci.org/ninoseki/hachi.svg?branch=master)](https://travis-ci.org/ninoseki/hachi)
4
+ [![Coverage Status](https://coveralls.io/repos/github/ninoseki/hachi/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/hachi?branch=master)
5
+
6
+ Hachi(`蜂`) is a dead simple [TheHive](https://github.com/TheHive-Project/TheHive) API wrapper for Ruby.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ gem install hachi
12
+ ```
13
+
14
+ ## Usage
15
+
16
+ ```ruby
17
+ require "hachi"
18
+
19
+ # when given nothing, it tries to load your API key from ENV["THEHIVE_API_KEY"] & API endpoint from ENV["THEHIVE_API_ENDPOINT"]
20
+ api = Hachi::API.new
21
+ # or you can set them manually
22
+ api = Hachi::API.new(api_endpoint: "http://your_api_endpoint", api_key: "yoru_api_key")
23
+
24
+ # list alerts
25
+ api.alert.list
26
+
27
+ # search atrifacts
28
+ api.artifact.search(data: "1.1.1.1", data_type: "ip")
29
+ ```
30
+
31
+ ## Implemented methods
32
+
33
+ ### Alert
34
+
35
+ | HTTP Method | URI | Action | API method |
36
+ |-------------|-----------------------------------|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
37
+ | GET | /api/alert | List alerts | `#api.alert.list` |
38
+ | POST | /api/alert/_search | Find alerts | N/A |
39
+ | PATCH | /api/alert/_bulk | Update alerts in bulk | N/A |
40
+ | POST | /api/alert/_stats | Compute stats on alerts | N/A |
41
+ | POST | /api/alert | Create an alert | `#api.alert.create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)` |
42
+ | GET | /api/alert/:alertId | Get an alert | `#api.alert.get_by_id(id)` |
43
+ | PATCH | /api/alert/:alertId | Update an alert | N/A |
44
+ | DELETE | /api/alert/:alertId | Delete an alert | `#api.alert.delete_by_id(id)` |
45
+ | POST | /api/alert/:alertId/markAsRead | Mark an alert as read | N/A |
46
+ | POST | /api/alert/:alertId/markAsUnread | Mark an alert as unread | N/A |
47
+ | POST | /api/alert/:alertId/createCase | Create a case from an alert | N/A |
48
+ | POST | /api/alert/:alertId/follow | Follow an alert | N/A |
49
+ | POST | /api/alert/:alertId/unfollow | Unfollow an alert | N/A |
50
+ | POST | /api/alert/:alertId/merge/:caseId | Merge an alert in a case | N/A |
51
+
52
+ ### Artifact(Observable)
53
+
54
+ | HTTP Method | URI | Action | API method |
55
+ |-------------|----------------------------------------|---------------------------------|---------------------------------------------------------------------------------------|
56
+ | POST | /api/case/artifact/_search | Find observables | `#api.artifact.search(data:, date_type:)` |
57
+ | POST | /api/case/artifact/_stats | Compute stats on observables | N/A |
58
+ | POST | /api/case/:caseId/artifact | Create an observable | `#api.artifact.create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)` |
59
+ | GET | /api/case/artifact/:artifactId | Get an observable | `#api.artifact.get_by_id(id)` |
60
+ | DELETE | /api/case/artifact/:artifactId | Remove an observable | `#api.artifact.delete_by_id(id)` |
61
+ | PATCH | /api/case/artifact/:artifactId | Update an observable | N/A |
62
+ | GET | /api/case/artifact/:artifactId/similar | Get list of similar observables | N/A |
63
+ | PATCH | /api/case/artifact/_bulk | Update observables in bulk | N/A |
64
+
65
+ ### Case
66
+
67
+ | HTTP Method | URI | Action | API method |
68
+ |-------------|------------------------------------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------|
69
+ | GET | /api/case | List cases | `#api.case.list` |
70
+ | POST | /api/case/_search | Find cases | `#api.case.search(query)` |
71
+ | PATCH | /api/case/_bulk | Update cases in bulk | N/A |
72
+ | POST | /api/case/_stats | Compute stats on cases | N/A |
73
+ | POST | /api/case | Create a case | `#api.case.create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)` |
74
+ | GET | /api/case/:caseId | Get a case | `#api.case.get_by_id(id)` |
75
+ | PATCH | /api/case/:caseId | Update a case | N/A |
76
+ | DELETE | /api/case/:caseId | Remove a case | `#api.case.delete_by_id(id)` |
77
+ | GET | /api/case/:caseId/links | Get list of cases linked to this case | N/A |
78
+ | POST | /api/case/:caseId1/_merge/:caseId2 | Merge two cases | N/A |
79
+
80
+ ## License
81
+
82
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "hachi"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/hachi.gemspec ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "hachi/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "hachi"
9
+ spec.version = Hachi::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
+
13
+ spec.summary = "A dead simple TheHive API wrapper."
14
+ spec.description = "A dead simple TheHive API wrapper."
15
+ spec.homepage = "https://github.com/ninoseki/hachi"
16
+ spec.license = "MIT"
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_development_dependency "bundler", "~> 2.0"
28
+ spec.add_development_dependency "coveralls", "~> 0.8"
29
+ spec.add_development_dependency "rake", "~> 12.3"
30
+ spec.add_development_dependency "rspec", "~> 3.8"
31
+ spec.add_development_dependency "vcr", "~> 4.0"
32
+ spec.add_development_dependency "webmock", "~> 3.5"
33
+ end
data/lib/hachi/api.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ class API
5
+ attr_reader :alert
6
+ attr_reader :artifact
7
+ attr_reader :case
8
+
9
+ def initialize(api_endpoint: ENV["THEHIVE_API_ENDPOINT"], api_key: ENV["THEHIVE_API_KEY"])
10
+ raise(ArgumentError, "api_endpoint argument is required") unless api_endpoint
11
+ raise(ArgumentError, "api_key argument is required") unless api_key
12
+
13
+ @alert = Clients::Alert.new(api_endpoint: api_endpoint, api_key: api_key)
14
+ @artifact = Clients::Artifact.new(api_endpoint: api_endpoint, api_key: api_key)
15
+ @case = Clients::Case.new(api_endpoint: api_endpoint, api_key: api_key)
16
+ end
17
+ end
18
+ end
data/lib/hachi/clients/alert.rb ADDED
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "date"
4
+ require "securerandom"
5
+
6
+ module Hachi
7
+ module Clients
8
+ class Alert < Base
9
+ def list
10
+ get("/api/alert") { |json| json }
11
+ end
12
+
13
+ def get_by_id(id)
14
+ get("/api/alert/#{id}") { |json| json }
15
+ end
16
+
17
+ def delete_by_id(id)
18
+ delete("/api/alert/#{id}") { |json| json }
19
+ end
20
+
21
+ def create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)
22
+ alert = Models::Alert.new(
23
+ title: title,
24
+ description: description,
25
+ severity: severity,
26
+ date: date,
27
+ tags: tags,
28
+ tlp: tlp,
29
+ status: status,
30
+ type: type,
31
+ source: source,
32
+ source_ref: source_ref,
33
+ artifacts: artifacts,
34
+ follow: follow
35
+ )
36
+ post("/api/alert", alert.payload) { |json| json }
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/hachi/clients/artifact.rb ADDED
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Clients
5
+ class Artifact < Base
6
+ def create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)
7
+ artifact = Models::Artifact.new(
8
+ data: data,
9
+ data_type: data_type,
10
+ message: message,
11
+ tlp: tlp,
12
+ tags: tags
13
+ )
14
+
15
+ post("/api/case/#{case_id}/artifact", artifact.payload) { |json| json }
16
+ end
17
+
18
+ def get_by_id(id)
19
+ get("/api/case/artifact/#{id}") { |json| json }
20
+ end
21
+
22
+ def delete_by_id(id)
23
+ delete("/api/case/artifact/#{id}") { |json| json }
24
+ end
25
+
26
+ def search(data:, data_type:)
27
+ artifact = Models::Artifact.new(data: data, data_type: data_type)
28
+ payload = {
29
+ query: {
30
+ _and:
31
+ [
32
+ { _field: "data", _value: artifact.data },
33
+ { _field: "dataType", _value: artifact.data_type },
34
+ { _and:
35
+ [
36
+ { _not: { status: "Deleted" } },
37
+ { _not:
38
+ { _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
39
+ ] }
40
+ ]
41
+ }
42
+ }
43
+
44
+ post("/api/case/artifact/_search?range=all", payload) { |json| json }
45
+ end
46
+ end
47
+ end
48
+ end
data/lib/hachi/clients/base.rb ADDED
@@ -0,0 +1,104 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "json"
4
+ require "net/https"
5
+
6
+ module Hachi
7
+ module Clients
8
+ class Base
9
+ attr_reader :api_endpoint
10
+ attr_reader :api_key
11
+
12
+ def initialize(api_endpoint:, api_key:)
13
+ @api_endpoint = URI(api_endpoint)
14
+ @api_key = api_key
15
+ end
16
+
17
+ private
18
+
19
+ def base_url
20
+ "#{api_endpoint.scheme}://#{api_endpoint.hostname}:#{api_endpoint.port}"
21
+ end
22
+
23
+ def url_for(path)
24
+ URI(base_url + path)
25
+ end
26
+
27
+ def https_options
28
+ return nil if api_endpoint.scheme != "https"
29
+
30
+ if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"]
31
+ uri = URI(proxy)
32
+ {
33
+ proxy_address: uri.hostname,
34
+ proxy_port: uri.port,
35
+ proxy_from_env: false,
36
+ use_ssl: true
37
+ }
38
+ else
39
+ { use_ssl: true }
40
+ end
41
+ end
42
+
43
+ def http_options
44
+ if proxy = ENV["HTTP_PROXY"] || ENV["http_proxy"]
45
+ uri = URI(proxy)
46
+ {
47
+ proxy_address: uri.hostname,
48
+ proxy_port: uri.port,
49
+ proxy_from_env: false,
50
+ }
51
+ else
52
+ {}
53
+ end
54
+ end
55
+
56
+ def parse_body(body)
57
+ JSON.parse body.to_s
58
+ rescue JSON::ParserError => _
59
+ body.to_s
60
+ end
61
+
62
+ def request(req)
63
+ Net::HTTP.start(api_endpoint.hostname, api_endpoint.port, https_options || http_options) do |http|
64
+ response = http.request(req)
65
+ json = parse_body(response.body)
66
+
67
+ raise(Error, "Unsupported response code returned: #{response.code} (#{json&.dig('message')})" ) unless response.code.start_with? "20"
68
+
69
+ yield json
70
+ end
71
+ end
72
+
73
+ def get(path, params = {}, &block)
74
+ url = url_for(path)
75
+ url.query = URI.encode_www_form(params) unless params.empty?
76
+
77
+ get = Net::HTTP::Get.new(url)
78
+ get.add_field "Authorization", "Bearer #{api_key}"
79
+ request(get, &block)
80
+ end
81
+
82
+ def post(path, params = {}, &block)
83
+ url = url_for(path)
84
+
85
+ post = Net::HTTP::Post.new(url)
86
+ post.body = params.is_a?(Hash) ? params.to_json : params.to_s
87
+
88
+ post.add_field "Content-Type", "application/json"
89
+ post.add_field "Authorization", "Bearer #{api_key}"
90
+
91
+ request(post, &block)
92
+ end
93
+
94
+ def delete(path, params = {}, &block)
95
+ url = url_for(path)
96
+ url.query = URI.encode_www_form(params) unless params.empty?
97
+
98
+ delete = Net::HTTP::Delete.new(url)
99
+ delete.add_field "Authorization", "Bearer #{api_key}"
100
+ request(delete, &block)
101
+ end
102
+ end
103
+ end
104
+ end
data/lib/hachi/clients/case.rb ADDED
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Clients
5
+ class Case < Base
6
+ def list
7
+ get("/api/case") { |json| json }
8
+ end
9
+
10
+ def get_by_id(id)
11
+ get("/api/case/#{id}") { |json| json }
12
+ end
13
+
14
+ def delete_by_id(id)
15
+ delete("/api/case/#{id}") { |json| json }
16
+ end
17
+
18
+ def create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)
19
+ kase = Models::Case.new(
20
+ title: title,
21
+ description: description,
22
+ severity: severity,
23
+ start_date: start_date,
24
+ owner: owner,
25
+ flag: flag,
26
+ tlp: tlp,
27
+ tags: tags
28
+ )
29
+
30
+ post("/api/case", kase.payload) { |json| json }
31
+ end
32
+
33
+ def search(query)
34
+ payload = {
35
+ query: {
36
+ _and:
37
+ [
38
+ { string: query },
39
+ { _and:
40
+ [
41
+ { _not: { status: "Deleted" } },
42
+ { _not:
43
+ { _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
44
+ ] }
45
+ ]
46
+ }
47
+ }
48
+ post("/api/case/_search?range=all", payload) { |json| json }
49
+ end
50
+ end
51
+ end
52
+ end
data/lib/hachi/models/alert.rb ADDED
@@ -0,0 +1,87 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "date"
4
+ require "securerandom"
5
+
6
+ module Hachi
7
+ module Models
8
+ class Alert
9
+ attr_reader :title
10
+ attr_reader :description
11
+ attr_reader :severity
12
+ attr_reader :date
13
+ attr_reader :tags
14
+ attr_reader :tlp
15
+ attr_reader :status
16
+ attr_reader :type
17
+ attr_reader :source
18
+ attr_reader :source_ref
19
+ attr_reader :artifacts
20
+ attr_reader :follow
21
+
22
+ def initialize(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)
23
+ @title = title
24
+ @description = description
25
+ @severity = severity
26
+ @date = date
27
+ @tags = tags
28
+ @tlp = tlp
29
+ @status = status
30
+ @type = type
31
+ @source = source
32
+ @source_ref = source_ref || SecureRandom.hex(10)
33
+ @artifacts = artifacts
34
+ @follow = follow
35
+
36
+ validate_date if date
37
+ validate_severity if severity
38
+ validate_status if status
39
+ validate_tlp if tlp
40
+ end
41
+
42
+ def payload
43
+ {
44
+ title: title,
45
+ description: description,
46
+ severity: severity,
47
+ date: date,
48
+ tags: tags,
49
+ tlp: tlp,
50
+ status: status,
51
+ type: type,
52
+ source: source,
53
+ sourceRef: source_ref,
54
+ artifacts: artifacts,
55
+ follow: follow
56
+ }.compact
57
+ end
58
+
59
+ private
60
+
61
+ def validate_severity
62
+ return true if severity >= 1 && severity <= 3
63
+
64
+ raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
65
+ end
66
+
67
+ def validate_date
68
+ DateTime.parse(date)
69
+ true
70
+ rescue ArgumentError => _
71
+ raise ArgumentError, "date should be Date format."
72
+ end
73
+
74
+ def validate_tlp
75
+ return true if tlp >= 0 && severity <= 3
76
+
77
+ raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
78
+ end
79
+
80
+ def validate_status
81
+ return true if %w(New Updated Ignored Imported).include?(status)
82
+
83
+ raise ArgumentError, "status should be New, Updated, Ignored or Imported"
84
+ end
85
+ end
86
+ end
87
+ end
data/lib/hachi/models/artifact.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Models
5
+ class Artifact
6
+ DATA_TYPES = %w(filename file fqdn hash uri_path ip domain mail autonomous-system registry mail_subject regexp user-agent other url).freeze
7
+
8
+ attr_reader :data
9
+ attr_reader :data_type
10
+ attr_reader :message
11
+ attr_reader :tlp
12
+ attr_reader :tags
13
+
14
+ def initialize(data:, data_type:, message: nil, tlp: nil, tags: nil)
15
+ @data = data
16
+ @data_type = data_type
17
+ @message = message
18
+ @tlp = tlp
19
+ @tags = tags
20
+
21
+ raise(ArgumentError, "data is required") unless data
22
+ raise(ArgumentError, "data_type is required") unless data_type
23
+ raise(ArgumentError, "invalid data type") unless DATA_TYPES.include?(data_type)
24
+ raise(ArgumentError, "tags should be an array") unless tags.nil? || tags.is_a?(Array)
25
+ end
26
+
27
+ def payload
28
+ {
29
+ data: data,
30
+ dataType: data_type,
31
+ message: message,
32
+ tlp: tlp,
33
+ tags: tags
34
+ }.compact
35
+ end
36
+ end
37
+ end
38
+ end
data/lib/hachi/models/case.rb ADDED
@@ -0,0 +1,72 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Models
5
+ class Case
6
+ attr_reader :title
7
+ attr_reader :description
8
+ attr_reader :severity
9
+ attr_reader :start_date
10
+ attr_reader :owner
11
+ attr_reader :flag
12
+ attr_reader :tlp
13
+ attr_reader :tags
14
+
15
+ def initialize(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)
16
+ @title = title
17
+ @description = description
18
+ @severity = severity
19
+ @start_date = start_date
20
+ @owner = owner
21
+ @flag = flag
22
+ @tlp = tlp
23
+ @tags = tags
24
+
25
+ validate_flag if flag
26
+ validate_severity if severity
27
+ validate_start_date if start_date
28
+ validate_tlp if tlp
29
+ end
30
+
31
+ def payload
32
+ {
33
+ title: title,
34
+ description: description,
35
+ severity: severity,
36
+ startDate: start_date,
37
+ owner: owner,
38
+ flag: flag,
39
+ tlp: tlp,
40
+ tags: tags
41
+ }.compact
42
+ end
43
+
44
+ private
45
+
46
+ def validate_severity
47
+ return true if severity >= 1 && severity <= 3
48
+
49
+ raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
50
+ end
51
+
52
+ def validate_start_date
53
+ DateTime.parse(start_date)
54
+ true
55
+ rescue ArgumentError => _
56
+ raise ArgumentError, "date should be Date format."
57
+ end
58
+
59
+ def validate_tlp
60
+ return true if tlp >= 0 && severity <= 3
61
+
62
+ raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
63
+ end
64
+
65
+ def validate_flag
66
+ return true if [true, false].include?(flag)
67
+
68
+ raise ArgumentError, "flag should be true or false."
69
+ end
70
+ end
71
+ end
72
+ end
data/lib/hachi/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ VERSION = "0.1.0"
5
+ end
data/lib/hachi.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "hachi/version"
4
+
5
+ require "hachi/api"
6
+
7
+ require "hachi/models/alert"
8
+ require "hachi/models/artifact"
9
+ require "hachi/models/case"
10
+
11
+ require "hachi/clients/base"
12
+ require "hachi/clients/alert"
13
+ require "hachi/clients/artifact"
14
+ require "hachi/clients/case"
15
+
16
+ module Hachi
17
+ class Error < StandardError; end
18
+ end
metadata ADDED
@@ -0,0 +1,147 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hachi
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Manabu Niseki
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-04-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: coveralls
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.8'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.8'
69
+ - !ruby/object:Gem::Dependency
70
+ name: vcr
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '4.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '4.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: webmock
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.5'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.5'
97
+ description: A dead simple TheHive API wrapper.
98
+ email:
99
+ - manabu.niseki@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - ".gitignore"
105
+ - ".rspec"
106
+ - ".travis.yml"
107
+ - Gemfile
108
+ - LICENSE.txt
109
+ - README.md
110
+ - Rakefile
111
+ - bin/console
112
+ - bin/setup
113
+ - hachi.gemspec
114
+ - lib/hachi.rb
115
+ - lib/hachi/api.rb
116
+ - lib/hachi/clients/alert.rb
117
+ - lib/hachi/clients/artifact.rb
118
+ - lib/hachi/clients/base.rb
119
+ - lib/hachi/clients/case.rb
120
+ - lib/hachi/models/alert.rb
121
+ - lib/hachi/models/artifact.rb
122
+ - lib/hachi/models/case.rb
123
+ - lib/hachi/version.rb
124
+ homepage: https://github.com/ninoseki/hachi
125
+ licenses:
126
+ - MIT
127
+ metadata: {}
128
+ post_install_message:
129
+ rdoc_options: []
130
+ require_paths:
131
+ - lib
132
+ required_ruby_version: !ruby/object:Gem::Requirement
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ required_rubygems_version: !ruby/object:Gem::Requirement
138
+ requirements:
139
+ - - ">="
140
+ - !ruby/object:Gem::Version
141
+ version: '0'
142
+ requirements: []
143
+ rubygems_version: 3.0.2
144
+ signing_key:
145
+ specification_version: 4
146
+ summary: A dead simple TheHive API wrapper.
147
+ test_files: []