hachi 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/hachi.rb +1 -0
- data/lib/hachi/models/alert.rb +7 -20
- data/lib/hachi/models/artifact.rb +8 -2
- data/lib/hachi/models/base.rb +32 -0
- data/lib/hachi/models/case.rb +4 -15
- data/lib/hachi/version.rb +1 -1
- data/samples/01_create_an_alert.rb +17 -0
- data/samples/02_search_artifacts.rb +16 -0
- data/samples/03_list_cases.rb +16 -0
- metadata +5 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 87cd25193f5c029ffe10e1c1dffcd423c7fb33ee7b6de160774435e27addf39e
|
|
4
|
+
data.tar.gz: 517b92aa1ad86f6fe91256aa2c1f7ca17aa963c68d39cd0bc0801348e8df6c28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 571b2bfe288550645f5158a43a63170a4067c3ef66e2d0e1170d597548548b57fa91b5028476e453008cab0f4083fcf3b1688cacb6c0a570258df9bbd8ae0bcd
|
|
7
|
+
data.tar.gz: 5b55a9c1a62ec128b7ef5b73af436e77331c8bdb44ee40e21fbf228bc1216b63e36407938ba14973445b6f8f6fdc28ffa4404246490b62ca04c91fad3231ba6e
|
data/README.md
CHANGED
data/lib/hachi.rb
CHANGED
data/lib/hachi/models/alert.rb
CHANGED
|
@@ -5,7 +5,7 @@ require "securerandom"
|
|
|
5
5
|
|
|
6
6
|
module Hachi
|
|
7
7
|
module Models
|
|
8
|
-
class Alert
|
|
8
|
+
class Alert < Base
|
|
9
9
|
attr_reader :title
|
|
10
10
|
attr_reader :description
|
|
11
11
|
attr_reader :severity
|
|
@@ -30,13 +30,14 @@ module Hachi
|
|
|
30
30
|
@type = type
|
|
31
31
|
@source = source
|
|
32
32
|
@source_ref = source_ref || SecureRandom.hex(10)
|
|
33
|
-
@artifacts = artifacts
|
|
33
|
+
@artifacts = artifacts.nil? ? nil : artifacts.map { |a| Artifact.new a }
|
|
34
34
|
@follow = follow
|
|
35
35
|
|
|
36
36
|
validate_date if date
|
|
37
37
|
validate_severity if severity
|
|
38
38
|
validate_status if status
|
|
39
39
|
validate_tlp if tlp
|
|
40
|
+
validate_artifacts if artifacts
|
|
40
41
|
end
|
|
41
42
|
|
|
42
43
|
def payload
|
|
@@ -51,36 +52,22 @@ module Hachi
|
|
|
51
52
|
type: type,
|
|
52
53
|
source: source,
|
|
53
54
|
sourceRef: source_ref,
|
|
54
|
-
artifacts: artifacts,
|
|
55
|
+
artifacts: artifacts&.map(&:payload),
|
|
55
56
|
follow: follow
|
|
56
57
|
}.compact
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
private
|
|
60
61
|
|
|
61
|
-
def validate_severity
|
|
62
|
-
return true if severity >= 1 && severity <= 3
|
|
63
|
-
|
|
64
|
-
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
|
|
65
|
-
end
|
|
66
|
-
|
|
67
62
|
def validate_date
|
|
68
63
|
DateTime.parse(date)
|
|
69
64
|
true
|
|
70
65
|
rescue ArgumentError => _
|
|
71
|
-
raise ArgumentError, "date should be Date format
|
|
66
|
+
raise ArgumentError, "date should be Date format"
|
|
72
67
|
end
|
|
73
68
|
|
|
74
|
-
def
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
def validate_status
|
|
81
|
-
return true if %w(New Updated Ignored Imported).include?(status)
|
|
82
|
-
|
|
83
|
-
raise ArgumentError, "status should be New, Updated, Ignored or Imported"
|
|
69
|
+
def validate_artifacts
|
|
70
|
+
artifacts.each(&:validate_for_creation)
|
|
84
71
|
end
|
|
85
72
|
end
|
|
86
73
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Hachi
|
|
4
4
|
module Models
|
|
5
|
-
class Artifact
|
|
5
|
+
class Artifact < Base
|
|
6
6
|
DATA_TYPES = %w(filename file fqdn hash uri_path ip domain mail autonomous-system registry mail_subject regexp user-agent other url).freeze
|
|
7
7
|
|
|
8
8
|
attr_reader :data
|
|
@@ -21,7 +21,9 @@ module Hachi
|
|
|
21
21
|
raise(ArgumentError, "data is required") unless data
|
|
22
22
|
raise(ArgumentError, "data_type is required") unless data_type
|
|
23
23
|
raise(ArgumentError, "invalid data type") unless DATA_TYPES.include?(data_type)
|
|
24
|
-
|
|
24
|
+
|
|
25
|
+
validate_tags if tags
|
|
26
|
+
validate_tlp if tlp
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def payload
|
|
@@ -33,6 +35,10 @@ module Hachi
|
|
|
33
35
|
tags: tags
|
|
34
36
|
}.compact
|
|
35
37
|
end
|
|
38
|
+
|
|
39
|
+
def validate_for_creation
|
|
40
|
+
raise(ArgumentError, "message or tags is requried for artifact creation") unless message || tags
|
|
41
|
+
end
|
|
36
42
|
end
|
|
37
43
|
end
|
|
38
44
|
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Hachi
|
|
4
|
+
module Models
|
|
5
|
+
class Base
|
|
6
|
+
private
|
|
7
|
+
|
|
8
|
+
def validate_severity
|
|
9
|
+
return true if severity >= 1 && severity <= 3
|
|
10
|
+
|
|
11
|
+
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)"
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def validate_tlp
|
|
15
|
+
return true if tlp >= 0 && tlp <= 3
|
|
16
|
+
|
|
17
|
+
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def validate_status
|
|
21
|
+
return true if %w(New Updated Ignored Imported).include?(status)
|
|
22
|
+
|
|
23
|
+
raise ArgumentError, "status should be New, Updated, Ignored or Imported"
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
def validate_tags
|
|
28
|
+
raise ArgumentError, "tags should be an array" unless tags.is_a?(Array)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
data/lib/hachi/models/case.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Hachi
|
|
4
4
|
module Models
|
|
5
|
-
class Case
|
|
5
|
+
class Case < Base
|
|
6
6
|
attr_reader :title
|
|
7
7
|
attr_reader :description
|
|
8
8
|
attr_reader :severity
|
|
@@ -25,6 +25,7 @@ module Hachi
|
|
|
25
25
|
validate_flag if flag
|
|
26
26
|
validate_severity if severity
|
|
27
27
|
validate_start_date if start_date
|
|
28
|
+
validate_tags if tags
|
|
28
29
|
validate_tlp if tlp
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -43,29 +44,17 @@ module Hachi
|
|
|
43
44
|
|
|
44
45
|
private
|
|
45
46
|
|
|
46
|
-
def validate_severity
|
|
47
|
-
return true if severity >= 1 && severity <= 3
|
|
48
|
-
|
|
49
|
-
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
|
|
50
|
-
end
|
|
51
|
-
|
|
52
47
|
def validate_start_date
|
|
53
48
|
DateTime.parse(start_date)
|
|
54
49
|
true
|
|
55
50
|
rescue ArgumentError => _
|
|
56
|
-
raise ArgumentError, "date should be Date format
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def validate_tlp
|
|
60
|
-
return true if tlp >= 0 && severity <= 3
|
|
61
|
-
|
|
62
|
-
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
|
|
51
|
+
raise ArgumentError, "date should be Date format"
|
|
63
52
|
end
|
|
64
53
|
|
|
65
54
|
def validate_flag
|
|
66
55
|
return true if [true, false].include?(flag)
|
|
67
56
|
|
|
68
|
-
raise ArgumentError, "flag should be true or false
|
|
57
|
+
raise ArgumentError, "flag should be true or false"
|
|
69
58
|
end
|
|
70
59
|
end
|
|
71
60
|
end
|
data/lib/hachi/version.rb
CHANGED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# create a simple alert
|
|
10
|
+
api.alert.create(title: "test", description: "test", type: "test", source: "test")
|
|
11
|
+
|
|
12
|
+
# create an alert with artifacts
|
|
13
|
+
artifacts = [
|
|
14
|
+
{ data: "1.1.1.1", data_type: "ip", message: "test" },
|
|
15
|
+
{ data: "github.com", data_type: "domain", tags: ["test"] }
|
|
16
|
+
]
|
|
17
|
+
api.alert.create(title: "test", description: "test", type: "test", source: "test", artifacts: artifacts)
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# search artifacts
|
|
10
|
+
results = api.artifact.search(data: "1.1.1.1", data_type: "ip")
|
|
11
|
+
ids = results.map { |result| result.dig("id") }
|
|
12
|
+
|
|
13
|
+
ids.each do |id|
|
|
14
|
+
artifact = api.artifact.get_by_id(id)
|
|
15
|
+
p artifact
|
|
16
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# list up cases
|
|
10
|
+
results = api.case.list
|
|
11
|
+
ids = results.map { |result| result.dig("id") }
|
|
12
|
+
|
|
13
|
+
ids.each do |id|
|
|
14
|
+
kase = api.case.get_by_id(id)
|
|
15
|
+
p kase
|
|
16
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hachi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
@@ -119,8 +119,12 @@ files:
|
|
|
119
119
|
- lib/hachi/clients/case.rb
|
|
120
120
|
- lib/hachi/models/alert.rb
|
|
121
121
|
- lib/hachi/models/artifact.rb
|
|
122
|
+
- lib/hachi/models/base.rb
|
|
122
123
|
- lib/hachi/models/case.rb
|
|
123
124
|
- lib/hachi/version.rb
|
|
125
|
+
- samples/01_create_an_alert.rb
|
|
126
|
+
- samples/02_search_artifacts.rb
|
|
127
|
+
- samples/03_list_cases.rb
|
|
124
128
|
homepage: https://github.com/ninoseki/hachi
|
|
125
129
|
licenses:
|
|
126
130
|
- MIT
|