hachi 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/hachi.rb +1 -0
- data/lib/hachi/models/alert.rb +7 -20
- data/lib/hachi/models/artifact.rb +8 -2
- data/lib/hachi/models/base.rb +32 -0
- data/lib/hachi/models/case.rb +4 -15
- data/lib/hachi/version.rb +1 -1
- data/samples/01_create_an_alert.rb +17 -0
- data/samples/02_search_artifacts.rb +16 -0
- data/samples/03_list_cases.rb +16 -0
- metadata +5 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 87cd25193f5c029ffe10e1c1dffcd423c7fb33ee7b6de160774435e27addf39e
|
|
4
|
+
data.tar.gz: 517b92aa1ad86f6fe91256aa2c1f7ca17aa963c68d39cd0bc0801348e8df6c28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 571b2bfe288550645f5158a43a63170a4067c3ef66e2d0e1170d597548548b57fa91b5028476e453008cab0f4083fcf3b1688cacb6c0a570258df9bbd8ae0bcd
|
|
7
|
+
data.tar.gz: 5b55a9c1a62ec128b7ef5b73af436e77331c8bdb44ee40e21fbf228bc1216b63e36407938ba14973445b6f8f6fdc28ffa4404246490b62ca04c91fad3231ba6e
|
data/README.md
CHANGED
data/lib/hachi.rb
CHANGED
data/lib/hachi/models/alert.rb
CHANGED
|
@@ -5,7 +5,7 @@ require "securerandom"
|
|
|
5
5
|
|
|
6
6
|
module Hachi
|
|
7
7
|
module Models
|
|
8
|
-
class Alert
|
|
8
|
+
class Alert < Base
|
|
9
9
|
attr_reader :title
|
|
10
10
|
attr_reader :description
|
|
11
11
|
attr_reader :severity
|
|
@@ -30,13 +30,14 @@ module Hachi
|
|
|
30
30
|
@type = type
|
|
31
31
|
@source = source
|
|
32
32
|
@source_ref = source_ref || SecureRandom.hex(10)
|
|
33
|
-
@artifacts = artifacts
|
|
33
|
+
@artifacts = artifacts.nil? ? nil : artifacts.map { |a| Artifact.new a }
|
|
34
34
|
@follow = follow
|
|
35
35
|
|
|
36
36
|
validate_date if date
|
|
37
37
|
validate_severity if severity
|
|
38
38
|
validate_status if status
|
|
39
39
|
validate_tlp if tlp
|
|
40
|
+
validate_artifacts if artifacts
|
|
40
41
|
end
|
|
41
42
|
|
|
42
43
|
def payload
|
|
@@ -51,36 +52,22 @@ module Hachi
|
|
|
51
52
|
type: type,
|
|
52
53
|
source: source,
|
|
53
54
|
sourceRef: source_ref,
|
|
54
|
-
artifacts: artifacts,
|
|
55
|
+
artifacts: artifacts&.map(&:payload),
|
|
55
56
|
follow: follow
|
|
56
57
|
}.compact
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
private
|
|
60
61
|
|
|
61
|
-
def validate_severity
|
|
62
|
-
return true if severity >= 1 && severity <= 3
|
|
63
|
-
|
|
64
|
-
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
|
|
65
|
-
end
|
|
66
|
-
|
|
67
62
|
def validate_date
|
|
68
63
|
DateTime.parse(date)
|
|
69
64
|
true
|
|
70
65
|
rescue ArgumentError => _
|
|
71
|
-
raise ArgumentError, "date should be Date format
|
|
66
|
+
raise ArgumentError, "date should be Date format"
|
|
72
67
|
end
|
|
73
68
|
|
|
74
|
-
def
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
def validate_status
|
|
81
|
-
return true if %w(New Updated Ignored Imported).include?(status)
|
|
82
|
-
|
|
83
|
-
raise ArgumentError, "status should be New, Updated, Ignored or Imported"
|
|
69
|
+
def validate_artifacts
|
|
70
|
+
artifacts.each(&:validate_for_creation)
|
|
84
71
|
end
|
|
85
72
|
end
|
|
86
73
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Hachi
|
|
4
4
|
module Models
|
|
5
|
-
class Artifact
|
|
5
|
+
class Artifact < Base
|
|
6
6
|
DATA_TYPES = %w(filename file fqdn hash uri_path ip domain mail autonomous-system registry mail_subject regexp user-agent other url).freeze
|
|
7
7
|
|
|
8
8
|
attr_reader :data
|
|
@@ -21,7 +21,9 @@ module Hachi
|
|
|
21
21
|
raise(ArgumentError, "data is required") unless data
|
|
22
22
|
raise(ArgumentError, "data_type is required") unless data_type
|
|
23
23
|
raise(ArgumentError, "invalid data type") unless DATA_TYPES.include?(data_type)
|
|
24
|
-
|
|
24
|
+
|
|
25
|
+
validate_tags if tags
|
|
26
|
+
validate_tlp if tlp
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def payload
|
|
@@ -33,6 +35,10 @@ module Hachi
|
|
|
33
35
|
tags: tags
|
|
34
36
|
}.compact
|
|
35
37
|
end
|
|
38
|
+
|
|
39
|
+
def validate_for_creation
|
|
40
|
+
raise(ArgumentError, "message or tags is requried for artifact creation") unless message || tags
|
|
41
|
+
end
|
|
36
42
|
end
|
|
37
43
|
end
|
|
38
44
|
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Hachi
|
|
4
|
+
module Models
|
|
5
|
+
class Base
|
|
6
|
+
private
|
|
7
|
+
|
|
8
|
+
def validate_severity
|
|
9
|
+
return true if severity >= 1 && severity <= 3
|
|
10
|
+
|
|
11
|
+
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)"
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def validate_tlp
|
|
15
|
+
return true if tlp >= 0 && tlp <= 3
|
|
16
|
+
|
|
17
|
+
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def validate_status
|
|
21
|
+
return true if %w(New Updated Ignored Imported).include?(status)
|
|
22
|
+
|
|
23
|
+
raise ArgumentError, "status should be New, Updated, Ignored or Imported"
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
def validate_tags
|
|
28
|
+
raise ArgumentError, "tags should be an array" unless tags.is_a?(Array)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
data/lib/hachi/models/case.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Hachi
|
|
4
4
|
module Models
|
|
5
|
-
class Case
|
|
5
|
+
class Case < Base
|
|
6
6
|
attr_reader :title
|
|
7
7
|
attr_reader :description
|
|
8
8
|
attr_reader :severity
|
|
@@ -25,6 +25,7 @@ module Hachi
|
|
|
25
25
|
validate_flag if flag
|
|
26
26
|
validate_severity if severity
|
|
27
27
|
validate_start_date if start_date
|
|
28
|
+
validate_tags if tags
|
|
28
29
|
validate_tlp if tlp
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -43,29 +44,17 @@ module Hachi
|
|
|
43
44
|
|
|
44
45
|
private
|
|
45
46
|
|
|
46
|
-
def validate_severity
|
|
47
|
-
return true if severity >= 1 && severity <= 3
|
|
48
|
-
|
|
49
|
-
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
|
|
50
|
-
end
|
|
51
|
-
|
|
52
47
|
def validate_start_date
|
|
53
48
|
DateTime.parse(start_date)
|
|
54
49
|
true
|
|
55
50
|
rescue ArgumentError => _
|
|
56
|
-
raise ArgumentError, "date should be Date format
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def validate_tlp
|
|
60
|
-
return true if tlp >= 0 && severity <= 3
|
|
61
|
-
|
|
62
|
-
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
|
|
51
|
+
raise ArgumentError, "date should be Date format"
|
|
63
52
|
end
|
|
64
53
|
|
|
65
54
|
def validate_flag
|
|
66
55
|
return true if [true, false].include?(flag)
|
|
67
56
|
|
|
68
|
-
raise ArgumentError, "flag should be true or false
|
|
57
|
+
raise ArgumentError, "flag should be true or false"
|
|
69
58
|
end
|
|
70
59
|
end
|
|
71
60
|
end
|
data/lib/hachi/version.rb
CHANGED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# create a simple alert
|
|
10
|
+
api.alert.create(title: "test", description: "test", type: "test", source: "test")
|
|
11
|
+
|
|
12
|
+
# create an alert with artifacts
|
|
13
|
+
artifacts = [
|
|
14
|
+
{ data: "1.1.1.1", data_type: "ip", message: "test" },
|
|
15
|
+
{ data: "github.com", data_type: "domain", tags: ["test"] }
|
|
16
|
+
]
|
|
17
|
+
api.alert.create(title: "test", description: "test", type: "test", source: "test", artifacts: artifacts)
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# search artifacts
|
|
10
|
+
results = api.artifact.search(data: "1.1.1.1", data_type: "ip")
|
|
11
|
+
ids = results.map { |result| result.dig("id") }
|
|
12
|
+
|
|
13
|
+
ids.each do |id|
|
|
14
|
+
artifact = api.artifact.get_by_id(id)
|
|
15
|
+
p artifact
|
|
16
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
+
|
|
5
|
+
require "hachi"
|
|
6
|
+
|
|
7
|
+
api = Hachi::API.new
|
|
8
|
+
|
|
9
|
+
# list up cases
|
|
10
|
+
results = api.case.list
|
|
11
|
+
ids = results.map { |result| result.dig("id") }
|
|
12
|
+
|
|
13
|
+
ids.each do |id|
|
|
14
|
+
kase = api.case.get_by_id(id)
|
|
15
|
+
p kase
|
|
16
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hachi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
@@ -119,8 +119,12 @@ files:
|
|
|
119
119
|
- lib/hachi/clients/case.rb
|
|
120
120
|
- lib/hachi/models/alert.rb
|
|
121
121
|
- lib/hachi/models/artifact.rb
|
|
122
|
+
- lib/hachi/models/base.rb
|
|
122
123
|
- lib/hachi/models/case.rb
|
|
123
124
|
- lib/hachi/version.rb
|
|
125
|
+
- samples/01_create_an_alert.rb
|
|
126
|
+
- samples/02_search_artifacts.rb
|
|
127
|
+
- samples/03_list_cases.rb
|
|
124
128
|
homepage: https://github.com/ninoseki/hachi
|
|
125
129
|
licenses:
|
|
126
130
|
- MIT
|