hachi 1.0.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +10 -13
- data/.gitignore +5 -1
- data/README.md +10 -84
- data/hachi.gemspec +7 -5
- data/lib/hachi/api.rb +31 -7
- data/lib/hachi/awrence/methods.rb +66 -0
- data/lib/hachi/clients/alert.rb +9 -119
- data/lib/hachi/clients/artifact.rb +3 -38
- data/lib/hachi/clients/base.rb +28 -26
- data/lib/hachi/clients/case.rb +9 -102
- data/lib/hachi/clients/observable.rb +53 -0
- data/lib/hachi/clients/query.rb +18 -0
- data/lib/hachi/clients/user.rb +6 -16
- data/lib/hachi/version.rb +1 -1
- data/lib/hachi.rb +15 -6
- metadata +45 -23
- data/lib/hachi/models/alert.rb +0 -63
- data/lib/hachi/models/artifact.rb +0 -40
- data/lib/hachi/models/base.rb +0 -31
- data/lib/hachi/models/case.rb +0 -54
- data/lib/hachi/models/user.rb +0 -36
- data/samples/01_create_an_alert.rb +0 -17
- data/samples/02_search_artifacts.rb +0 -16
- data/samples/03_list_cases.rb +0 -16
- data/samples/04_merge_alerts.rb +0 -17
data/lib/hachi/models/base.rb
DELETED
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Hachi
|
|
4
|
-
module Models
|
|
5
|
-
class Base
|
|
6
|
-
private
|
|
7
|
-
|
|
8
|
-
def validate_severity
|
|
9
|
-
return true if severity >= 1 && severity <= 3
|
|
10
|
-
|
|
11
|
-
raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def validate_tlp
|
|
15
|
-
return true if tlp >= 0 && tlp <= 3
|
|
16
|
-
|
|
17
|
-
raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)"
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def validate_status
|
|
21
|
-
return true if %w(New Updated Ignored Imported).include?(status)
|
|
22
|
-
|
|
23
|
-
raise ArgumentError, "status should be New, Updated, Ignored or Imported"
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def validate_tags
|
|
27
|
-
raise ArgumentError, "tags should be an array" unless tags.is_a?(Array)
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
end
|
data/lib/hachi/models/case.rb
DELETED
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Hachi
|
|
4
|
-
module Models
|
|
5
|
-
class Case < Base
|
|
6
|
-
attr_reader :title, :description, :severity, :start_date, :owner, :flag, :tlp, :tags
|
|
7
|
-
|
|
8
|
-
def initialize(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)
|
|
9
|
-
@title = title
|
|
10
|
-
@description = description
|
|
11
|
-
@severity = severity
|
|
12
|
-
@start_date = start_date
|
|
13
|
-
@owner = owner
|
|
14
|
-
@flag = flag
|
|
15
|
-
@tlp = tlp
|
|
16
|
-
@tags = tags
|
|
17
|
-
|
|
18
|
-
validate_flag if flag
|
|
19
|
-
validate_severity if severity
|
|
20
|
-
validate_start_date if start_date
|
|
21
|
-
validate_tags if tags
|
|
22
|
-
validate_tlp if tlp
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def payload
|
|
26
|
-
{
|
|
27
|
-
title: title,
|
|
28
|
-
description: description,
|
|
29
|
-
severity: severity,
|
|
30
|
-
startDate: start_date,
|
|
31
|
-
owner: owner,
|
|
32
|
-
flag: flag,
|
|
33
|
-
tlp: tlp,
|
|
34
|
-
tags: tags
|
|
35
|
-
}.compact
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
private
|
|
39
|
-
|
|
40
|
-
def validate_start_date
|
|
41
|
-
DateTime.parse(start_date)
|
|
42
|
-
true
|
|
43
|
-
rescue ArgumentError => _e
|
|
44
|
-
raise ArgumentError, "date should be Date format"
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def validate_flag
|
|
48
|
-
return true if [true, false].include?(flag)
|
|
49
|
-
|
|
50
|
-
raise ArgumentError, "flag should be true or false"
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
data/lib/hachi/models/user.rb
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Hachi
|
|
4
|
-
module Models
|
|
5
|
-
class User < Base
|
|
6
|
-
attr_reader :login, :name, :roles, :password
|
|
7
|
-
|
|
8
|
-
ROLES = %w(read write admin).freeze
|
|
9
|
-
|
|
10
|
-
def initialize(login:, name:, roles:, password:)
|
|
11
|
-
@login = login
|
|
12
|
-
@name = name
|
|
13
|
-
@roles = roles
|
|
14
|
-
@password = password
|
|
15
|
-
|
|
16
|
-
validate_roles
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def payload
|
|
20
|
-
{
|
|
21
|
-
login: login,
|
|
22
|
-
name: name,
|
|
23
|
-
roles: roles,
|
|
24
|
-
password: password
|
|
25
|
-
}.compact
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
private
|
|
29
|
-
|
|
30
|
-
def validate_roles
|
|
31
|
-
raise ArgumentError, "roles should be an array" unless roles.is_a?(Array)
|
|
32
|
-
raise ArgumentError, "role should be one of #{ROLES.join('.')}" unless roles.all? { |role| ROLES.include? role }
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
end
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
-
|
|
5
|
-
require "hachi"
|
|
6
|
-
|
|
7
|
-
api = Hachi::API.new
|
|
8
|
-
|
|
9
|
-
# create a simple alert
|
|
10
|
-
api.alert.create(title: "test", description: "test", type: "test", source: "test")
|
|
11
|
-
|
|
12
|
-
# create an alert with artifacts
|
|
13
|
-
artifacts = [
|
|
14
|
-
{ data: "1.1.1.1", data_type: "ip", message: "test" },
|
|
15
|
-
{ data: "github.com", data_type: "domain", tags: ["test"] }
|
|
16
|
-
]
|
|
17
|
-
api.alert.create(title: "test", description: "test", type: "test", source: "test", artifacts: artifacts)
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
-
|
|
5
|
-
require "hachi"
|
|
6
|
-
|
|
7
|
-
api = Hachi::API.new
|
|
8
|
-
|
|
9
|
-
# search artifacts
|
|
10
|
-
results = api.artifact.search(data: "1.1.1.1", data_type: "ip")
|
|
11
|
-
ids = results.map { |result| result.dig("id") }
|
|
12
|
-
|
|
13
|
-
ids.each do |id|
|
|
14
|
-
artifact = api.artifact.get_by_id(id)
|
|
15
|
-
p artifact
|
|
16
|
-
end
|
data/samples/03_list_cases.rb
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
-
|
|
5
|
-
require "hachi"
|
|
6
|
-
|
|
7
|
-
api = Hachi::API.new
|
|
8
|
-
|
|
9
|
-
# list up cases
|
|
10
|
-
results = api.case.list
|
|
11
|
-
ids = results.map { |result| result.dig("id") }
|
|
12
|
-
|
|
13
|
-
ids.each do |id|
|
|
14
|
-
kase = api.case.get_by_id(id)
|
|
15
|
-
p kase
|
|
16
|
-
end
|
data/samples/04_merge_alerts.rb
DELETED
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
|
4
|
-
|
|
5
|
-
require "hachi"
|
|
6
|
-
|
|
7
|
-
def api
|
|
8
|
-
@api ||= Hachi::API.new
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
description = ARGV[0].to_s
|
|
12
|
-
case_id = ARGV[1].to_s
|
|
13
|
-
|
|
14
|
-
alerts = api.alert.search(description: description)
|
|
15
|
-
alert_ids = alerts.map { |alert| alert.dig "id" }
|
|
16
|
-
|
|
17
|
-
api.alert.merge_into_case(alert_ids, case_id)
|