hachi 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (22) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +53 -0
  3. data/.rspec +3 -0
  4. data/.travis.yml +7 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +82 -0
  8. data/Rakefile +6 -0
  9. data/bin/console +14 -0
  10. data/bin/setup +8 -0
  11. data/hachi.gemspec +33 -0
  12. data/lib/hachi/api.rb +18 -0
  13. data/lib/hachi/clients/alert.rb +40 -0
  14. data/lib/hachi/clients/artifact.rb +48 -0
  15. data/lib/hachi/clients/base.rb +104 -0
  16. data/lib/hachi/clients/case.rb +52 -0
  17. data/lib/hachi/models/alert.rb +87 -0
  18. data/lib/hachi/models/artifact.rb +38 -0
  19. data/lib/hachi/models/case.rb +72 -0
  20. data/lib/hachi/version.rb +5 -0
  21. data/lib/hachi.rb +18 -0
  22. metadata +147 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a94e022e1b2936129782ed6b1fbe367da78f1b6438473f9f0caa0491eb717dcc
4
+ data.tar.gz: 5d676f455886a20254fdb8763be410dcd3dd66c618688a2b9c68d20840b67a1f
5
+ SHA512:
6
+ metadata.gz: 872f23c2706dab7b0cd866ac36e7f6fd9fe6d9fbcaa2cb773c8c2391aeb354d09fb515056dc81aae47be0461dcc78832e4bf36efb704df0322753c63e4bda6e8
7
+ data.tar.gz: 00636aae8a8b8a1eb080bc804a85ffb5ee6584a0932e8508d696a5c46e8644a4193ce2b20bcad6bf1248f4cb1a891af13acf0ef69234ebaa81155d45c6f00fc5
data/.gitignore ADDED
@@ -0,0 +1,53 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+
52
+ # RSpec
53
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.1
7
+ before_install: gem install bundler -v 2.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in hachi.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Manabu Niseki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,82 @@
1
+ # Hachi
2
+
3
+ [![Build Status](https://travis-ci.org/ninoseki/hachi.svg?branch=master)](https://travis-ci.org/ninoseki/hachi)
4
+ [![Coverage Status](https://coveralls.io/repos/github/ninoseki/hachi/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/hachi?branch=master)
5
+
6
+ Hachi(`蜂`) is a dead simple [TheHive](https://github.com/TheHive-Project/TheHive) API wrapper for Ruby.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ gem install hachi
12
+ ```
13
+
14
+ ## Usage
15
+
16
+ ```ruby
17
+ require "hachi"
18
+
19
+ # when given nothing, it tries to load your API key from ENV["THEHIVE_API_KEY"] & API endpoint from ENV["THEHIVE_API_ENDPOINT"]
20
+ api = Hachi::API.new
21
+ # or you can set them manually
22
+ api = Hachi::API.new(api_endpoint: "http://your_api_endpoint", api_key: "yoru_api_key")
23
+
24
+ # list alerts
25
+ api.alert.list
26
+
27
+ # search atrifacts
28
+ api.artifact.search(data: "1.1.1.1", data_type: "ip")
29
+ ```
30
+
31
+ ## Implemented methods
32
+
33
+ ### Alert
34
+
35
+ | HTTP Method | URI | Action | API method |
36
+ |-------------|-----------------------------------|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
37
+ | GET | /api/alert | List alerts | `#api.alert.list` |
38
+ | POST | /api/alert/_search | Find alerts | N/A |
39
+ | PATCH | /api/alert/_bulk | Update alerts in bulk | N/A |
40
+ | POST | /api/alert/_stats | Compute stats on alerts | N/A |
41
+ | POST | /api/alert | Create an alert | `#api.alert.create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)` |
42
+ | GET | /api/alert/:alertId | Get an alert | `#api.alert.get_by_id(id)` |
43
+ | PATCH | /api/alert/:alertId | Update an alert | N/A |
44
+ | DELETE | /api/alert/:alertId | Delete an alert | `#api.alert.delete_by_id(id)` |
45
+ | POST | /api/alert/:alertId/markAsRead | Mark an alert as read | N/A |
46
+ | POST | /api/alert/:alertId/markAsUnread | Mark an alert as unread | N/A |
47
+ | POST | /api/alert/:alertId/createCase | Create a case from an alert | N/A |
48
+ | POST | /api/alert/:alertId/follow | Follow an alert | N/A |
49
+ | POST | /api/alert/:alertId/unfollow | Unfollow an alert | N/A |
50
+ | POST | /api/alert/:alertId/merge/:caseId | Merge an alert in a case | N/A |
51
+
52
+ ### Artifact(Observable)
53
+
54
+ | HTTP Method | URI | Action | API method |
55
+ |-------------|----------------------------------------|---------------------------------|---------------------------------------------------------------------------------------|
56
+ | POST | /api/case/artifact/_search | Find observables | `#api.artifact.search(data:, date_type:)` |
57
+ | POST | /api/case/artifact/_stats | Compute stats on observables | N/A |
58
+ | POST | /api/case/:caseId/artifact | Create an observable | `#api.artifact.create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)` |
59
+ | GET | /api/case/artifact/:artifactId | Get an observable | `#api.artifact.get_by_id(id)` |
60
+ | DELETE | /api/case/artifact/:artifactId | Remove an observable | `#api.artifact.delete_by_id(id)` |
61
+ | PATCH | /api/case/artifact/:artifactId | Update an observable | N/A |
62
+ | GET | /api/case/artifact/:artifactId/similar | Get list of similar observables | N/A |
63
+ | PATCH | /api/case/artifact/_bulk | Update observables in bulk | N/A |
64
+
65
+ ### Case
66
+
67
+ | HTTP Method | URI | Action | API method |
68
+ |-------------|------------------------------------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------|
69
+ | GET | /api/case | List cases | `#api.case.list` |
70
+ | POST | /api/case/_search | Find cases | `#api.case.search(query)` |
71
+ | PATCH | /api/case/_bulk | Update cases in bulk | N/A |
72
+ | POST | /api/case/_stats | Compute stats on cases | N/A |
73
+ | POST | /api/case | Create a case | `#api.case.create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)` |
74
+ | GET | /api/case/:caseId | Get a case | `#api.case.get_by_id(id)` |
75
+ | PATCH | /api/case/:caseId | Update a case | N/A |
76
+ | DELETE | /api/case/:caseId | Remove a case | `#api.case.delete_by_id(id)` |
77
+ | GET | /api/case/:caseId/links | Get list of cases linked to this case | N/A |
78
+ | POST | /api/case/:caseId1/_merge/:caseId2 | Merge two cases | N/A |
79
+
80
+ ## License
81
+
82
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "hachi"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/hachi.gemspec ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "hachi/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "hachi"
9
+ spec.version = Hachi::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
+
13
+ spec.summary = "A dead simple TheHive API wrapper."
14
+ spec.description = "A dead simple TheHive API wrapper."
15
+ spec.homepage = "https://github.com/ninoseki/hachi"
16
+ spec.license = "MIT"
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_development_dependency "bundler", "~> 2.0"
28
+ spec.add_development_dependency "coveralls", "~> 0.8"
29
+ spec.add_development_dependency "rake", "~> 12.3"
30
+ spec.add_development_dependency "rspec", "~> 3.8"
31
+ spec.add_development_dependency "vcr", "~> 4.0"
32
+ spec.add_development_dependency "webmock", "~> 3.5"
33
+ end
data/lib/hachi/api.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ class API
5
+ attr_reader :alert
6
+ attr_reader :artifact
7
+ attr_reader :case
8
+
9
+ def initialize(api_endpoint: ENV["THEHIVE_API_ENDPOINT"], api_key: ENV["THEHIVE_API_KEY"])
10
+ raise(ArgumentError, "api_endpoint argument is required") unless api_endpoint
11
+ raise(ArgumentError, "api_key argument is required") unless api_key
12
+
13
+ @alert = Clients::Alert.new(api_endpoint: api_endpoint, api_key: api_key)
14
+ @artifact = Clients::Artifact.new(api_endpoint: api_endpoint, api_key: api_key)
15
+ @case = Clients::Case.new(api_endpoint: api_endpoint, api_key: api_key)
16
+ end
17
+ end
18
+ end
data/lib/hachi/clients/alert.rb ADDED
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "date"
4
+ require "securerandom"
5
+
6
+ module Hachi
7
+ module Clients
8
+ class Alert < Base
9
+ def list
10
+ get("/api/alert") { |json| json }
11
+ end
12
+
13
+ def get_by_id(id)
14
+ get("/api/alert/#{id}") { |json| json }
15
+ end
16
+
17
+ def delete_by_id(id)
18
+ delete("/api/alert/#{id}") { |json| json }
19
+ end
20
+
21
+ def create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)
22
+ alert = Models::Alert.new(
23
+ title: title,
24
+ description: description,
25
+ severity: severity,
26
+ date: date,
27
+ tags: tags,
28
+ tlp: tlp,
29
+ status: status,
30
+ type: type,
31
+ source: source,
32
+ source_ref: source_ref,
33
+ artifacts: artifacts,
34
+ follow: follow
35
+ )
36
+ post("/api/alert", alert.payload) { |json| json }
37
+ end
38
+ end
39
+ end
40
+ end
data/lib/hachi/clients/artifact.rb ADDED
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Clients
5
+ class Artifact < Base
6
+ def create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)
7
+ artifact = Models::Artifact.new(
8
+ data: data,
9
+ data_type: data_type,
10
+ message: message,
11
+ tlp: tlp,
12
+ tags: tags
13
+ )
14
+
15
+ post("/api/case/#{case_id}/artifact", artifact.payload) { |json| json }
16
+ end
17
+
18
+ def get_by_id(id)
19
+ get("/api/case/artifact/#{id}") { |json| json }
20
+ end
21
+
22
+ def delete_by_id(id)
23
+ delete("/api/case/artifact/#{id}") { |json| json }
24
+ end
25
+
26
+ def search(data:, data_type:)
27
+ artifact = Models::Artifact.new(data: data, data_type: data_type)
28
+ payload = {
29
+ query: {
30
+ _and:
31
+ [
32
+ { _field: "data", _value: artifact.data },
33
+ { _field: "dataType", _value: artifact.data_type },
34
+ { _and:
35
+ [
36
+ { _not: { status: "Deleted" } },
37
+ { _not:
38
+ { _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
39
+ ] }
40
+ ]
41
+ }
42
+ }
43
+
44
+ post("/api/case/artifact/_search?range=all", payload) { |json| json }
45
+ end
46
+ end
47
+ end
48
+ end
data/lib/hachi/clients/base.rb ADDED
@@ -0,0 +1,104 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "json"
4
+ require "net/https"
5
+
6
+ module Hachi
7
+ module Clients
8
+ class Base
9
+ attr_reader :api_endpoint
10
+ attr_reader :api_key
11
+
12
+ def initialize(api_endpoint:, api_key:)
13
+ @api_endpoint = URI(api_endpoint)
14
+ @api_key = api_key
15
+ end
16
+
17
+ private
18
+
19
+ def base_url
20
+ "#{api_endpoint.scheme}://#{api_endpoint.hostname}:#{api_endpoint.port}"
21
+ end
22
+
23
+ def url_for(path)
24
+ URI(base_url + path)
25
+ end
26
+
27
+ def https_options
28
+ return nil if api_endpoint.scheme != "https"
29
+
30
+ if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"]
31
+ uri = URI(proxy)
32
+ {
33
+ proxy_address: uri.hostname,
34
+ proxy_port: uri.port,
35
+ proxy_from_env: false,
36
+ use_ssl: true
37
+ }
38
+ else
39
+ { use_ssl: true }
40
+ end
41
+ end
42
+
43
+ def http_options
44
+ if proxy = ENV["HTTP_PROXY"] || ENV["http_proxy"]
45
+ uri = URI(proxy)
46
+ {
47
+ proxy_address: uri.hostname,
48
+ proxy_port: uri.port,
49
+ proxy_from_env: false,
50
+ }
51
+ else
52
+ {}
53
+ end
54
+ end
55
+
56
+ def parse_body(body)
57
+ JSON.parse body.to_s
58
+ rescue JSON::ParserError => _
59
+ body.to_s
60
+ end
61
+
62
+ def request(req)
63
+ Net::HTTP.start(api_endpoint.hostname, api_endpoint.port, https_options || http_options) do |http|
64
+ response = http.request(req)
65
+ json = parse_body(response.body)
66
+
67
+ raise(Error, "Unsupported response code returned: #{response.code} (#{json&.dig('message')})" ) unless response.code.start_with? "20"
68
+
69
+ yield json
70
+ end
71
+ end
72
+
73
+ def get(path, params = {}, &block)
74
+ url = url_for(path)
75
+ url.query = URI.encode_www_form(params) unless params.empty?
76
+
77
+ get = Net::HTTP::Get.new(url)
78
+ get.add_field "Authorization", "Bearer #{api_key}"
79
+ request(get, &block)
80
+ end
81
+
82
+ def post(path, params = {}, &block)
83
+ url = url_for(path)
84
+
85
+ post = Net::HTTP::Post.new(url)
86
+ post.body = params.is_a?(Hash) ? params.to_json : params.to_s
87
+
88
+ post.add_field "Content-Type", "application/json"
89
+ post.add_field "Authorization", "Bearer #{api_key}"
90
+
91
+ request(post, &block)
92
+ end
93
+
94
+ def delete(path, params = {}, &block)
95
+ url = url_for(path)
96
+ url.query = URI.encode_www_form(params) unless params.empty?
97
+
98
+ delete = Net::HTTP::Delete.new(url)
99
+ delete.add_field "Authorization", "Bearer #{api_key}"
100
+ request(delete, &block)
101
+ end
102
+ end
103
+ end
104
+ end
data/lib/hachi/clients/case.rb ADDED
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Clients
5
+ class Case < Base
6
+ def list
7
+ get("/api/case") { |json| json }
8
+ end
9
+
10
+ def get_by_id(id)
11
+ get("/api/case/#{id}") { |json| json }
12
+ end
13
+
14
+ def delete_by_id(id)
15
+ delete("/api/case/#{id}") { |json| json }
16
+ end
17
+
18
+ def create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)
19
+ kase = Models::Case.new(
20
+ title: title,
21
+ description: description,
22
+ severity: severity,
23
+ start_date: start_date,
24
+ owner: owner,
25
+ flag: flag,
26
+ tlp: tlp,
27
+ tags: tags
28
+ )
29
+
30
+ post("/api/case", kase.payload) { |json| json }
31
+ end
32
+
33
+ def search(query)
34
+ payload = {
35
+ query: {
36
+ _and:
37
+ [
38
+ { string: query },
39
+ { _and:
40
+ [
41
+ { _not: { status: "Deleted" } },
42
+ { _not:
43
+ { _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
44
+ ] }
45
+ ]
46
+ }
47
+ }
48
+ post("/api/case/_search?range=all", payload) { |json| json }
49
+ end
50
+ end
51
+ end
52
+ end
data/lib/hachi/models/alert.rb ADDED
@@ -0,0 +1,87 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "date"
4
+ require "securerandom"
5
+
6
+ module Hachi
7
+ module Models
8
+ class Alert
9
+ attr_reader :title
10
+ attr_reader :description
11
+ attr_reader :severity
12
+ attr_reader :date
13
+ attr_reader :tags
14
+ attr_reader :tlp
15
+ attr_reader :status
16
+ attr_reader :type
17
+ attr_reader :source
18
+ attr_reader :source_ref
19
+ attr_reader :artifacts
20
+ attr_reader :follow
21
+
22
+ def initialize(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)
23
+ @title = title
24
+ @description = description
25
+ @severity = severity
26
+ @date = date
27
+ @tags = tags
28
+ @tlp = tlp
29
+ @status = status
30
+ @type = type
31
+ @source = source
32
+ @source_ref = source_ref || SecureRandom.hex(10)
33
+ @artifacts = artifacts
34
+ @follow = follow
35
+
36
+ validate_date if date
37
+ validate_severity if severity
38
+ validate_status if status
39
+ validate_tlp if tlp
40
+ end
41
+
42
+ def payload
43
+ {
44
+ title: title,
45
+ description: description,
46
+ severity: severity,
47
+ date: date,
48
+ tags: tags,
49
+ tlp: tlp,
50
+ status: status,
51
+ type: type,
52
+ source: source,
53
+ sourceRef: source_ref,
54
+ artifacts: artifacts,
55
+ follow: follow
56
+ }.compact
57
+ end
58
+
59
+ private
60
+
61
+ def validate_severity
62
+ return true if severity >= 1 && severity <= 3
63
+
64
+ raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
65
+ end
66
+
67
+ def validate_date
68
+ DateTime.parse(date)
69
+ true
70
+ rescue ArgumentError => _
71
+ raise ArgumentError, "date should be Date format."
72
+ end
73
+
74
+ def validate_tlp
75
+ return true if tlp >= 0 && severity <= 3
76
+
77
+ raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
78
+ end
79
+
80
+ def validate_status
81
+ return true if %w(New Updated Ignored Imported).include?(status)
82
+
83
+ raise ArgumentError, "status should be New, Updated, Ignored or Imported"
84
+ end
85
+ end
86
+ end
87
+ end
data/lib/hachi/models/artifact.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Models
5
+ class Artifact
6
+ DATA_TYPES = %w(filename file fqdn hash uri_path ip domain mail autonomous-system registry mail_subject regexp user-agent other url).freeze
7
+
8
+ attr_reader :data
9
+ attr_reader :data_type
10
+ attr_reader :message
11
+ attr_reader :tlp
12
+ attr_reader :tags
13
+
14
+ def initialize(data:, data_type:, message: nil, tlp: nil, tags: nil)
15
+ @data = data
16
+ @data_type = data_type
17
+ @message = message
18
+ @tlp = tlp
19
+ @tags = tags
20
+
21
+ raise(ArgumentError, "data is required") unless data
22
+ raise(ArgumentError, "data_type is required") unless data_type
23
+ raise(ArgumentError, "invalid data type") unless DATA_TYPES.include?(data_type)
24
+ raise(ArgumentError, "tags should be an array") unless tags.nil? || tags.is_a?(Array)
25
+ end
26
+
27
+ def payload
28
+ {
29
+ data: data,
30
+ dataType: data_type,
31
+ message: message,
32
+ tlp: tlp,
33
+ tags: tags
34
+ }.compact
35
+ end
36
+ end
37
+ end
38
+ end
data/lib/hachi/models/case.rb ADDED
@@ -0,0 +1,72 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ module Models
5
+ class Case
6
+ attr_reader :title
7
+ attr_reader :description
8
+ attr_reader :severity
9
+ attr_reader :start_date
10
+ attr_reader :owner
11
+ attr_reader :flag
12
+ attr_reader :tlp
13
+ attr_reader :tags
14
+
15
+ def initialize(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)
16
+ @title = title
17
+ @description = description
18
+ @severity = severity
19
+ @start_date = start_date
20
+ @owner = owner
21
+ @flag = flag
22
+ @tlp = tlp
23
+ @tags = tags
24
+
25
+ validate_flag if flag
26
+ validate_severity if severity
27
+ validate_start_date if start_date
28
+ validate_tlp if tlp
29
+ end
30
+
31
+ def payload
32
+ {
33
+ title: title,
34
+ description: description,
35
+ severity: severity,
36
+ startDate: start_date,
37
+ owner: owner,
38
+ flag: flag,
39
+ tlp: tlp,
40
+ tags: tags
41
+ }.compact
42
+ end
43
+
44
+ private
45
+
46
+ def validate_severity
47
+ return true if severity >= 1 && severity <= 3
48
+
49
+ raise ArgumentError, "severity should be 1 - 3 (1: low; 2: medium; 3: high)."
50
+ end
51
+
52
+ def validate_start_date
53
+ DateTime.parse(start_date)
54
+ true
55
+ rescue ArgumentError => _
56
+ raise ArgumentError, "date should be Date format."
57
+ end
58
+
59
+ def validate_tlp
60
+ return true if tlp >= 0 && severity <= 3
61
+
62
+ raise ArgumentError, "tlp should be 0 - 3 (0: white; 1: green; 2: amber; 3: red)."
63
+ end
64
+
65
+ def validate_flag
66
+ return true if [true, false].include?(flag)
67
+
68
+ raise ArgumentError, "flag should be true or false."
69
+ end
70
+ end
71
+ end
72
+ end
data/lib/hachi/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Hachi
4
+ VERSION = "0.1.0"
5
+ end
data/lib/hachi.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "hachi/version"
4
+
5
+ require "hachi/api"
6
+
7
+ require "hachi/models/alert"
8
+ require "hachi/models/artifact"
9
+ require "hachi/models/case"
10
+
11
+ require "hachi/clients/base"
12
+ require "hachi/clients/alert"
13
+ require "hachi/clients/artifact"
14
+ require "hachi/clients/case"
15
+
16
+ module Hachi
17
+ class Error < StandardError; end
18
+ end
metadata ADDED
@@ -0,0 +1,147 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hachi
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Manabu Niseki
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-04-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: coveralls
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.8'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.8'
69
+ - !ruby/object:Gem::Dependency
70
+ name: vcr
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '4.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '4.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: webmock
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.5'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.5'
97
+ description: A dead simple TheHive API wrapper.
98
+ email:
99
+ - manabu.niseki@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - ".gitignore"
105
+ - ".rspec"
106
+ - ".travis.yml"
107
+ - Gemfile
108
+ - LICENSE.txt
109
+ - README.md
110
+ - Rakefile
111
+ - bin/console
112
+ - bin/setup
113
+ - hachi.gemspec
114
+ - lib/hachi.rb
115
+ - lib/hachi/api.rb
116
+ - lib/hachi/clients/alert.rb
117
+ - lib/hachi/clients/artifact.rb
118
+ - lib/hachi/clients/base.rb
119
+ - lib/hachi/clients/case.rb
120
+ - lib/hachi/models/alert.rb
121
+ - lib/hachi/models/artifact.rb
122
+ - lib/hachi/models/case.rb
123
+ - lib/hachi/version.rb
124
+ homepage: https://github.com/ninoseki/hachi
125
+ licenses:
126
+ - MIT
127
+ metadata: {}
128
+ post_install_message:
129
+ rdoc_options: []
130
+ require_paths:
131
+ - lib
132
+ required_ruby_version: !ruby/object:Gem::Requirement
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ required_rubygems_version: !ruby/object:Gem::Requirement
138
+ requirements:
139
+ - - ">="
140
+ - !ruby/object:Gem::Version
141
+ version: '0'
142
+ requirements: []
143
+ rubygems_version: 3.0.2
144
+ signing_key:
145
+ specification_version: 4
146
+ summary: A dead simple TheHive API wrapper.
147
+ test_files: []