mihari 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/mihari/analyzers/base.rb +4 -4
- data/lib/mihari/emitters/slack.rb +2 -2
- data/lib/mihari/the_hive.rb +17 -2
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d2122f13495ae81a98410887ee84dd41cbe5dbea0cf70b28afac5943d899a543
|
|
4
|
+
data.tar.gz: '08b3eb468a8bb767990b3bea8d2b18950d4240611fec189a9ed4d6272ba84aab'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b98c1c679ab601b40f918be6eb3bb4ea1c80761abe79944b1c2111abb6eec87d430ffb5e7571591875ecabf631753cb428dab98ae11dfe7708ac87ea1f6c50f8
|
|
7
|
+
data.tar.gz: 4d6a0b87a14dbb6de755f623e6544743966b26101a49b7dc71a7c4604fb662a052c52071c638e7fdedfcd918bf783cb90cd46567e0f31a30e93322181942af4a
|
|
@@ -48,16 +48,16 @@ module Mihari
|
|
|
48
48
|
|
|
49
49
|
# @return [Array<Mihari::Artifact>]
|
|
50
50
|
def normalized_artifacts
|
|
51
|
-
artifacts.map do |artifact|
|
|
51
|
+
@normalized_artifacts ||= artifacts.map do |artifact|
|
|
52
52
|
artifact.is_a?(Artifact) ? artifact : Artifact.new(artifact)
|
|
53
53
|
end.select(&:valid?)
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
# @return [Array<Mihari::Artifact>]
|
|
57
57
|
def unique_artifacts
|
|
58
|
-
normalized_artifacts
|
|
59
|
-
|
|
60
|
-
|
|
58
|
+
return normalized_artifacts unless the_hive.valid?
|
|
59
|
+
|
|
60
|
+
the_hive.find_non_existing_artifacts(normalized_artifacts)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -125,11 +125,11 @@ module Mihari
|
|
|
125
125
|
end.flatten
|
|
126
126
|
end
|
|
127
127
|
|
|
128
|
-
def emit(title:, description:, artifacts:, tags:)
|
|
128
|
+
def emit(title:, description:, artifacts:, tags: [])
|
|
129
129
|
return if artifacts.empty?
|
|
130
130
|
|
|
131
131
|
attachments = to_attachments(artifacts)
|
|
132
|
-
tags
|
|
132
|
+
tags = ["N/A"] if tags.empty?
|
|
133
133
|
|
|
134
134
|
notifier = ::Slack::Notifier.new(slack_webhook_url, channel: slack_channel)
|
|
135
135
|
notifier.post(text: "#{title} (desc.: #{description} / tags: #{tags.join(', ')})", attachments: attachments)
|
data/lib/mihari/the_hive.rb
CHANGED
|
@@ -25,9 +25,14 @@ module Mihari
|
|
|
25
25
|
@api ||= Hachi::API.new
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
# @return [
|
|
28
|
+
# @return [Array]
|
|
29
29
|
def search(data:, data_type:, range: "all")
|
|
30
|
-
api.artifact.search(data: data, data_type: data_type, range: range)
|
|
30
|
+
api.artifact.search({ data: data, data_type: data_type }, range: range)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# @return [Array]
|
|
34
|
+
def search_all(data:, range: "all")
|
|
35
|
+
api.artifact.search({ data: data }, range: range)
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
# @return [true, false]
|
|
@@ -36,6 +41,16 @@ module Mihari
|
|
|
36
41
|
!res.empty?
|
|
37
42
|
end
|
|
38
43
|
|
|
44
|
+
# @return [Array<Mihari::Artifact>]
|
|
45
|
+
def find_non_existing_artifacts(artifacts)
|
|
46
|
+
data = artifacts.map(&:data)
|
|
47
|
+
results = search_all(data: data)
|
|
48
|
+
keys = results.map { |result| result.dig("data") }.compact.uniq
|
|
49
|
+
artifacts.reject do |artifact|
|
|
50
|
+
keys.include? artifact.data
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
39
54
|
# @return [Hash]
|
|
40
55
|
def create_alert(title:, description:, artifacts:, tags: [])
|
|
41
56
|
api.alert.create(
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
|
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
spec.add_dependency "addressable", "~> 2.6"
|
|
35
35
|
spec.add_dependency "censu", "~> 0.2"
|
|
36
36
|
spec.add_dependency "email_address", "~> 0.1"
|
|
37
|
-
spec.add_dependency "hachi", "~> 0.
|
|
37
|
+
spec.add_dependency "hachi", "~> 0.2"
|
|
38
38
|
spec.add_dependency "mem", "~> 0.1"
|
|
39
39
|
spec.add_dependency "net-ping", "~> 2.0"
|
|
40
40
|
spec.add_dependency "onyphe", "~> 0.2"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -142,14 +142,14 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: '0.
|
|
145
|
+
version: '0.2'
|
|
146
146
|
type: :runtime
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: '0.
|
|
152
|
+
version: '0.2'
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: mem
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -336,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
336
336
|
- !ruby/object:Gem::Version
|
|
337
337
|
version: '0'
|
|
338
338
|
requirements: []
|
|
339
|
-
rubygems_version: 3.0.
|
|
339
|
+
rubygems_version: 3.0.4
|
|
340
340
|
signing_key:
|
|
341
341
|
specification_version: 4
|
|
342
342
|
summary: A framework for continuous malicious hosts monitoring.
|