mihari 0.4.0 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mihari/analyzers/base.rb +4 -4
- data/lib/mihari/emitters/slack.rb +2 -2
- data/lib/mihari/the_hive.rb +17 -2
- data/lib/mihari/version.rb +1 -1
- data/mihari.gemspec +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d2122f13495ae81a98410887ee84dd41cbe5dbea0cf70b28afac5943d899a543
|
|
4
|
+
data.tar.gz: '08b3eb468a8bb767990b3bea8d2b18950d4240611fec189a9ed4d6272ba84aab'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b98c1c679ab601b40f918be6eb3bb4ea1c80761abe79944b1c2111abb6eec87d430ffb5e7571591875ecabf631753cb428dab98ae11dfe7708ac87ea1f6c50f8
|
|
7
|
+
data.tar.gz: 4d6a0b87a14dbb6de755f623e6544743966b26101a49b7dc71a7c4604fb662a052c52071c638e7fdedfcd918bf783cb90cd46567e0f31a30e93322181942af4a
|
|
@@ -48,16 +48,16 @@ module Mihari
|
|
|
48
48
|
|
|
49
49
|
# @return [Array<Mihari::Artifact>]
|
|
50
50
|
def normalized_artifacts
|
|
51
|
-
artifacts.map do |artifact|
|
|
51
|
+
@normalized_artifacts ||= artifacts.map do |artifact|
|
|
52
52
|
artifact.is_a?(Artifact) ? artifact : Artifact.new(artifact)
|
|
53
53
|
end.select(&:valid?)
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
# @return [Array<Mihari::Artifact>]
|
|
57
57
|
def unique_artifacts
|
|
58
|
-
normalized_artifacts
|
|
59
|
-
|
|
60
|
-
|
|
58
|
+
return normalized_artifacts unless the_hive.valid?
|
|
59
|
+
|
|
60
|
+
the_hive.find_non_existing_artifacts(normalized_artifacts)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -125,11 +125,11 @@ module Mihari
|
|
|
125
125
|
end.flatten
|
|
126
126
|
end
|
|
127
127
|
|
|
128
|
-
def emit(title:, description:, artifacts:, tags:)
|
|
128
|
+
def emit(title:, description:, artifacts:, tags: [])
|
|
129
129
|
return if artifacts.empty?
|
|
130
130
|
|
|
131
131
|
attachments = to_attachments(artifacts)
|
|
132
|
-
tags
|
|
132
|
+
tags = ["N/A"] if tags.empty?
|
|
133
133
|
|
|
134
134
|
notifier = ::Slack::Notifier.new(slack_webhook_url, channel: slack_channel)
|
|
135
135
|
notifier.post(text: "#{title} (desc.: #{description} / tags: #{tags.join(', ')})", attachments: attachments)
|
data/lib/mihari/the_hive.rb
CHANGED
|
@@ -25,9 +25,14 @@ module Mihari
|
|
|
25
25
|
@api ||= Hachi::API.new
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
# @return [
|
|
28
|
+
# @return [Array]
|
|
29
29
|
def search(data:, data_type:, range: "all")
|
|
30
|
-
api.artifact.search(data: data, data_type: data_type, range: range)
|
|
30
|
+
api.artifact.search({ data: data, data_type: data_type }, range: range)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# @return [Array]
|
|
34
|
+
def search_all(data:, range: "all")
|
|
35
|
+
api.artifact.search({ data: data }, range: range)
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
# @return [true, false]
|
|
@@ -36,6 +41,16 @@ module Mihari
|
|
|
36
41
|
!res.empty?
|
|
37
42
|
end
|
|
38
43
|
|
|
44
|
+
# @return [Array<Mihari::Artifact>]
|
|
45
|
+
def find_non_existing_artifacts(artifacts)
|
|
46
|
+
data = artifacts.map(&:data)
|
|
47
|
+
results = search_all(data: data)
|
|
48
|
+
keys = results.map { |result| result.dig("data") }.compact.uniq
|
|
49
|
+
artifacts.reject do |artifact|
|
|
50
|
+
keys.include? artifact.data
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
39
54
|
# @return [Hash]
|
|
40
55
|
def create_alert(title:, description:, artifacts:, tags: [])
|
|
41
56
|
api.alert.create(
|
data/lib/mihari/version.rb
CHANGED
data/mihari.gemspec
CHANGED
|
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
spec.add_dependency "addressable", "~> 2.6"
|
|
35
35
|
spec.add_dependency "censu", "~> 0.2"
|
|
36
36
|
spec.add_dependency "email_address", "~> 0.1"
|
|
37
|
-
spec.add_dependency "hachi", "~> 0.
|
|
37
|
+
spec.add_dependency "hachi", "~> 0.2"
|
|
38
38
|
spec.add_dependency "mem", "~> 0.1"
|
|
39
39
|
spec.add_dependency "net-ping", "~> 2.0"
|
|
40
40
|
spec.add_dependency "onyphe", "~> 0.2"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mihari
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -142,14 +142,14 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: '0.
|
|
145
|
+
version: '0.2'
|
|
146
146
|
type: :runtime
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: '0.
|
|
152
|
+
version: '0.2'
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: mem
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -336,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
336
336
|
- !ruby/object:Gem::Version
|
|
337
337
|
version: '0'
|
|
338
338
|
requirements: []
|
|
339
|
-
rubygems_version: 3.0.
|
|
339
|
+
rubygems_version: 3.0.4
|
|
340
340
|
signing_key:
|
|
341
341
|
specification_version: 4
|
|
342
342
|
summary: A framework for continuous malicious hosts monitoring.
|