RubyGems - mihari - Versions diffs - 3.4.0 → 3.6.1 - Mend

mihari 3.4.0 → 3.6.1

Files changed (173) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/README.md +2 -0
data/Steepfile +32 -0
data/config.ru +1 -0
data/lib/mihari/analyzers/base.rb +39 -11
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +42 -9
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +50 -9
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +39 -5
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/cli/analyzer.rb +1 -0
data/lib/mihari/cli/base.rb +0 -2
data/lib/mihari/commands/init.rb +4 -4
data/lib/mihari/commands/search.rb +1 -0
data/lib/mihari/commands/web.rb +1 -0
data/lib/mihari/{constraints.rb → constants.rb} +0 -0
data/lib/mihari/database.rb +42 -3
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/models/alert.rb +28 -10
data/lib/mihari/models/artifact.rb +55 -0
data/lib/mihari/models/autonomous_system.rb +9 -0
data/lib/mihari/models/dns.rb +53 -0
data/lib/mihari/models/geolocation.rb +9 -0
data/lib/mihari/models/reverse_dns.rb +24 -0
data/lib/mihari/models/whois.rb +119 -0
data/lib/mihari/schemas/configuration.rb +1 -0
data/lib/mihari/schemas/rule.rb +2 -15
data/lib/mihari/serializers/alert.rb +6 -4
data/lib/mihari/serializers/artifact.rb +11 -2
data/lib/mihari/serializers/autonomous_system.rb +9 -0
data/lib/mihari/serializers/dns.rb +11 -0
data/lib/mihari/serializers/geolocation.rb +11 -0
data/lib/mihari/serializers/reverse_dns.rb +11 -0
data/lib/mihari/serializers/tag.rb +4 -2
data/lib/mihari/serializers/whois.rb +11 -0
data/lib/mihari/structs/censys.rb +92 -0
data/lib/mihari/structs/onyphe.rb +47 -0
data/lib/mihari/structs/shodan.rb +53 -0
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/types.rb +21 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +2 -0
data/lib/mihari/web/controllers/alerts_controller.rb +3 -4
data/lib/mihari/web/controllers/artifacts_controller.rb +46 -2
data/lib/mihari/web/controllers/ip_address_controller.rb +36 -0
data/lib/mihari/web/controllers/sources_controller.rb +2 -2
data/lib/mihari/web/controllers/tags_controller.rb +3 -1
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +12 -10
data/lib/mihari/web/public/static/fonts/fa-brands-400.1a575a41.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.513aa607.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.592643a8.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-brands-400.ed311c7a.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.766913e6.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.b0e2db3b.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.b91d376b.woff2 +0 -0
data/lib/mihari/web/public/static/fonts/fa-regular-400.d1d7e3b4.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.0c6bfc66.eot +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.b9625119.ttf +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.d745348d.woff +0 -0
data/lib/mihari/web/public/static/fonts/fa-solid-900.d824df7e.woff2 +0 -0
data/lib/mihari/web/public/static/img/fa-brands-400.1d5619cd.svg +3717 -0
data/lib/mihari/web/public/static/img/fa-regular-400.c5d109be.svg +801 -0
data/lib/mihari/web/public/static/img/fa-solid-900.37bc7099.svg +5034 -0
data/lib/mihari/web/public/static/js/app.8e3e5150.js +36 -0
data/lib/mihari/web/public/static/js/app.8e3e5150.js.map +1 -0
data/lib/mihari/web/public/static/js/app.b5914c39.js +36 -0
data/lib/mihari/web/public/static/js/app.b5914c39.js.map +1 -0
data/lib/mihari.rb +25 -4
data/mihari.gemspec +10 -2
data/sig/lib/mihari/analyzers/base.rbs +99 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +54 -0
data/sig/lib/mihari/models/autonomous_system.rbs +5 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +6 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +57 -0
metadata +240 -8

data/lib/mihari/cli/analyzer.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Mihari
     class Analyzer < Base
       class_option :ignore_old_artifacts, type: :boolean, default: false, desc: "Whether to ignore old artifacts from checking or not."
       class_option :ignore_threshold, type: :numeric, default: 0, desc: "Number of days to define whether an artifact is old or not."
+      class_option :config, type: :string, desc: "Path to the config file"
       include Mihari::Commands::BinaryEdge
       include Mihari::Commands::Censys

data/lib/mihari/cli/base.rb CHANGED Viewed

@@ -12,8 +12,6 @@ module Mihari
       include Mihari::Mixins::Hash
       include Mixins::Utils
-      class_option :config, type: :string, desc: "Path to the config file"
       class << self
         def exit_on_failure?
           true

data/lib/mihari/commands/init.rb CHANGED Viewed

@@ -5,10 +5,10 @@ require "colorize"
 module Mihari
   module Commands
     module Initialization
-      def self.included(thor)
-        include Mixins::Configuration
-        include Mixins::Rule
+      include Mixins::Configuration
+      include Mixins::Rule
+      def self.included(thor)
         thor.class_eval do
           desc "config", "Create a config file"
           method_option :filename, type: :string, default: "mihari.yml"
@@ -37,7 +37,7 @@ module Mihari
             initialize_rule_yaml filename
-            puts "The rule file is created as #{filename}.".colorize(:blue)
+            puts "The rule file is initialized as #{filename}.".colorize(:blue)
           end
         end
       end

data/lib/mihari/commands/search.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Mihari
       def self.included(thor)
         thor.class_eval do
           desc "search [RULE]", "Search by a rule"
+          method_option :config, type: :string, desc: "Path to the config file"
           def search_by_rule(rule)
             # convert str(YAML) to hash or str(path/YAML file) to hash
             rule = load_rule(rule)

data/lib/mihari/commands/web.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Mihari
           desc "web", "Launch the web app"
           method_option :port, type: :numeric, default: 9292
           method_option :host, type: :string, default: "localhost"
+          method_option :config, type: :string, desc: "Path to the config file"
           def web
             port = options["port"].to_i || 9292
             host = options["host"] || "localhost"

data/lib/mihari/{constraints.rb → constants.rb} RENAMED Viewed

File without changes

data/lib/mihari/database.rb CHANGED Viewed

@@ -32,12 +32,48 @@ class InitialSchema < ActiveRecord::Migration[6.1]
   end
 end
-class V3Schema < ActiveRecord::Migration[6.1]
+class AddeSourceToArtifactSchema < ActiveRecord::Migration[6.1]
   def change
     add_column :artifacts, :source, :string, if_not_exists: true
   end
 end
+class EnrichmentsSchema < ActiveRecord::Migration[6.1]
+  def change
+    create_table :autonomous_systems, if_not_exists: true do |t|
+      t.integer :asn, null: false
+      t.belongs_to :artifact, foreign_key: true
+    end
+    create_table :geolocations, if_not_exists: true do |t|
+      t.string :country, null: false
+      t.string :country_code, null: false
+      t.belongs_to :artifact, foreign_key: true
+    end
+    create_table :whois_records, if_not_exists: true do |t|
+      t.string :domain, null: false
+      t.date :created_on
+      t.date :updated_on
+      t.date :expires_on
+      t.json :registrar
+      t.json :contacts
+      t.belongs_to :artifact, foreign_key: true
+    end
+    create_table :dns_records, if_not_exists: true do |t|
+      t.string :resource, null: false
+      t.string :value, null: false
+      t.belongs_to :artifact, foreign_key: true
+    end
+    create_table :reverse_dns_names, if_not_exists: true do |t|
+      t.string :name, null: false
+      t.belongs_to :artifact, foreign_key: true
+    end
+  end
+end
 def adapter
   return "postgresql" if Mihari.config.database.start_with?("postgresql://", "postgres://")
   return "mysql2" if Mihari.config.database.start_with?("mysql2://")
@@ -59,10 +95,12 @@ module Mihari
           )
         end
+        # ActiveRecord::Base.logger = Logger.new STDOUT
         ActiveRecord::Migration.verbose = false
         InitialSchema.migrate(:up)
-        V3Schema.migrate(:up)
+        AddeSourceToArtifactSchema.migrate(:up)
+        EnrichmentsSchema.migrate(:up)
       rescue StandardError
         # Do nothing
       end
@@ -76,7 +114,8 @@ module Mihari
         return unless ActiveRecord::Base.connected?
         InitialSchema.migrate(:down)
-        V3Schema.migrate(:down)
+        AddeSourceToArtifactSchema.migrate(:down)
+        EnrichmentsSchema.migrate(:down)
       end
     end
   end

data/lib/mihari/emitters/base.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Mihari
         Mihari.emitters << child
       end
-      # @return [true, false]
+      # @return [Boolean]
       def valid?
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end

data/lib/mihari/emitters/misp.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Mihari
         end
       end
-      # @return [true, false]
+      # @return [Boolean]
       def valid?
         api_endpoint? && api_key? && ping?
       end
@@ -42,10 +42,24 @@ module Mihari
         %w[misp_api_endpoint misp_api_key]
       end
+      #
+      # Build a MISP attribute
+      #
+      # @param [Mihari::Artifact] artifact
+      #
+      # @return [::MISP::Attribute] <description>
+      #
       def build_attribute(artifact)
         ::MISP::Attribute.new(value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data))
       end
+      #
+      # Get a type of a hash
+      #
+      # @param [String] value
+      #
+      # @return [String]
+      #
       def hash_type(value)
         case value.length
         when 32
@@ -59,6 +73,14 @@ module Mihari
         end
       end
+      #
+      # Convert a type to a MISP type
+      #
+      # @param [String] type
+      # @param [String] value
+      #
+      # @return [String]
+      #
       def to_misp_type(type:, value:)
         type = type.to_sym
         table = {
@@ -72,20 +94,31 @@ module Mihari
         hash_type value
       end
-      def create_attribute(artifact)
-        artifact.data_type
-      end
+      #
+      # Check whether an API endpoint is set or not
+      #
+      # @return [Boolean]
+      #
       def api_endpoint?
         api_endpoint = ::MISP.configuration.api_endpoint
         !api_endpoint.nil? && !api_endpoint.empty?
       end
+      #
+      # Check whether an API key is set or not
+      #
+      # @return [Boolean]
+      #
       def api_key?
         api_key = ::MISP.configuration.api_key
         !api_key.nil? && !api_key.empty?
       end
+      #
+      # Check whether an API endpoint is reachable or not
+      #
+      # @return [Boolean]
+      #
       def ping?
         base_url = ::MISP.configuration.api_endpoint
         base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url

data/lib/mihari/emitters/slack.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Mihari
       private
-      # @return [String]
+      # @return [String, nil]
       def _urlscan_link
         case data_type
         when "ip"
@@ -69,7 +69,7 @@ module Mihari
       end
       memoize :_urlscan_link
-      # @return [String]
+      # @return [String, nil]
       def _vt_link
         case data_type
         when "hash"
@@ -86,11 +86,13 @@ module Mihari
       end
       memoize :_vt_link
+      # @return [String, nil]
       def _censys_link
         data_type == "ip" ? "https://search.censys.io/hosts/#{data}" : nil
       end
       memoize :_censys_link
+      # @return [String, nil]
       def _shodan_link
         data_type == "ip" ? "https://www.shodan.io/host/#{data}" : nil
       end
@@ -116,12 +118,28 @@ module Mihari
         notifier.valid?
       end
+      #
+      # Build attachements
+      #
+      # @param [Array<Mihari::Artifact>] artifacts
+      #
+      # @return [Array<Mihari::Emitters::Attachment>]
+      #
       def to_attachments(artifacts)
         artifacts.map do |artifact|
           Attachment.new(data: artifact.data, data_type: artifact.data_type).to_a
         end.flatten
       end
+      #
+      # Build a text
+      #
+      # @param [String] title
+      # @param [String] description
+      # @param [Array<String>] tags
+      #
+      # @return [String]
+      #
       def to_text(title:, description:, tags: [])
         tags = ["N/A"] if tags.empty?

data/lib/mihari/emitters/the_hive.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require "net/ping"
 module Mihari
   module Emitters
     class TheHive < Base
-      # @return [true, false]
+      # @return [Boolean]
       def valid?
         api_endpont? && api_key? && ping?
       end
@@ -34,16 +34,29 @@ module Mihari
         @api ||= Hachi::API.new(api_endpoint: Mihari.config.thehive_api_endpoint, api_key: Mihari.config.thehive_api_key)
       end
-      # @return [true, false]
+      #
+      # Check whether an API endpoint is set or not
+      #
+      # @return [Boolean]
+      #
       def api_endpont?
         !Mihari.config.thehive_api_endpoint.nil?
       end
-      # @return [true, false]
+      #
+      # Check whether an API key is set or not
+      #
+      # @return [Boolean]
+      # ]
       def api_key?
         !Mihari.config.thehive_api_key.nil?
       end
+      #
+      # Check whether an API endpoint is reachable or not
+      #
+      # @return [Boolean]
+      #
       def ping?
         base_url = Mihari.config.thehive_api_endpoint
         base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url

data/lib/mihari/emitters/webhook.rb CHANGED Viewed

@@ -7,7 +7,7 @@ require "uri"
 module Mihari
   module Emitters
     class Webhook < Base
-      # @return [true, false]
+      # @return [Boolean]
       def valid?
         webhook_url?
       end
@@ -24,7 +24,7 @@ module Mihari
           tags: tags
         }
-        if use_json_body
+        if use_json_body?
           Net::HTTP.post(uri, data.to_json, "Content-Type" => "application/json")
         else
           Net::HTTP.post_form(uri, data)
@@ -37,15 +37,30 @@ module Mihari
         %w[webhook_url]
       end
+      #
+      # Webhook URL
+      #
+      # @return [String, nil]
+      #
       def webhook_url
         @webhook_url ||= Mihari.config.webhook_url
       end
+      #
+      # Check whether a webhook URL is set or not
+      #
+      # @return [<Type>] <description>
+      #
       def webhook_url?
         !webhook_url.nil?
       end
-      def use_json_body
+      #
+      # Check whether to use JSON body or NOT
+      #
+      # @return [<Type>] <description>
+      #
+      def use_json_body?
         @use_json_body ||= Mihari.config.webhook_use_json_body
       end
     end

data/lib/mihari/mixins/disallowed_data_value.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Mihari
         # if a value is surrounded by slashes, take it as a regexp
         value_without_slashes = value[1..-2]
-        Regexp.compile value_without_slashes
+        Regexp.compile value_without_slashes.to_s
       end
       memoize :normalize_disallowed_data_value

data/lib/mihari/models/alert.rb CHANGED Viewed

@@ -18,8 +18,8 @@ module Mihari
       # @param [String, nil] source
       # @param [String, nil] tag_name
       # @param [String, nil] title
-      # @param [String, nil] from_at
-      # @param [String, nil] to_at
+      # @param [DateTime, nil] from_at
+      # @param [DateTime, nil] to_at
       # @param [Integer, nil] limit
       # @param [Integer, nil] page
       #
@@ -34,12 +34,22 @@ module Mihari
         offset = (page - 1) * limit
-        relation = build_relation(artifact_data: artifact_data, title: title, description: description, source: source, tag_name: tag_name, from_at: from_at, to_at: to_at)
+        relation = build_relation(
+          artifact_data: artifact_data,
+          title: title,
+          description: description,
+          source: source,
+          tag_name: tag_name,
+          from_at: from_at,
+          to_at: to_at
+        )
-        alerts = relation.limit(limit).offset(offset).order(id: :desc)
+        # TODO: improve queires
+        alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
+        alerts = includes(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
         alerts.map do |alert|
-          json = AlertSerializer.new(alert).as_json
+          json = Serializers::AlertSerializer.new(alert).as_json
           json[:artifacts] = json[:artifacts] || []
           json[:tags] = json[:tags] || []
           json
@@ -54,13 +64,21 @@ module Mihari
       # @param [String, nil] source
       # @param [String, nil] tag_name
       # @param [String, nil] title
-      # @param [String, nil] from_at
-      # @param [String, nil] to_at
+      # @param [DateTime, nil] from_at
+      # @param [DateTime, nil] to_at
       #
       # @return [Integer]
       #
       def count(artifact_data: nil, description: nil, source: nil, tag_name: nil, title: nil, from_at: nil, to_at: nil)
-        relation = build_relation(artifact_data: artifact_data, title: title, description: description, source: source, tag_name: tag_name, from_at: from_at, to_at: to_at)
+        relation = build_relation(
+          artifact_data: artifact_data,
+          title: title,
+          description: description,
+          source: source,
+          tag_name: tag_name,
+          from_at: from_at,
+          to_at: to_at
+        )
         relation.distinct("alerts.id").count
       end
@@ -68,8 +86,8 @@ module Mihari
       def build_relation(artifact_data: nil, title: nil, description: nil, source: nil, tag_name: nil, from_at: nil, to_at: nil)
         relation = self
-        relation = joins(:tags) if tag_name
-        relation = joins(:artifacts) if artifact_data
+        relation = relation.includes(:artifacts, :tags)
         relation = relation.where(artifacts: { data: artifact_data }) if artifact_data
         relation = relation.where(tags: { name: tag_name }) if tag_name