RubyGems - mihari - Versions diffs - 4.11.0 → 5.0.0 - Mend

mihari 4.11.0 → 5.0.0

Files changed (154) hide show

checksums.yaml +4 -4
data/.github/workflows/test.yml +1 -1
data/README.md +13 -3
data/Steepfile +0 -1
data/build_frontend.sh +0 -3
data/docker/Dockerfile +11 -12
data/images/Tines-Full_Logo-Tines_Black.png +0 -0
data/lib/mihari/analyzers/base.rb +12 -28
data/lib/mihari/analyzers/rule.rb +23 -36
data/lib/mihari/cli/main.rb +6 -11
data/lib/mihari/commands/initializer.rb +47 -0
data/lib/mihari/commands/{search.rb → searcher.rb} +9 -20
data/lib/mihari/commands/validator.rb +2 -2
data/lib/mihari/commands/web.rb +4 -2
data/lib/mihari/constants.rb +3 -3
data/lib/mihari/database.rb +52 -87
data/lib/mihari/emitters/database.rb +16 -7
data/lib/mihari/emitters/misp.rb +13 -5
data/lib/mihari/emitters/slack.rb +15 -8
data/lib/mihari/emitters/the_hive.rb +42 -21
data/lib/mihari/emitters/webhook.rb +99 -31
data/lib/mihari/entities/alert.rb +7 -5
data/lib/mihari/entities/artifact.rb +20 -8
data/lib/mihari/entities/config.rb +2 -6
data/lib/mihari/entities/rule.rb +8 -0
data/lib/mihari/http.rb +13 -13
data/lib/mihari/mixins/{disallowed_data_value.rb → falsepositive.rb} +8 -8
data/lib/mihari/models/alert.rb +2 -15
data/lib/mihari/models/artifact.rb +28 -17
data/lib/mihari/models/rule.rb +7 -13
data/lib/mihari/schemas/emitter.rb +6 -8
data/lib/mihari/schemas/rule.rb +11 -13
data/lib/mihari/structs/config.rb +41 -0
data/lib/mihari/structs/filters.rb +2 -2
data/lib/mihari/structs/rule.rb +96 -83
data/lib/mihari/templates/rule.yml.erb +5 -23
data/lib/mihari/types.rb +1 -1
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +0 -2
data/lib/mihari/web/app.rb +10 -4
data/lib/mihari/web/endpoints/alerts.rb +11 -3
data/lib/mihari/web/endpoints/configs.rb +1 -6
data/lib/mihari/web/endpoints/rules.rb +27 -15
data/lib/mihari/web/public/assets/{fa-brands-400.c7ae37d3.ttf → fa-brands-400-2ef6fdde.ttf} +0 -0
data/lib/mihari/web/public/assets/fa-brands-400-f4617423.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-regular-400-12dea17b.ttf +0 -0
data/lib/mihari/web/public/assets/fa-regular-400-7ba24c41.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-solid-900-67a880b4.ttf +0 -0
data/lib/mihari/web/public/assets/fa-solid-900-e2c5cf54.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-v4compatibility-7c377405.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-v4compatibility-8d9500e8.ttf +0 -0
data/lib/mihari/web/public/assets/{index.e1e67d84.css → index-625e95fe.css} +3 -3
data/lib/mihari/web/public/assets/index-63900d73.js +50 -0
data/lib/mihari/web/public/index.html +3 -3
data/lib/mihari/web/public/redoc-static.html +26 -27
data/lib/mihari.rb +11 -21
data/mihari.gemspec +14 -14
metadata +46 -131
data/lib/mihari/cli/init.rb +0 -11
data/lib/mihari/cli/validator.rb +0 -11
data/lib/mihari/commands/init.rb +0 -51
data/lib/mihari/emitters/http.rb +0 -127
data/lib/mihari/entities/source.rb +0 -9
data/lib/mihari/status.rb +0 -55
data/lib/mihari/web/endpoints/sources.rb +0 -19
data/lib/mihari/web/public/assets/fa-brands-400.3fe890d0.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-regular-400.fdc1f753.ttf +0 -0
data/lib/mihari/web/public/assets/fa-regular-400.fe69d948.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-solid-900.6d53c706.ttf +0 -0
data/lib/mihari/web/public/assets/fa-solid-900.d27bc752.woff2 +0 -0
data/lib/mihari/web/public/assets/fa-v4compatibility.4d73f280.ttf +0 -0
data/lib/mihari/web/public/assets/fa-v4compatibility.7d1c2ce5.woff2 +0 -0
data/lib/mihari/web/public/assets/index.d3a61a69.js +0 -68
data/sig/lib/mihari/analyzers/base.rbs +0 -90
data/sig/lib/mihari/analyzers/binaryedge.rbs +0 -26
data/sig/lib/mihari/analyzers/censys.rbs +0 -41
data/sig/lib/mihari/analyzers/circl.rbs +0 -31
data/sig/lib/mihari/analyzers/crtsh.rbs +0 -17
data/sig/lib/mihari/analyzers/dnpedia.rbs +0 -15
data/sig/lib/mihari/analyzers/dnstwister.rbs +0 -25
data/sig/lib/mihari/analyzers/feed.rbs +0 -20
data/sig/lib/mihari/analyzers/onyphe.rbs +0 -34
data/sig/lib/mihari/analyzers/otx.rbs +0 -33
data/sig/lib/mihari/analyzers/passivetotal.rbs +0 -35
data/sig/lib/mihari/analyzers/pulsedive.rbs +0 -27
data/sig/lib/mihari/analyzers/rule.rbs +0 -68
data/sig/lib/mihari/analyzers/securitytrails.rbs +0 -33
data/sig/lib/mihari/analyzers/shodan.rbs +0 -36
data/sig/lib/mihari/analyzers/urlscan.rbs +0 -31
data/sig/lib/mihari/analyzers/virustotal.rbs +0 -31
data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs +0 -33
data/sig/lib/mihari/analyzers/zoomeye.rbs +0 -35
data/sig/lib/mihari/cli/base.rbs +0 -9
data/sig/lib/mihari/cli/init.rbs +0 -7
data/sig/lib/mihari/cli/main.rbs +0 -9
data/sig/lib/mihari/cli/validator.rbs +0 -7
data/sig/lib/mihari/commands/init.rbs +0 -9
data/sig/lib/mihari/commands/json.rbs +0 -7
data/sig/lib/mihari/commands/search.rbs +0 -35
data/sig/lib/mihari/commands/validator.rbs +0 -9
data/sig/lib/mihari/commands/web.rbs +0 -7
data/sig/lib/mihari/constants.rbs +0 -5
data/sig/lib/mihari/database.rbs +0 -25
data/sig/lib/mihari/emitters/base.rbs +0 -18
data/sig/lib/mihari/emitters/database.rbs +0 -9
data/sig/lib/mihari/emitters/http.rbs +0 -35
data/sig/lib/mihari/emitters/misp.rbs +0 -34
data/sig/lib/mihari/emitters/slack.rbs +0 -73
data/sig/lib/mihari/emitters/stdout.rbs +0 -9
data/sig/lib/mihari/emitters/the_hive.rbs +0 -32
data/sig/lib/mihari/emitters/webhook.rbs +0 -20
data/sig/lib/mihari/enrichers/base.rbs +0 -12
data/sig/lib/mihari/enrichers/google_public_dns.rbs +0 -18
data/sig/lib/mihari/enrichers/ipinfo.rbs +0 -16
data/sig/lib/mihari/errors.rbs +0 -10
data/sig/lib/mihari/feed/parser.rbs +0 -11
data/sig/lib/mihari/feed/reader.rbs +0 -56
data/sig/lib/mihari/http.rbs +0 -64
data/sig/lib/mihari/mixins/autonomous_system.rbs +0 -14
data/sig/lib/mihari/mixins/configurable.rbs +0 -30
data/sig/lib/mihari/mixins/configuration.rbs +0 -45
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +0 -23
data/sig/lib/mihari/mixins/error_notification.rbs +0 -12
data/sig/lib/mihari/mixins/hash.rbs +0 -14
data/sig/lib/mihari/mixins/refang.rbs +0 -14
data/sig/lib/mihari/mixins/retriable.rbs +0 -15
data/sig/lib/mihari/models/alert.rbs +0 -18
data/sig/lib/mihari/models/artifact.rbs +0 -69
data/sig/lib/mihari/models/autonomous_system.rbs +0 -14
data/sig/lib/mihari/models/cpe.rbs +0 -7
data/sig/lib/mihari/models/dns.rbs +0 -19
data/sig/lib/mihari/models/geolocation.rbs +0 -15
data/sig/lib/mihari/models/port.rbs +0 -7
data/sig/lib/mihari/models/reverse_dns.rbs +0 -14
data/sig/lib/mihari/models/rule.rbs +0 -17
data/sig/lib/mihari/models/tag.rbs +0 -5
data/sig/lib/mihari/models/tagging.rbs +0 -4
data/sig/lib/mihari/models/whois.rbs +0 -66
data/sig/lib/mihari/status.rbs +0 -25
data/sig/lib/mihari/structs/censys.rbs +0 -58
data/sig/lib/mihari/structs/filters.rbs +0 -40
data/sig/lib/mihari/structs/google_public_dns.rbs +0 -21
data/sig/lib/mihari/structs/greynoise.rbs +0 -30
data/sig/lib/mihari/structs/ipinfo.rbs +0 -17
data/sig/lib/mihari/structs/onyphe.rbs +0 -25
data/sig/lib/mihari/structs/rule.rbs +0 -57
data/sig/lib/mihari/structs/shodan.rbs +0 -30
data/sig/lib/mihari/structs/urlscan.rbs +0 -28
data/sig/lib/mihari/structs/virustotal_intelligence.rbs +0 -33
data/sig/lib/mihari/type_checker.rbs +0 -48
data/sig/lib/mihari/types.rbs +0 -23
data/sig/lib/mihari/version.rbs +0 -3
data/sig/lib/mihari/web/app.rbs +0 -5
data/sig/lib/mihari.rbs +0 -54

data/lib/mihari/entities/config.rb CHANGED Viewed

@@ -2,15 +2,11 @@
 module Mihari
   module Entities
-    class ConfigStatus < Grape::Entity
+    class Config < Grape::Entity
+      expose :name, documentation: { type: String, required: true }
       expose :type, documentation: { type: String, required: true }
       expose :values, documentation: { type: String, is_array: true, required: true }
       expose :is_configured, documentation: { type: Grape::API::Boolean, required: true }, as: :isConfigured
     end
-    class Config < Grape::Entity
-      expose :name, documentation: { type: String, required: true }
-      expose :status, using: Entities::ConfigStatus, documentation: { type: ConfigStatus, required: true }
-    end
   end
 end

data/lib/mihari/entities/rule.rb CHANGED Viewed

@@ -14,9 +14,13 @@ module Mihari
     class Rule < Grape::Entity
       expose :id, documentation: { type: String, required: true }
+      expose :title, documentation: { type: String, required: true }
+      expose :description, documentation: { type: String, required: true }
       expose :yaml, documentation: { type: String, required: true }
       expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
       expose :updated_at, documentation: { type: DateTime, required: true }, as: :updatedAt
+      expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
     end
     class RulesWithPagination < Grape::Entity
@@ -25,5 +29,9 @@ module Mihari
       expose :current_page, documentation: { type: Integer, required: true }, as: :currentPage
       expose :page_size, documentation: { type: Integer, required: true }, as: :pageSize
     end
+    class RuleIDs < Grape::Entity
+      expose :rule_ids, documentation: { type: Array[String], required: true }, as: :ruleIds
+    end
   end
 end

data/lib/mihari/http.rb CHANGED Viewed

@@ -4,10 +4,10 @@ require "insensitive_hash"
 module Mihari
   class HTTP
-    attr_reader :uri, :headers, :payload
+    attr_reader :url, :headers, :payload
-    def initialize(uri, headers: {}, payload: {})
-      @uri = uri.is_a?(URI) ? uri : URI(uri.to_s)
+    def initialize(url, headers: {}, payload: {})
+      @url = url.is_a?(URI) ? url : URI(url.to_s)
       @headers = headers.insensitive
       @payload = payload
     end
@@ -18,10 +18,10 @@ module Mihari
     # @return [Net::HTTPResponse]
     #
     def get
-      new_uri = uri.deep_dup
-      new_uri.query = Addressable::URI.form_encode(payload) unless payload.empty?
+      new_url = url.deep_dup
+      new_url.query = Addressable::URI.form_encode(payload) unless payload.empty?
-      get = Net::HTTP::Get.new(new_uri)
+      get = Net::HTTP::Get.new(new_url)
       request get
     end
@@ -31,7 +31,7 @@ module Mihari
     # @return [Net::HTTPResponse]
     #
     def post
-      post = Net::HTTP::Post.new(uri)
+      post = Net::HTTP::Post.new(url)
       case content_type
       when "application/json"
@@ -44,13 +44,13 @@ module Mihari
     end
     class << self
-      def get(uri, headers: {}, params: {})
-        client = new(uri, headers: headers, payload: params)
+      def get(url, headers: {}, params: {})
+        client = new(url, headers: headers, payload: params)
         client.get
       end
-      def post(uri, headers: {}, payload: {})
-        client = new(uri, headers: headers, payload: payload)
+      def post(url, headers: {}, payload: {})
+        client = new(url, headers: headers, payload: payload)
         client.post
       end
     end
@@ -67,7 +67,7 @@ module Mihari
     # @return [Hahs]
     #
     def https_options
-      return { use_ssl: true } if uri.scheme == "https"
+      return { use_ssl: true } if url.scheme == "https"
       {}
     end
@@ -80,7 +80,7 @@ module Mihari
     # @return [Net::HTTPResponse]
     #
     def request(req)
-      Net::HTTP.start(uri.host, uri.port, https_options) do |http|
+      Net::HTTP.start(url.host, url.port, https_options) do |http|
         # set headers
         headers.each do |k, v|
           req[k] = v

data/lib/mihari/mixins/{disallowed_data_value.rb → falsepositive.rb} RENAMED Viewed

@@ -2,24 +2,24 @@
 module Mihari
   module Mixins
-    module DisallowedDataValue
+    module FalsePositive
       include Memist::Memoizable
       #
-      # Normalize a value as a disallowed data value
+      # Normalize a falsepositive value
       #
-      # @param [String] value Data value
+      # @param [String] value
       #
-      # @return [String, Regexp] Normalized value
+      # @return [String, Regexp]
       #
-      def normalize_disallowed_data_value(value)
+      def normalize_falsepositive(value)
         return value if !value.start_with?("/") || !value.end_with?("/")
         # if a value is surrounded by slashes, take it as a regexp
         value_without_slashes = value[1..-2]
         Regexp.compile value_without_slashes.to_s
       end
-      memoize :normalize_disallowed_data_value
+      memoize :normalize_falsepositive
       #
       # Check whetehr a value is valid format as a disallowed data value
@@ -28,9 +28,9 @@ module Mihari
       #
       # @return [Boolean] true if it is valid, otherwise false
       #
-      def valid_disallowed_data_value?(value)
+      def valid_falsepositive?(value)
         begin
-          normalize_disallowed_data_value value
+          normalize_falsepositive value
         rescue RegexpError
           return false
         end

data/lib/mihari/models/alert.rb CHANGED Viewed

@@ -28,20 +28,7 @@ module Mihari
         relation = build_relation(filter.without_pagination)
         alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
-        eager_load(
-          {
-            artifacts: [
-              :autonomous_system,
-              :geolocation,
-              :whois_record,
-              :dns_records,
-              :reverse_dns_names,
-              :cpes,
-              :ports
-            ]
-          },
-          :tags
-        ).where(id: [alert_ids]).order(id: :desc)
+        eager_load(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
       end
       #
@@ -83,7 +70,7 @@ module Mihari
         relation = relation.where(artifacts: { id: artifact_ids }) unless artifact_ids.empty?
         relation = relation.where(tags: { name: filter.tag_name }) if filter.tag_name
-        relation = relation.where(source: filter.source) if filter.source
+        relation = relation.where(rule_id: filter.rule_id) if filter.rule_id
         relation = relation.where(title: filter.title) if filter.title
         relation = relation.where("description LIKE ?", "%#{filter.description}%") if filter.description

data/lib/mihari/models/artifact.rb CHANGED Viewed

@@ -25,8 +25,12 @@ module Mihari
     validates_with ArtifactValidator
+    # @return [Array<Mihari::Tag>] Tags
     attr_accessor :tags
+    # @return [String, nil] Rule ID
+    attr_accessor :rule_id
     def initialize(*args, **kwargs)
       attrs = args.first || kwargs
       data_ = attrs[:data]
@@ -36,27 +40,34 @@ module Mihari
       super(*args, **kwargs)
       self.data_type = TypeChecker.type(data)
-      self.tags = []
+      @tags = []
+      @rule_id = ""
     end
     #
     # Check uniqueness of artifact
     #
-    # @param [Boolean] ignore_old_artifacts
-    # @param [Integer] ignore_threshold
+    # @param [Time, nil] base_time Base time to check decaying
+    # @param [Integer, nil] artifact_lifetime Artifact lifetime (TTL) in seconds
     #
     # @return [Boolean] true if it is unique. Otherwise false.
     #
-    def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
-      artifact = self.class.where(data: data).order(created_at: :desc).first
+    def unique?(base_time: nil, artifact_lifetime: nil)
+      artifact = self.class.joins(:alert).where(
+        data: data,
+        alert: { rule_id: rule_id }
+      ).order(created_at: :desc).first
       return true if artifact.nil?
-      return false unless ignore_old_artifacts
+      # check whetehr the artifact is decayed or not
+      return false if artifact_lifetime.nil?
+      # use the current UTC time if base_time is not given (for testing)
+      base_time ||= Time.now.utc
-      days_before = (-ignore_threshold).days.from_now.utc
-      # if an artifact is created before {ignore_threshold} days, ignore it
-      #                           within {ignore_threshold} days, do not ignore it
-      artifact.created_at < days_before
+      decayed_at = base_time - (artifact_lifetime || -1).seconds
+      artifact.created_at < decayed_at
     end
     #
@@ -139,14 +150,14 @@ module Mihari
       whois: [
         :enrich_whois
       ],
-      ipinfo: [
-        :enrich_autonomous_system,
-        :enrich_geolocation
+      ipinfo: %i[
+        enrich_autonomous_system
+        enrich_geolocation
       ],
-      shodan: [
-        :enrich_ports,
-        :enrich_cpes,
-        :enrich_reverse_dns
+      shodan: %i[
+        enrich_ports
+        enrich_cpes
+        enrich_reverse_dns
       ],
       google_public_dns: [
         :enrich_dns

data/lib/mihari/models/rule.rb CHANGED Viewed

@@ -4,24 +4,18 @@ require "yaml"
 module Mihari
   class Rule < ActiveRecord::Base
-    has_many :alerts, foreign_key: :source
+    has_many :alerts, dependent: :destroy
     def symbolized_data
       @symbolized_data ||= data.deep_symbolize_keys
     end
-    #
-    # Returns a hash representative
-    #
-    # @return [Hash]
-    #
-    def to_h
-      {
-        id: id,
-        yaml: yaml || data.to_yaml,
-        created_at: created_at,
-        updated_at: updated_at
-      }
+    def yaml
+      data.to_yaml
+    end
+    def tags
+      (data["tags"] || []).map { |tag| { name: tag } }
     end
     class << self

data/lib/mihari/schemas/emitter.rb CHANGED Viewed

@@ -2,20 +2,18 @@
 module Mihari
   module Schemas
-    Emitter = Dry::Schema.Params do
-      required(:emitter).value(Types::EmitterTypes)
+    Database = Dry::Schema.Params do
+      required(:emitter).value(Types::String.enum("database"))
     end
     MISP = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("misp"))
-      optional(:api_endpoint).value(:string)
       optional(:url).value(:string)
       optional(:api_key).value(:string)
     end
     TheHive = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("the_hive"))
-      optional(:api_endpoint).value(:string)
       optional(:url).value(:string)
       optional(:api_key).value(:string)
       optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
@@ -27,11 +25,11 @@ module Mihari
       optional(:channel).value(:string)
     end
-    HTTP = Dry::Schema.Params do
-      required(:emitter).value(Types::String.enum("http"))
+    Webhook = Dry::Schema.Params do
+      required(:emitter).value(Types::String.enum("webhook"))
       required(:url).value(:string)
-      optional(:http_request_method).value(Types::HTTPRequestMethods).default("POST")
-      optional(:http_request_headers).value(:hash).default({})
+      optional(:method).value(Types::HTTPRequestMethods).default("POST")
+      optional(:headers).value(:hash).default({})
       optional(:template).value(:string)
     end
   end

data/lib/mihari/schemas/rule.rb CHANGED Viewed

@@ -7,18 +7,17 @@ require "mihari/schemas/enricher"
 module Mihari
   module Schemas
     Rule = Dry::Schema.Params do
+      required(:id).value(:string)
       required(:title).value(:string)
       required(:description).value(:string)
       optional(:tags).value(array[:string]).default([])
-      optional(:id).value(:string)
-      optional(:status).value(:string)
-      optional(:related).value(array[:string])
+      optional(:author).value(:string)
       optional(:references).value(array[:string])
+      optional(:related).value(array[:string])
+      optional(:status).value(:string)
-      optional(:author).value(:string)
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
@@ -26,15 +25,14 @@ module Mihari
         AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
       end
-      optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
+      optional(:emitters).value(:array).each { Database | MISP | TheHive | Slack | Webhook }
       optional(:enrichers).value(:array).each(Enricher)
-      optional(:allowed_data_types).value(array[Types::DataTypes]).default(ALLOWED_DATA_TYPES)
-      optional(:disallowed_data_values).value(array[:string]).default([])
+      optional(:data_types).value(array[Types::DataTypes]).default(DEFAULT_DATA_TYPES)
+      optional(:falsepositives).value(array[:string]).default([])
-      optional(:ignore_old_artifacts).value(:bool).default(false)
-      optional(:ignore_threshold).value(:integer).default(0)
+      optional(:artifact_lifetime).value(:integer)
       before(:key_coercer) do |result|
         # it looks like that dry-schema v1.9.1 has an issue with setting an array of schemas as a default value
@@ -53,13 +51,13 @@ module Mihari
     end
     class RuleContract < Dry::Validation::Contract
-      include Mihari::Mixins::DisallowedDataValue
+      include Mihari::Mixins::FalsePositive
       params(Rule)
-      rule(:disallowed_data_values) do
+      rule(:falsepositives) do
         value.each do |v|
-          key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
+          key.failure("#{v} is not a valid format.") unless valid_falsepositive?(v)
         end
       end
     end

data/lib/mihari/structs/config.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Mihari
+  module Structs
+    class Config < Dry::Struct
+      attribute :name, Types::String
+      attribute :type, Types::String
+      attribute :is_configured, Types::Bool
+      attribute :values, Types.Array(Types::Hash).optional
+      #
+      # @param [Class<Mihari::Analyzers::Base>, Class<Mihari::Emitters::Base>] klass
+      #
+      # @return [Mihari::Structs::Config, nil] config
+      #
+      def self.from_class(klass)
+        return nil if klass == Mihari::Analyzers::Rule
+        name = klass.to_s.split("::").last.to_s
+        is_analyzer = klass.ancestors.include?(Mihari::Analyzers::Base)
+        is_emitter = klass.ancestors.include?(Mihari::Emitters::Base)
+        is_enricher = klass.ancestors.include?(Mihari::Enrichers::Base)
+        type = "Analyzer"
+        type = "Emitter" if is_emitter
+        type = "Enricher" if is_enricher
+        begin
+          instance = is_analyzer ? klass.new("dummy") : klass.new
+          is_configured = instance.configured?
+          values = instance.configuration_values
+          new(name: name, values: values, is_configured: is_configured, type: type)
+        rescue ArgumentError => _e
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/mihari/structs/filters.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Mihari
         class SearchFilter < Dry::Struct
           attribute? :artifact_data, Types::String.optional
           attribute? :description, Types::String.optional
-          attribute? :source, Types::String.optional
+          attribute? :rule_id, Types::String.optional
           attribute? :tag_name, Types::String.optional
           attribute? :title, Types::String.optional
           attribute? :from_at, Types::DateTime.optional
@@ -30,7 +30,7 @@ module Mihari
               artifact_data: artifact_data,
               description: description,
               from_at: from_at,
-              source: source,
+              rule_id: rule_id,
               tag_name: tag_name,
               title: title,
               to_at: to_at,