mihari 4.12.0 → 5.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (147) hide show
  1. checksums.yaml +4 -4
  2. data/Steepfile +0 -1
  3. data/lib/mihari/analyzers/base.rb +12 -28
  4. data/lib/mihari/analyzers/rule.rb +23 -36
  5. data/lib/mihari/cli/main.rb +6 -11
  6. data/lib/mihari/commands/initializer.rb +47 -0
  7. data/lib/mihari/commands/{search.rb → searcher.rb} +9 -20
  8. data/lib/mihari/commands/validator.rb +2 -2
  9. data/lib/mihari/constants.rb +3 -3
  10. data/lib/mihari/database.rb +52 -87
  11. data/lib/mihari/emitters/database.rb +16 -7
  12. data/lib/mihari/emitters/misp.rb +13 -5
  13. data/lib/mihari/emitters/slack.rb +15 -8
  14. data/lib/mihari/emitters/the_hive.rb +42 -21
  15. data/lib/mihari/emitters/webhook.rb +99 -31
  16. data/lib/mihari/entities/alert.rb +7 -5
  17. data/lib/mihari/entities/artifact.rb +20 -8
  18. data/lib/mihari/entities/config.rb +2 -6
  19. data/lib/mihari/entities/rule.rb +8 -0
  20. data/lib/mihari/http.rb +13 -13
  21. data/lib/mihari/mixins/{disallowed_data_value.rb → falsepositive.rb} +8 -8
  22. data/lib/mihari/models/alert.rb +2 -15
  23. data/lib/mihari/models/artifact.rb +28 -17
  24. data/lib/mihari/models/rule.rb +7 -13
  25. data/lib/mihari/schemas/emitter.rb +6 -8
  26. data/lib/mihari/schemas/rule.rb +11 -13
  27. data/lib/mihari/structs/config.rb +41 -0
  28. data/lib/mihari/structs/filters.rb +2 -2
  29. data/lib/mihari/structs/rule.rb +96 -83
  30. data/lib/mihari/templates/rule.yml.erb +5 -23
  31. data/lib/mihari/types.rb +1 -1
  32. data/lib/mihari/version.rb +1 -1
  33. data/lib/mihari/web/api.rb +0 -2
  34. data/lib/mihari/web/endpoints/alerts.rb +11 -3
  35. data/lib/mihari/web/endpoints/configs.rb +1 -6
  36. data/lib/mihari/web/endpoints/rules.rb +27 -15
  37. data/lib/mihari/web/public/assets/{fa-brands-400-b1d1c1b0.ttf → fa-brands-400-2ef6fdde.ttf} +0 -0
  38. data/lib/mihari/web/public/assets/fa-brands-400-f4617423.woff2 +0 -0
  39. data/lib/mihari/web/public/assets/fa-regular-400-12dea17b.ttf +0 -0
  40. data/lib/mihari/web/public/assets/fa-regular-400-7ba24c41.woff2 +0 -0
  41. data/lib/mihari/web/public/assets/fa-solid-900-67a880b4.ttf +0 -0
  42. data/lib/mihari/web/public/assets/fa-solid-900-e2c5cf54.woff2 +0 -0
  43. data/lib/mihari/web/public/assets/fa-v4compatibility-7c377405.woff2 +0 -0
  44. data/lib/mihari/web/public/assets/fa-v4compatibility-8d9500e8.ttf +0 -0
  45. data/lib/mihari/web/public/assets/{index-07aa1ba2.css → index-625e95fe.css} +3 -3
  46. data/lib/mihari/web/public/assets/index-63900d73.js +50 -0
  47. data/lib/mihari/web/public/index.html +2 -2
  48. data/lib/mihari/web/public/redoc-static.html +26 -27
  49. data/lib/mihari.rb +11 -21
  50. data/mihari.gemspec +4 -4
  51. metadata +25 -111
  52. data/lib/mihari/cli/init.rb +0 -11
  53. data/lib/mihari/cli/validator.rb +0 -11
  54. data/lib/mihari/commands/init.rb +0 -51
  55. data/lib/mihari/emitters/http.rb +0 -127
  56. data/lib/mihari/entities/source.rb +0 -9
  57. data/lib/mihari/status.rb +0 -55
  58. data/lib/mihari/web/endpoints/sources.rb +0 -19
  59. data/lib/mihari/web/public/assets/fa-brands-400-c61287c2.woff2 +0 -0
  60. data/lib/mihari/web/public/assets/fa-regular-400-5da313b0.woff2 +0 -0
  61. data/lib/mihari/web/public/assets/fa-regular-400-d7b19fe2.ttf +0 -0
  62. data/lib/mihari/web/public/assets/fa-solid-900-8f06540f.woff2 +0 -0
  63. data/lib/mihari/web/public/assets/fa-solid-900-e4f6a7e9.ttf +0 -0
  64. data/lib/mihari/web/public/assets/fa-v4compatibility-2ddb3b41.ttf +0 -0
  65. data/lib/mihari/web/public/assets/fa-v4compatibility-f46715c9.woff2 +0 -0
  66. data/lib/mihari/web/public/assets/index-a7fe697b.js +0 -63
  67. data/sig/lib/mihari/analyzers/base.rbs +0 -90
  68. data/sig/lib/mihari/analyzers/binaryedge.rbs +0 -26
  69. data/sig/lib/mihari/analyzers/censys.rbs +0 -41
  70. data/sig/lib/mihari/analyzers/circl.rbs +0 -31
  71. data/sig/lib/mihari/analyzers/crtsh.rbs +0 -17
  72. data/sig/lib/mihari/analyzers/dnpedia.rbs +0 -15
  73. data/sig/lib/mihari/analyzers/dnstwister.rbs +0 -25
  74. data/sig/lib/mihari/analyzers/feed.rbs +0 -20
  75. data/sig/lib/mihari/analyzers/onyphe.rbs +0 -34
  76. data/sig/lib/mihari/analyzers/otx.rbs +0 -33
  77. data/sig/lib/mihari/analyzers/passivetotal.rbs +0 -35
  78. data/sig/lib/mihari/analyzers/pulsedive.rbs +0 -27
  79. data/sig/lib/mihari/analyzers/rule.rbs +0 -68
  80. data/sig/lib/mihari/analyzers/securitytrails.rbs +0 -33
  81. data/sig/lib/mihari/analyzers/shodan.rbs +0 -36
  82. data/sig/lib/mihari/analyzers/urlscan.rbs +0 -31
  83. data/sig/lib/mihari/analyzers/virustotal.rbs +0 -31
  84. data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs +0 -33
  85. data/sig/lib/mihari/analyzers/zoomeye.rbs +0 -35
  86. data/sig/lib/mihari/cli/base.rbs +0 -9
  87. data/sig/lib/mihari/cli/init.rbs +0 -7
  88. data/sig/lib/mihari/cli/main.rbs +0 -9
  89. data/sig/lib/mihari/cli/validator.rbs +0 -7
  90. data/sig/lib/mihari/commands/init.rbs +0 -9
  91. data/sig/lib/mihari/commands/json.rbs +0 -7
  92. data/sig/lib/mihari/commands/search.rbs +0 -35
  93. data/sig/lib/mihari/commands/validator.rbs +0 -9
  94. data/sig/lib/mihari/commands/web.rbs +0 -7
  95. data/sig/lib/mihari/constants.rbs +0 -5
  96. data/sig/lib/mihari/database.rbs +0 -25
  97. data/sig/lib/mihari/emitters/base.rbs +0 -18
  98. data/sig/lib/mihari/emitters/database.rbs +0 -9
  99. data/sig/lib/mihari/emitters/http.rbs +0 -35
  100. data/sig/lib/mihari/emitters/misp.rbs +0 -34
  101. data/sig/lib/mihari/emitters/slack.rbs +0 -73
  102. data/sig/lib/mihari/emitters/stdout.rbs +0 -9
  103. data/sig/lib/mihari/emitters/the_hive.rbs +0 -32
  104. data/sig/lib/mihari/emitters/webhook.rbs +0 -20
  105. data/sig/lib/mihari/enrichers/base.rbs +0 -12
  106. data/sig/lib/mihari/enrichers/google_public_dns.rbs +0 -18
  107. data/sig/lib/mihari/enrichers/ipinfo.rbs +0 -16
  108. data/sig/lib/mihari/errors.rbs +0 -10
  109. data/sig/lib/mihari/feed/parser.rbs +0 -11
  110. data/sig/lib/mihari/feed/reader.rbs +0 -56
  111. data/sig/lib/mihari/http.rbs +0 -64
  112. data/sig/lib/mihari/mixins/autonomous_system.rbs +0 -14
  113. data/sig/lib/mihari/mixins/configurable.rbs +0 -30
  114. data/sig/lib/mihari/mixins/configuration.rbs +0 -45
  115. data/sig/lib/mihari/mixins/disallowed_data_value.rbs +0 -23
  116. data/sig/lib/mihari/mixins/error_notification.rbs +0 -12
  117. data/sig/lib/mihari/mixins/hash.rbs +0 -14
  118. data/sig/lib/mihari/mixins/refang.rbs +0 -14
  119. data/sig/lib/mihari/mixins/retriable.rbs +0 -15
  120. data/sig/lib/mihari/models/alert.rbs +0 -18
  121. data/sig/lib/mihari/models/artifact.rbs +0 -69
  122. data/sig/lib/mihari/models/autonomous_system.rbs +0 -14
  123. data/sig/lib/mihari/models/cpe.rbs +0 -7
  124. data/sig/lib/mihari/models/dns.rbs +0 -19
  125. data/sig/lib/mihari/models/geolocation.rbs +0 -15
  126. data/sig/lib/mihari/models/port.rbs +0 -7
  127. data/sig/lib/mihari/models/reverse_dns.rbs +0 -14
  128. data/sig/lib/mihari/models/rule.rbs +0 -17
  129. data/sig/lib/mihari/models/tag.rbs +0 -5
  130. data/sig/lib/mihari/models/tagging.rbs +0 -4
  131. data/sig/lib/mihari/models/whois.rbs +0 -66
  132. data/sig/lib/mihari/status.rbs +0 -25
  133. data/sig/lib/mihari/structs/censys.rbs +0 -58
  134. data/sig/lib/mihari/structs/filters.rbs +0 -40
  135. data/sig/lib/mihari/structs/google_public_dns.rbs +0 -21
  136. data/sig/lib/mihari/structs/greynoise.rbs +0 -30
  137. data/sig/lib/mihari/structs/ipinfo.rbs +0 -17
  138. data/sig/lib/mihari/structs/onyphe.rbs +0 -25
  139. data/sig/lib/mihari/structs/rule.rbs +0 -57
  140. data/sig/lib/mihari/structs/shodan.rbs +0 -30
  141. data/sig/lib/mihari/structs/urlscan.rbs +0 -28
  142. data/sig/lib/mihari/structs/virustotal_intelligence.rbs +0 -33
  143. data/sig/lib/mihari/type_checker.rbs +0 -48
  144. data/sig/lib/mihari/types.rbs +0 -23
  145. data/sig/lib/mihari/version.rbs +0 -3
  146. data/sig/lib/mihari/web/app.rbs +0 -5
  147. data/sig/lib/mihari.rbs +0 -54
@@ -14,7 +14,7 @@ module Mihari
14
14
  def initialize(*args, **kwargs)
15
15
  super(*args, **kwargs)
16
16
 
17
- @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.misp_url
17
+ @url = kwargs[:url] || Mihari.config.misp_url
18
18
  @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
19
19
 
20
20
  ::MISP.configure do |config|
@@ -39,16 +39,24 @@ module Mihari
39
39
  true
40
40
  end
41
41
 
42
- def emit(title:, artifacts:, tags: [], **_options)
42
+ #
43
+ # Create a MISP event
44
+ #
45
+ # @param [Arra<Mihari::Artifact>] artifacts
46
+ # @param [Mihari::Structs::Rule] rule
47
+ #
48
+ # @return [::MISP::Event]
49
+ #
50
+ def emit(rule:, artifacts:, **_options)
43
51
  return if artifacts.empty?
44
52
 
45
- event = ::MISP::Event.new(info: title)
53
+ event = ::MISP::Event.new(info: rule.title)
46
54
 
47
55
  artifacts.each do |artifact|
48
56
  event.attributes << build_attribute(artifact)
49
57
  end
50
58
 
51
- tags.each do |tag|
59
+ rule.tags.each do |tag|
52
60
  event.add_tag name: tag
53
61
  end
54
62
 
@@ -66,7 +74,7 @@ module Mihari
66
74
  #
67
75
  # @param [Mihari::Artifact] artifact
68
76
  #
69
- # @return [::MISP::Attribute] <description>
77
+ # @return [::MISP::Attribute]
70
78
  #
71
79
  def build_attribute(artifact)
72
80
  ::MISP::Attribute.new(value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data))
@@ -167,30 +167,37 @@ module Mihari
167
167
  #
168
168
  # Build a text
169
169
  #
170
- # @param [String] title
171
- # @param [String] description
172
- # @param [Array<String>] tags
170
+ # @param [Mihari::Structs::Rule] rule
173
171
  #
174
172
  # @return [String]
175
173
  #
176
- def to_text(title:, description:, tags: [])
174
+ def to_text(rule)
175
+ tags = rule.tags
177
176
  tags = ["N/A"] if tags.empty?
178
177
 
179
178
  [
180
- "*#{title}*",
181
- "*Desc.*: #{description}",
179
+ "*#{rule.title}*",
180
+ "*Desc.*: #{rule.description}",
182
181
  "*Tags*: #{tags.join(", ")}"
183
182
  ].join("\n")
184
183
  end
185
184
 
186
- def emit(title:, description:, artifacts:, tags: [], **_options)
185
+ def emit(rule:, artifacts:, **_options)
187
186
  return if artifacts.empty?
188
187
 
189
188
  attachments = to_attachments(artifacts)
190
- text = to_text(title: title, description: description, tags: tags)
189
+ text = to_text(rule)
191
190
 
192
191
  notifier.post(text: text, attachments: attachments, mrkdwn: true)
193
192
  end
193
+
194
+ def configuration_keys
195
+ %w[slack_webhook_url slack_channel]
196
+ end
197
+
198
+ def configured?
199
+ valid?
200
+ end
194
201
  end
195
202
  end
196
203
  end
@@ -17,7 +17,7 @@ module Mihari
17
17
  def initialize(*args, **kwargs)
18
18
  super(*args, **kwargs)
19
19
 
20
- @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.thehive_url
20
+ @url = kwargs[:url] || Mihari.config.thehive_url
21
21
  @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
22
22
  @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
23
23
  end
@@ -38,10 +38,18 @@ module Mihari
38
38
  true
39
39
  end
40
40
 
41
- def emit(title:, description:, artifacts:, tags: [], **_options)
41
+ #
42
+ # Create a Hive alert
43
+ #
44
+ # @param [Arra<Mihari::Artifact>] artifacts
45
+ # @param [Mihari::Structs::Rule] rule
46
+ #
47
+ # @return [::MISP::Event]
48
+ #
49
+ def emit(rule:, artifacts:, **_options)
42
50
  return if artifacts.empty?
43
51
 
44
- payload = payload(title: title, description: description, artifacts: artifacts, tags: tags)
52
+ payload = payload(rule: rule, artifacts: artifacts)
45
53
  api.alert.create(**payload)
46
54
  end
47
55
 
@@ -93,36 +101,49 @@ module Mihari
93
101
  !api_key.nil?
94
102
  end
95
103
 
96
- def payload(title:, description:, artifacts:, tags: [])
97
- if normalized_api_version.nil?
98
- return v4_payload(title: title, description: description, artifacts: artifacts,
99
- tags: tags)
100
- end
104
+ #
105
+ # Build payload for alert
106
+ #
107
+ # @param [Arra<Mihari::Artifact>] artifacts
108
+ # @param [Mihari::Structs::Rule] rule
109
+ #
110
+ # @return [<Type>] <description>
111
+ #
112
+ def payload(rule:, artifacts:)
113
+ return v4_payload(rule: rule, artifacts: artifacts) if normalized_api_version.nil?
101
114
 
102
- v5_payload(title: title, description: description, artifacts: artifacts, tags: tags)
115
+ v5_payload(rule: rule, artifacts: artifacts)
103
116
  end
104
117
 
105
- def v4_payload(title:, description:, artifacts:, tags: [])
118
+ def v4_payload(rule:, artifacts:)
106
119
  {
107
- title: title,
108
- description: description,
120
+ title: rule.title,
121
+ description: rule.description,
109
122
  artifacts: artifacts.map do |artifact|
110
- { data: artifact.data, data_type: artifact.data_type, message: description }
111
- end,
112
- tags: tags,
123
+ {
124
+ data: artifact.data,
125
+ data_type: artifact.data_type,
126
+ message: rule.description
127
+ }
128
+ end,
129
+ tags: rule.tags,
113
130
  type: "external",
114
131
  source: "mihari"
115
132
  }
116
133
  end
117
134
 
118
- def v5_payload(title:, description:, artifacts:, tags: [])
135
+ def v5_payload(rule:, artifacts:)
119
136
  {
120
- title: title,
121
- description: description,
137
+ title: rule.title,
138
+ description: rule.description,
122
139
  observables: artifacts.map do |artifact|
123
- { data: artifact.data, data_type: artifact.data_type, message: description }
124
- end,
125
- tags: tags,
140
+ {
141
+ data: artifact.data,
142
+ data_type: artifact.data_type,
143
+ message: rule.description
144
+ }
145
+ end,
146
+ tags: rule.tags,
126
147
  type: "external",
127
148
  source: "mihari",
128
149
  source_ref: "1"
@@ -1,54 +1,122 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "erb"
4
+
3
5
  module Mihari
4
6
  module Emitters
5
- class Webhook < Base
6
- # @return [Boolean]
7
- def valid?
8
- webhook_url?
7
+ class PayloadTemplate < ERB
8
+ def self.template
9
+ %{
10
+ {
11
+ "rule": {
12
+ "id": "<%= @rule.id %>",
13
+ "title": "<%= @rule.title %>",
14
+ "description": "<%= @rule.description %>"
15
+ },
16
+ "artifacts": [
17
+ <% @artifacts.each_with_index do |artifact, idx| %>
18
+ "<%= artifact.data %>"
19
+ <%= ',' if idx < (@artifacts.length - 1) %>
20
+ <% end %>
21
+ ],
22
+ "tags": [
23
+ <% @rule.tags.each_with_index do |tag, idx| %>
24
+ "<%= tag %>"
25
+ <%= ',' if idx < (@rule.tags.length - 1) %>
26
+ <% end %>
27
+ ]
28
+ }
29
+ }
9
30
  end
10
31
 
11
- def emit(title:, description:, artifacts:, source:, tags:)
12
- return if artifacts.empty?
32
+ def initialize(artifacts:, rule:, options: {})
33
+ @artifacts = artifacts
34
+ @rule = rule
13
35
 
14
- headers = { "content-type": "application/x-www-form-urlencoded" }
15
- headers["content-type"] = "application/json" if use_json_body?
36
+ @template = options.fetch(:template, self.class.template)
37
+ super(@template)
38
+ end
16
39
 
17
- emitter = Emitters::HTTP.new(uri: Mihari.config.webhook_url)
18
- emitter.emit(title: title, description: description, artifacts: artifacts, source: source, tags: tags)
40
+ def result
41
+ super(binding)
19
42
  end
43
+ end
20
44
 
21
- private
45
+ class Webhook < Base
46
+ # @return [Addressable::URI, nil]
47
+ attr_reader :url
22
48
 
23
- def configuration_keys
24
- %w[webhook_url]
25
- end
49
+ # @return [Hash]
50
+ attr_reader :headers
51
+
52
+ # @return [String]
53
+ attr_reader :method
26
54
 
27
- #
28
- # Webhook URL
29
- #
30
55
  # @return [String, nil]
31
- #
32
- def webhook_url
33
- @webhook_url ||= Mihari.config.webhook_url
56
+ attr_reader :template
57
+
58
+ def initialize(*args, **kwargs)
59
+ super(*args, **kwargs)
60
+
61
+ url = kwargs[:url]
62
+ headers = kwargs[:headers] || {}
63
+ method = kwargs[:method] || "POST"
64
+ template = kwargs[:template]
65
+
66
+ @url = Addressable::URI.parse(url)
67
+ @headers = headers
68
+ @method = method
69
+ @template = template
34
70
  end
35
71
 
36
- #
37
- # Check whether a webhook URL is set or not
38
- #
39
- # @return [Boolean]
40
- #
41
- def webhook_url?
42
- !webhook_url.nil?
72
+ def emit(artifacts:, rule:)
73
+ return if artifacts.empty?
74
+
75
+ res = nil
76
+
77
+ payload_ = payload_as_string(artifacts: artifacts, rule: rule)
78
+ payload = JSON.parse(payload_)
79
+
80
+ client = Mihari::HTTP.new(url, headers: headers, payload: payload)
81
+
82
+ case method
83
+ when "GET"
84
+ res = client.get
85
+ when "POST"
86
+ res = client.post
87
+ end
88
+
89
+ res
43
90
  end
44
91
 
92
+ def valid?
93
+ return false if url.nil?
94
+
95
+ %w[http https].include? url.scheme.downcase
96
+ end
97
+
98
+ private
99
+
45
100
  #
46
- # Check whether to use JSON body or not
101
+ # Convert payload into string
47
102
  #
48
- # @return [Boolean]
103
+ # @param [Array<Mihari::Artifact>] artifacts
104
+ # @param [Mihari::Structs::Rule] rule
49
105
  #
50
- def use_json_body?
51
- @use_json_body ||= Mihari.config.webhook_use_json_body
106
+ # @return [String]
107
+ #
108
+ def payload_as_string(artifacts:, rule:)
109
+ @payload_as_string ||= [].tap do |out|
110
+ options = {}
111
+ options[:template] = File.read(template) unless template.nil?
112
+
113
+ payload_template = PayloadTemplate.new(
114
+ artifacts: artifacts,
115
+ rule: rule,
116
+ options: options
117
+ )
118
+ out << payload_template.result
119
+ end.first
52
120
  end
53
121
  end
54
122
  end
@@ -3,13 +3,15 @@
3
3
  module Mihari
4
4
  module Entities
5
5
  class Alert < Grape::Entity
6
- expose :id, documentation: { type: Integer, required: true }
7
- expose :title, documentation: { type: String, required: true }
8
- expose :description, documentation: { type: String, required: true }
9
- expose :source, documentation: { type: String, required: true }
6
+ expose :id,
7
+ documentation: { type: String, required: true,
8
+ desc: "String representation of the ID" } do |alert, _options|
9
+ alert.id.to_s
10
+ end
11
+ expose :rule_id, documentation: { type: String, required: true }, as: :ruleId
10
12
  expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
11
13
 
12
- expose :artifacts, using: Entities::Artifact, documentation: { type: Entities::Artifact, is_array: true }
14
+ expose :artifacts, using: Entities::BaseArtifact, documentation: { type: Entities::BaseArtifact, is_array: true }
13
15
  expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
14
16
  end
15
17
 
@@ -2,29 +2,41 @@
2
2
 
3
3
  module Mihari
4
4
  module Entities
5
- class Artifact < Grape::Entity
6
- expose :id, documentation: { type: Integer, required: true }
5
+ class BaseArtifact < Grape::Entity
6
+ expose :id,
7
+ documentation: { type: String, required: true,
8
+ desc: "String representation of the ID" } do |artifact, _options|
9
+ artifact.id.to_s
10
+ end
7
11
  expose :data, documentation: { type: String, required: true }
8
12
  expose :data_type, documentation: { type: String, required: true }, as: :dataType
9
13
  expose :source, documentation: { type: String, required: true }
10
14
  expose :tags, documentation: { type: String, is_array: true }
11
15
 
12
16
  expose :metadata, documentation: { type: Hash }
17
+ end
13
18
 
14
- expose :autonomous_system, using: Entities::AutonomousSystem, documentation: { type: Entities::AutonomousSystem, required: false }, as: :autonomousSystem
19
+ class Artifact < BaseArtifact
20
+ expose :autonomous_system, using: Entities::AutonomousSystem,
21
+ documentation: { type: Entities::AutonomousSystem, required: false }, as: :autonomousSystem
15
22
  expose :geolocation, using: Entities::Geolocation, documentation: { type: Entities::Geolocation, required: false }
16
- expose :whois_record, using: Entities::WhoisRecord, documentation: { type: Entities::WhoisRecord, required: false }, as: :whoisRecord
23
+ expose :whois_record, using: Entities::WhoisRecord,
24
+ documentation: { type: Entities::WhoisRecord, required: false }, as: :whoisRecord
17
25
 
18
- expose :reverse_dns_names, using: Entities::ReverseDnsName, documentation: { type: Entities::ReverseDnsName, is_array: true, required: false }, as: :reverseDnsNames do |status, _options|
26
+ expose :reverse_dns_names, using: Entities::ReverseDnsName,
27
+ documentation: { type: Entities::ReverseDnsName, is_array: true, required: false }, as: :reverseDnsNames do |status, _options|
19
28
  status.reverse_dns_names.empty? ? nil : status.reverse_dns_names
20
29
  end
21
- expose :dns_records, using: Entities::DnsRecord, documentation: { type: Entities::DnsRecord, is_array: true, required: false }, as: :dnsRecords do |status, _options|
30
+ expose :dns_records, using: Entities::DnsRecord,
31
+ documentation: { type: Entities::DnsRecord, is_array: true, required: false }, as: :dnsRecords do |status, _options|
22
32
  status.dns_records.empty? ? nil : status.dns_records
23
33
  end
24
- expose :ceps, using: Entities::CPE, documentation: { type: Entities::CPE, is_array: true, required: false }, as: :cpes do |status, _options|
34
+ expose :ceps, using: Entities::CPE, documentation: { type: Entities::CPE, is_array: true, required: false },
35
+ as: :cpes do |status, _options|
25
36
  status.cpes.empty? ? nil : status.cpes
26
37
  end
27
- expose :ports, using: Entities::Port, documentation: { type: Entities::Port, is_array: true, required: false }, as: :ports do |status, _options|
38
+ expose :ports, using: Entities::Port, documentation: { type: Entities::Port, is_array: true, required: false },
39
+ as: :ports do |status, _options|
28
40
  status.ports.empty? ? nil : status.ports
29
41
  end
30
42
  end
@@ -2,15 +2,11 @@
2
2
 
3
3
  module Mihari
4
4
  module Entities
5
- class ConfigStatus < Grape::Entity
5
+ class Config < Grape::Entity
6
+ expose :name, documentation: { type: String, required: true }
6
7
  expose :type, documentation: { type: String, required: true }
7
8
  expose :values, documentation: { type: String, is_array: true, required: true }
8
9
  expose :is_configured, documentation: { type: Grape::API::Boolean, required: true }, as: :isConfigured
9
10
  end
10
-
11
- class Config < Grape::Entity
12
- expose :name, documentation: { type: String, required: true }
13
- expose :status, using: Entities::ConfigStatus, documentation: { type: ConfigStatus, required: true }
14
- end
15
11
  end
16
12
  end
@@ -14,9 +14,13 @@ module Mihari
14
14
 
15
15
  class Rule < Grape::Entity
16
16
  expose :id, documentation: { type: String, required: true }
17
+ expose :title, documentation: { type: String, required: true }
18
+ expose :description, documentation: { type: String, required: true }
17
19
  expose :yaml, documentation: { type: String, required: true }
18
20
  expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
19
21
  expose :updated_at, documentation: { type: DateTime, required: true }, as: :updatedAt
22
+
23
+ expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
20
24
  end
21
25
 
22
26
  class RulesWithPagination < Grape::Entity
@@ -25,5 +29,9 @@ module Mihari
25
29
  expose :current_page, documentation: { type: Integer, required: true }, as: :currentPage
26
30
  expose :page_size, documentation: { type: Integer, required: true }, as: :pageSize
27
31
  end
32
+
33
+ class RuleIDs < Grape::Entity
34
+ expose :rule_ids, documentation: { type: Array[String], required: true }, as: :ruleIds
35
+ end
28
36
  end
29
37
  end
data/lib/mihari/http.rb CHANGED
@@ -4,10 +4,10 @@ require "insensitive_hash"
4
4
 
5
5
  module Mihari
6
6
  class HTTP
7
- attr_reader :uri, :headers, :payload
7
+ attr_reader :url, :headers, :payload
8
8
 
9
- def initialize(uri, headers: {}, payload: {})
10
- @uri = uri.is_a?(URI) ? uri : URI(uri.to_s)
9
+ def initialize(url, headers: {}, payload: {})
10
+ @url = url.is_a?(URI) ? url : URI(url.to_s)
11
11
  @headers = headers.insensitive
12
12
  @payload = payload
13
13
  end
@@ -18,10 +18,10 @@ module Mihari
18
18
  # @return [Net::HTTPResponse]
19
19
  #
20
20
  def get
21
- new_uri = uri.deep_dup
22
- new_uri.query = Addressable::URI.form_encode(payload) unless payload.empty?
21
+ new_url = url.deep_dup
22
+ new_url.query = Addressable::URI.form_encode(payload) unless payload.empty?
23
23
 
24
- get = Net::HTTP::Get.new(new_uri)
24
+ get = Net::HTTP::Get.new(new_url)
25
25
  request get
26
26
  end
27
27
 
@@ -31,7 +31,7 @@ module Mihari
31
31
  # @return [Net::HTTPResponse]
32
32
  #
33
33
  def post
34
- post = Net::HTTP::Post.new(uri)
34
+ post = Net::HTTP::Post.new(url)
35
35
 
36
36
  case content_type
37
37
  when "application/json"
@@ -44,13 +44,13 @@ module Mihari
44
44
  end
45
45
 
46
46
  class << self
47
- def get(uri, headers: {}, params: {})
48
- client = new(uri, headers: headers, payload: params)
47
+ def get(url, headers: {}, params: {})
48
+ client = new(url, headers: headers, payload: params)
49
49
  client.get
50
50
  end
51
51
 
52
- def post(uri, headers: {}, payload: {})
53
- client = new(uri, headers: headers, payload: payload)
52
+ def post(url, headers: {}, payload: {})
53
+ client = new(url, headers: headers, payload: payload)
54
54
  client.post
55
55
  end
56
56
  end
@@ -67,7 +67,7 @@ module Mihari
67
67
  # @return [Hahs]
68
68
  #
69
69
  def https_options
70
- return { use_ssl: true } if uri.scheme == "https"
70
+ return { use_ssl: true } if url.scheme == "https"
71
71
 
72
72
  {}
73
73
  end
@@ -80,7 +80,7 @@ module Mihari
80
80
  # @return [Net::HTTPResponse]
81
81
  #
82
82
  def request(req)
83
- Net::HTTP.start(uri.host, uri.port, https_options) do |http|
83
+ Net::HTTP.start(url.host, url.port, https_options) do |http|
84
84
  # set headers
85
85
  headers.each do |k, v|
86
86
  req[k] = v
@@ -2,24 +2,24 @@
2
2
 
3
3
  module Mihari
4
4
  module Mixins
5
- module DisallowedDataValue
5
+ module FalsePositive
6
6
  include Memist::Memoizable
7
7
 
8
8
  #
9
- # Normalize a value as a disallowed data value
9
+ # Normalize a falsepositive value
10
10
  #
11
- # @param [String] value Data value
11
+ # @param [String] value
12
12
  #
13
- # @return [String, Regexp] Normalized value
13
+ # @return [String, Regexp]
14
14
  #
15
- def normalize_disallowed_data_value(value)
15
+ def normalize_falsepositive(value)
16
16
  return value if !value.start_with?("/") || !value.end_with?("/")
17
17
 
18
18
  # if a value is surrounded by slashes, take it as a regexp
19
19
  value_without_slashes = value[1..-2]
20
20
  Regexp.compile value_without_slashes.to_s
21
21
  end
22
- memoize :normalize_disallowed_data_value
22
+ memoize :normalize_falsepositive
23
23
 
24
24
  #
25
25
  # Check whetehr a value is valid format as a disallowed data value
@@ -28,9 +28,9 @@ module Mihari
28
28
  #
29
29
  # @return [Boolean] true if it is valid, otherwise false
30
30
  #
31
- def valid_disallowed_data_value?(value)
31
+ def valid_falsepositive?(value)
32
32
  begin
33
- normalize_disallowed_data_value value
33
+ normalize_falsepositive value
34
34
  rescue RegexpError
35
35
  return false
36
36
  end
@@ -28,20 +28,7 @@ module Mihari
28
28
  relation = build_relation(filter.without_pagination)
29
29
 
30
30
  alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
31
- eager_load(
32
- {
33
- artifacts: [
34
- :autonomous_system,
35
- :geolocation,
36
- :whois_record,
37
- :dns_records,
38
- :reverse_dns_names,
39
- :cpes,
40
- :ports
41
- ]
42
- },
43
- :tags
44
- ).where(id: [alert_ids]).order(id: :desc)
31
+ eager_load(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
45
32
  end
46
33
 
47
34
  #
@@ -83,7 +70,7 @@ module Mihari
83
70
  relation = relation.where(artifacts: { id: artifact_ids }) unless artifact_ids.empty?
84
71
  relation = relation.where(tags: { name: filter.tag_name }) if filter.tag_name
85
72
 
86
- relation = relation.where(source: filter.source) if filter.source
73
+ relation = relation.where(rule_id: filter.rule_id) if filter.rule_id
87
74
  relation = relation.where(title: filter.title) if filter.title
88
75
 
89
76
  relation = relation.where("description LIKE ?", "%#{filter.description}%") if filter.description