mihari 4.9.0 → 4.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85756e55047ef3bde95c50c1ac3c474adbd29828bf1f95618f3aac85638a1752
-  data.tar.gz: babe64cf74a96f659057b06ac3b5864b6faa2c3ec9b7e3f0f9b57bce7dd635a8
+  metadata.gz: eda042a7f3e0c70bb86a1008d24556b2daf4264142e01936e4bdab3da275ff39
+  data.tar.gz: a5e3711ecb0fb982ce6280fbed12261d753e2224966e3961ac2cfe2b83e0e15d
 SHA512:
-  metadata.gz: 5c15c65a8952c1fbcf695feba8add8a7fc962eaac9ca426a18dd510663573dc9fe6b27472ca0edcd1ff9fb86b68a49ce8c459e3a7d90eabe9dbbe1e4506181d8
-  data.tar.gz: aceb04f0f6e78af7f0df2293d78a4d4d20bcf1827e70d45e3f425e38b128c5f9194dbdac608b29b44852af77b626ccbdd03583e7170d5330a2b584c7cbdca55b
+  metadata.gz: f33e198db0d4964eb15372b30ef6733aaf3efe51b31640e62e33da2412089e30f618ea9509cc86d57a6e38ae65eac1dd5c7f3fab9c2dc1d5793d005bdcb95862
+  data.tar.gz: d7824b329d6117c2539e62044374b989538e4d22fd7641eb63b11db3b766ef52943f3559cb6a43be440b60f55609a763e316661e69196d6749486c8027cad5b2

data/lib/mihari/analyzers/base.rb

@@ -72,10 +72,22 @@ module Mihari
       #
       # @param [Mihari::Emitters::Base] emitter
       #
-      # @return [nil]
+      # @return [Mihari::Alert, nil]
       #
       def run_emitter(emitter)
-        emitter.run(title: title, description: description, artifacts: enriched_artifacts, source: source, tags: tags)
+        return if enriched_artifacts.empty?
+
+        alert_or_something = emitter.run(
+          title: title,
+          description: description,
+          artifacts: enriched_artifacts,
+          source: source,
+          tags: tags
+        )
+
+        Mihari.logger.info "Emission by #{emitter.class} is succedded"
+
+        alert_or_something
       rescue StandardError => e
         Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
       end

data/lib/mihari/analyzers/circl.rb

@@ -71,7 +71,7 @@ module Mihari
         results = api.dns.query(@query)
         results.filter_map do |result|
           type = result["rrtype"]
-          type == "A" ? result["rdata"] : nil
+          (type == "A") ? result["rdata"] : nil
         end.uniq
       end
 

data/lib/mihari/commands/search.rb

@@ -44,7 +44,7 @@ module Mihari
                 data = Mihari::Entities::Alert.represent(alert)
                 puts JSON.pretty_generate(data.as_json)
               else
-                Mihari.logger.info "There is no new artifact"
+                Mihari.logger.info "No new alert created in the database"
               end
 
               # record a rule

data/lib/mihari/emitters/misp.rb

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class MISP < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
 
       # @return [String, nil]
       attr_reader :api_key
@@ -14,18 +14,29 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
 
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.misp_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.misp_url
         @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
 
         ::MISP.configure do |config|
-          config.api_endpoint = api_endpoint
+          config.api_endpoint = url
           config.api_key = api_key
         end
       end
 
       # @return [Boolean]
       def valid?
-        api_endpoint? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("MISP URL is not set") unless url?
+          Mihari.logger.info("MISP API key is not set") unless api_key?
+          return false
+        end
+
+        unless ping?
+          Mihari.logger.info("MISP URL (#{url}) is not reachable")
+          return false
+        end
+
+        true
       end
 
       def emit(title:, artifacts:, tags: [], **_options)
@@ -47,7 +58,7 @@ module Mihari
       private
 
       def configuration_keys
-        %w[misp_api_endpoint misp_api_key]
+        %w[misp_url misp_api_key]
       end
 
       #
@@ -103,12 +114,12 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpoint?
-        !api_endpoint.nil? && !api_endpoint.empty?
+      def url?
+        !url.nil? && !url.empty?
       end
 
       #
@@ -121,15 +132,15 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-        url = "#{base_url}/users/login"
+        base_url = url.end_with?("/") ? url[0..-2] : url
+        login_url = "#{base_url}/users/login"
 
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(login_url)
         http.ping?
       end
     end

data/lib/mihari/emitters/slack.rb

@@ -87,13 +87,13 @@ module Mihari
 
       # @return [String, nil]
       def _censys_link
-        data_type == "ip" ? "https://search.censys.io/hosts/#{data}" : nil
+        (data_type == "ip") ? "https://search.censys.io/hosts/#{data}" : nil
       end
       memoize :_censys_link
 
       # @return [String, nil]
       def _shodan_link
-        data_type == "ip" ? "https://www.shodan.io/host/#{data}" : nil
+        (data_type == "ip") ? "https://www.shodan.io/host/#{data}" : nil
       end
       memoize :_shodan_link
 

data/lib/mihari/emitters/the_hive.rb

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class TheHive < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
 
       # @return [String, nil]
       attr_reader :api_key
@@ -17,14 +17,25 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
 
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.thehive_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.thehive_url
         @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
         @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
       end
 
       # @return [Boolean]
       def valid?
-        api_endpont? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("TheHive URL is not set") unless url?
+          Mihari.logger.info("TheHive API key is not set") unless api_key?
+          return false
+        end
+
+        unless ping?
+          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
+          return false
+        end
+
+        true
       end
 
       def emit(title:, description:, artifacts:, tags: [], **_options)
@@ -57,20 +68,20 @@ module Mihari
       private
 
       def configuration_keys
-        %w[thehive_api_endpoint thehive_api_key]
+        %w[thehive_url thehive_api_key]
       end
 
       def api
-        @api ||= Hachi::API.new(api_endpoint: api_endpoint, api_key: api_key, api_version: normalized_api_version)
+        @api ||= Hachi::API.new(api_endpoint: url, api_key: api_key, api_version: normalized_api_version)
       end
 
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpont?
-        !api_endpoint.nil?
+      def url?
+        !url.nil?
       end
 
       #
@@ -83,7 +94,10 @@ module Mihari
       end
 
       def payload(title:, description:, artifacts:, tags: [])
-        return v4_payload(title: title, description: description, artifacts: artifacts, tags: tags) if normalized_api_version.nil?
+        if normalized_api_version.nil?
+          return v4_payload(title: title, description: description, artifacts: artifacts,
+            tags: tags)
+        end
 
         v5_payload(title: title, description: description, artifacts: artifacts, tags: tags)
       end
@@ -92,7 +106,9 @@ module Mihari
         {
           title: title,
           description: description,
-          artifacts: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          artifacts: artifacts.map do |artifact|
+                       { data: artifact.data, data_type: artifact.data_type, message: description }
+                     end,
           tags: tags,
           type: "external",
           source: "mihari"
@@ -103,7 +119,9 @@ module Mihari
         {
           title: title,
           description: description,
-          observables: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          observables: artifacts.map do |artifact|
+                         { data: artifact.data, data_type: artifact.data_type, message: description }
+                       end,
           tags: tags,
           type: "external",
           source: "mihari",
@@ -112,23 +130,23 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
+        base_url = url.end_with?("/") ? url[0..-2] : url
 
         if normalized_api_version.nil?
           # for v4
-          base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-          url = "#{base_url}/index.html"
+          base_url = url.end_with?("/") ? url[0..-2] : url
+          public_url = "#{base_url}/index.html"
         else
           # for v5
-          url = "#{base_url}/api/v1/status/public"
+          public_url = "#{base_url}/api/v1/status/public"
         end
 
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(public_url)
 
         # use GET for v5
         http.get_request = true if normalized_api_version

data/lib/mihari/schemas/emitter.rb

@@ -9,12 +9,14 @@ module Mihari
     MISP = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("misp"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
     end
 
     TheHive = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("the_hive"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
       optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
     end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.9.0"
+  VERSION = "4.11.0"
 end