mihari 5.4.4 → 5.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -25
- data/docs/alternatives.md +5 -0
- data/docs/analyzers/binaryedge.md +26 -0
- data/docs/analyzers/censys.md +31 -0
- data/docs/analyzers/circl.md +37 -0
- data/docs/analyzers/crtsh.md +26 -0
- data/docs/analyzers/dnstwister.md +25 -0
- data/docs/analyzers/feed.md +73 -0
- data/docs/analyzers/greynoise.md +26 -0
- data/docs/analyzers/hunterhow.md +33 -0
- data/docs/analyzers/index.md +79 -0
- data/docs/analyzers/onyphe.md +26 -0
- data/docs/analyzers/otx.md +28 -0
- data/docs/analyzers/passivetotal.md +48 -0
- data/docs/analyzers/pulsedive.md +28 -0
- data/docs/analyzers/securitytrails.md +37 -0
- data/docs/analyzers/shodan.md +26 -0
- data/docs/analyzers/urlscan.md +28 -0
- data/docs/analyzers/virustotal.md +39 -0
- data/docs/analyzers/virustotal_intelligence.md +29 -0
- data/docs/analyzers/zoomeye.md +33 -0
- data/docs/configuration.md +35 -0
- data/docs/emitters/database.md +22 -0
- data/docs/emitters/hive.md +26 -0
- data/docs/emitters/index.md +7 -0
- data/docs/emitters/misp.md +21 -0
- data/docs/emitters/slack.md +26 -0
- data/docs/emitters/webhook.md +63 -0
- data/docs/enrichers/google_public_dns.md +19 -0
- data/docs/enrichers/index.md +6 -0
- data/docs/enrichers/ipinfo.md +19 -0
- data/docs/enrichers/shodan.md +22 -0
- data/docs/enrichers/whois.md +17 -0
- data/docs/github_actions.md +43 -0
- data/docs/index.md +13 -0
- data/docs/installation.md +31 -0
- data/docs/requirements.md +20 -0
- data/docs/rule.md +171 -0
- data/docs/tags.md +3 -0
- data/docs/usage.md +100 -0
- data/frontend/package-lock.json +232 -229
- data/frontend/package.json +7 -7
- data/lib/mihari/analyzers/feed.rb +7 -7
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/public/assets/{index-ef33a6cd.js → index-0a5a47bf.js} +43 -41
- data/lib/mihari/web/public/index.html +1 -1
- data/mihari.gemspec +1 -1
- data/mkdocs.yml +35 -0
- data/requirements.txt +2 -0
- metadata +45 -4
data/docs/usage.md
ADDED
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
# Usage
|
|
2
|
+
|
|
3
|
+
```bash
|
|
4
|
+
$ mihari
|
|
5
|
+
Commands:
|
|
6
|
+
mihari --version, -v # Print the version
|
|
7
|
+
mihari alert # Sub commands for alert
|
|
8
|
+
mihari db # Sub commands for DB
|
|
9
|
+
mihari help [COMMAND] # Describe available commands or one specific command
|
|
10
|
+
mihari rule # Sub commands for rule
|
|
11
|
+
mihari search [PATH_OR_ID] # Search by a rule
|
|
12
|
+
mihari web # Launch the web app
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## `mihari db`
|
|
16
|
+
|
|
17
|
+
This sub command is for initializing/migrating database.
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
mihari db migrate
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
See [Database](./emitters/database.md) for detailed database configuration.
|
|
24
|
+
|
|
25
|
+
## `mihari rule`
|
|
26
|
+
|
|
27
|
+
This sub command is for validating/initializing a rule.
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
mihari rule init /path/to/rule.yml
|
|
31
|
+
mihari rule validate /path/to/rule.yml
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## `mihari search`
|
|
35
|
+
|
|
36
|
+
This is a command for running a rule.
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
mihari search /path/to/rule.yml
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
Mihari asks whether really you want to update a rule if there is a diff by default.
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
$ mihari search /path/to/rule.yml
|
|
46
|
+
There is a diff in the rule (6254bb74-5e5d-42ad-bc1e-231da0293b0f). Are you sure you want to overwrite the rule? (y/n)
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
It can be suppressed by providing `-f`.
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
mihari search -f /path/to/rule.yml
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
## `mihari add`
|
|
56
|
+
|
|
57
|
+
You may want to add an alert manually. You can do that by this command.
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
mihari alert /path/to/alert.yml
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## `mihari web`
|
|
64
|
+
|
|
65
|
+
This command is for launching the built-in web app.
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
mihari web
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
It stars the app with `localhost:9292`. You can configure it by providing options.
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
$ mihari help web
|
|
75
|
+
Usage:
|
|
76
|
+
mihari web
|
|
77
|
+
|
|
78
|
+
Options:
|
|
79
|
+
[--port=N] # Hostname to listen on
|
|
80
|
+
# Default: 9292
|
|
81
|
+
[--host=HOST] # Port to listen on
|
|
82
|
+
# Default: localhost
|
|
83
|
+
[--threads=THREADS] # min:max threads to use
|
|
84
|
+
# Default: 0:5
|
|
85
|
+
[--verbose], [--no-verbose] # Report each request
|
|
86
|
+
# Default: true
|
|
87
|
+
[--worker-timeout=N] # Worker timeout value (in seconds)
|
|
88
|
+
# Default: 60
|
|
89
|
+
[--hide-config-values], [--no-hide-config-values] # Whether to hide config values or not
|
|
90
|
+
# Default: true
|
|
91
|
+
[--open], [--no-open] # Whether to open the app in browser or not
|
|
92
|
+
# Default: true
|
|
93
|
+
[--rack-env=RACK_ENV] # Rack environment
|
|
94
|
+
# Default: production
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
!!! tip
|
|
98
|
+
|
|
99
|
+
The built-in web app offers API to interact with Mihari.
|
|
100
|
+
The API docs are available on `/redoc-static.html`
|