mihari 5.4.8 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (90) hide show
  1. checksums.yaml +4 -4
  2. data/docs/analyzers/binaryedge.md +2 -2
  3. data/docs/analyzers/censys.md +3 -3
  4. data/docs/analyzers/circl.md +3 -3
  5. data/docs/analyzers/crtsh.md +2 -2
  6. data/docs/analyzers/dnstwister.md +1 -1
  7. data/docs/analyzers/feed.md +7 -7
  8. data/docs/analyzers/greynoise.md +2 -2
  9. data/docs/analyzers/hunterhow.md +4 -4
  10. data/docs/analyzers/index.md +13 -8
  11. data/docs/analyzers/onyphe.md +2 -2
  12. data/docs/analyzers/otx.md +2 -2
  13. data/docs/analyzers/passivetotal.md +3 -3
  14. data/docs/analyzers/pulsedive.md +2 -2
  15. data/docs/analyzers/securitytrails.md +2 -2
  16. data/docs/analyzers/shodan.md +2 -2
  17. data/docs/analyzers/urlscan.md +2 -2
  18. data/docs/analyzers/virustotal.md +2 -2
  19. data/docs/analyzers/virustotal_intelligence.md +2 -2
  20. data/docs/analyzers/zoomeye.md +3 -3
  21. data/docs/emitters/hive.md +3 -3
  22. data/docs/emitters/index.md +29 -0
  23. data/docs/emitters/misp.md +2 -2
  24. data/docs/emitters/slack.md +2 -2
  25. data/docs/emitters/webhook.md +4 -4
  26. data/docs/enrichers/index.md +29 -0
  27. data/docs/enrichers/ipinfo.md +7 -0
  28. data/docs/index.md +0 -2
  29. data/docs/installation.md +1 -1
  30. data/docs/rule.md +11 -11
  31. data/frontend/package-lock.json +294 -2772
  32. data/frontend/package.json +10 -10
  33. data/lib/mihari/analyzers/base.rb +15 -8
  34. data/lib/mihari/analyzers/binaryedge.rb +5 -1
  35. data/lib/mihari/analyzers/censys.rb +6 -1
  36. data/lib/mihari/analyzers/greynoise.rb +5 -1
  37. data/lib/mihari/analyzers/hunterhow.rb +5 -1
  38. data/lib/mihari/analyzers/onyphe.rb +5 -1
  39. data/lib/mihari/analyzers/rule.rb +43 -7
  40. data/lib/mihari/analyzers/shodan.rb +5 -1
  41. data/lib/mihari/analyzers/urlscan.rb +5 -1
  42. data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -1
  43. data/lib/mihari/analyzers/zoomeye.rb +5 -1
  44. data/lib/mihari/clients/base.rb +7 -7
  45. data/lib/mihari/clients/binaryedge.rb +10 -4
  46. data/lib/mihari/clients/censys.rb +11 -4
  47. data/lib/mihari/clients/greynoise.rb +10 -4
  48. data/lib/mihari/clients/hunterhow.rb +10 -4
  49. data/lib/mihari/clients/misp.rb +3 -2
  50. data/lib/mihari/clients/onyphe.rb +10 -4
  51. data/lib/mihari/clients/shodan.rb +10 -4
  52. data/lib/mihari/clients/the_hive.rb +3 -2
  53. data/lib/mihari/clients/urlscan.rb +9 -3
  54. data/lib/mihari/clients/virustotal.rb +10 -4
  55. data/lib/mihari/clients/zoomeye.rb +11 -5
  56. data/lib/mihari/config.rb +8 -0
  57. data/lib/mihari/emitters/base.rb +49 -12
  58. data/lib/mihari/emitters/misp.rb +7 -6
  59. data/lib/mihari/emitters/slack.rb +24 -6
  60. data/lib/mihari/emitters/the_hive.rb +8 -7
  61. data/lib/mihari/emitters/webhook.rb +31 -29
  62. data/lib/mihari/enrichers/base.rb +53 -16
  63. data/lib/mihari/enrichers/google_public_dns.rb +33 -42
  64. data/lib/mihari/enrichers/ipinfo.rb +32 -34
  65. data/lib/mihari/enrichers/shodan.rb +18 -26
  66. data/lib/mihari/enrichers/whois.rb +121 -111
  67. data/lib/mihari/http.rb +3 -1
  68. data/lib/mihari/mixins/retriable.rb +4 -2
  69. data/lib/mihari/models/artifact.rb +37 -23
  70. data/lib/mihari/models/autonomous_system.rb +3 -2
  71. data/lib/mihari/models/cpe.rb +3 -2
  72. data/lib/mihari/models/dns.rb +3 -2
  73. data/lib/mihari/models/geolocation.rb +3 -2
  74. data/lib/mihari/models/port.rb +3 -2
  75. data/lib/mihari/models/reverse_dns.rb +3 -2
  76. data/lib/mihari/models/whois.rb +4 -3
  77. data/lib/mihari/schemas/analyzer.rb +2 -1
  78. data/lib/mihari/schemas/emitter.rb +39 -25
  79. data/lib/mihari/schemas/enricher.rb +28 -2
  80. data/lib/mihari/schemas/rule.rb +6 -2
  81. data/lib/mihari/version.rb +1 -1
  82. data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
  83. data/lib/mihari/web/public/assets/index-b5d817a3.js +1749 -0
  84. data/lib/mihari/web/public/index.html +1 -1
  85. data/lib/mihari/web/public/redoc-static.html +400 -400
  86. data/mihari.gemspec +2 -2
  87. data/mkdocs.yml +8 -6
  88. data/requirements.txt +1 -1
  89. metadata +7 -7
  90. data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 80cd943b56266398aebedf99a1d4f41cee448f22d1338353c42d6eb014d9663f
4
- data.tar.gz: 5e1fe745405432f5bfa711371f7065b0a0f5ca9db1fb3348cc240644ac230350
3
+ metadata.gz: 0a0bb32d105b9879fbf87b5bcd5d49a4930cc9e054c42f992bd5c58d883ea8b0
4
+ data.tar.gz: 0c547d79f1a1950008f4797a743bf84b7bc1b766d693eb9c2e9b93d150ee4cb9
5
5
  SHA512:
6
- metadata.gz: 1bdbee7c0359654bdc6ca06b61b9f36df098a239a854394dc44d91fbc44fd9379fec38fe345f85e7decb6a032393d30e792baef9f530aaf10f5e6876af93b2fd
7
- data.tar.gz: 5c47ad00c85b343d32b6f615e2ad89504d744eaae3bd4425708f2244a2515597d1dd07355cf70a8d55781be25e96c65301147876b097822e023a3851dd8cf40f
6
+ metadata.gz: f9d5217d01e12da402ad9edde9dbeb35c14f6b18061807c48e9e0f6b84419b009b0bbdd4848d3df7302ba4c414c0fe004d7e0ee86a3e9fa29dcaea7bb79b6a8e
7
+ data.tar.gz: aa353778dc0f9eb1d525c828e7e662531ba1318f8c380a93cd1f0bd7eca8da33dba7915de297695223cf53a7c3de35419f152ae6d1c199382e6aa7e870a629f2
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
@@ -20,12 +20,12 @@ secret: ...
20
20
 
21
21
  ### Query
22
22
 
23
- `query` is a search query.
23
+ `query` (`string`) is a search query.
24
24
 
25
25
  ### ID
26
26
 
27
- `id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
27
+ `id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
28
28
 
29
29
  ### Secret
30
30
 
31
- `secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
31
+ `secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
@@ -26,12 +26,12 @@ username: ...
26
26
 
27
27
  ### Query
28
28
 
29
- `query` is a domain or SHA1 certificate fingerprint.
29
+ `query` (`string`) is a domain or SHA1 certificate fingerprint.
30
30
 
31
31
  ### Username
32
32
 
33
- `username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
33
+ `username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
34
34
 
35
35
  ### Password
36
36
 
37
- `password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
37
+ `password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
@@ -19,8 +19,8 @@ exclude_expired: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### Exclude Expired
25
25
 
26
- `exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
26
+ `exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
@@ -18,7 +18,7 @@ query: ...
18
18
 
19
19
  ### Query
20
20
 
21
- `query` is a search query.
21
+ `query` (`string`) is a search query.
22
22
 
23
23
  !!! tip
24
24
 
@@ -19,7 +19,7 @@ json: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a URL of a feed.
22
+ `query` (`string`) is a URL of a feed.
23
23
 
24
24
  !!! note
25
25
 
@@ -27,27 +27,27 @@ json: ...
27
27
 
28
28
  ### Method
29
29
 
30
- `method` is an HTTP method. Defaults to `GET`.
30
+ `method` (`string`) is an HTTP method. Defaults to `GET`.
31
31
 
32
32
  ### Selector
33
33
 
34
- `selector` is a `jr` selector.
34
+ `selector` (`string`) is a `jr` selector.
35
35
 
36
36
  ### Headers
37
37
 
38
- `headers` (hash) is an HTTP headers. Optional.
38
+ `headers` (`hash`) is an HTTP headers. Optional.
39
39
 
40
40
  ### Params
41
41
 
42
- `params` (hash) is an HTTP query params. Optional.
42
+ `params` (`hash`) is an HTTP query params. Optional.
43
43
 
44
44
  ### Data
45
45
 
46
- `data` (hash) is an HTTP form data. Optional.
46
+ `data` (`hash`) is an HTTP form data. Optional.
47
47
 
48
48
  ### JSON
49
49
 
50
- `json` (hash) is an JSON body. Optional.
50
+ `json` (`hash`) is an JSON body. Optional.
51
51
 
52
52
  ## Examples
53
53
 
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a GNQL search query.
22
+ `query` (`string`) is a GNQL search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
@@ -21,13 +21,13 @@ end_time: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a search query.
24
+ `query` (`string`) is a search query.
25
25
 
26
26
  ### Start/End Time
27
27
 
28
- - `start_time` (date): Only show results after the given date.
29
- - `end_time` (date): Only show results after the given date.
28
+ - `start_time` (`date`): Only show results after the given date.
29
+ - `end_time` (`date`): Only show results after the given date.
30
30
 
31
31
  ### API key
32
32
 
33
- `api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
33
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
@@ -27,39 +27,44 @@ analyzer: ...
27
27
  query: ...
28
28
  options:
29
29
  timeout: ...
30
- interval: ...
30
+ pagination_interval: ...
31
31
  pagination_limit: ...
32
32
  retry_times: ...
33
33
  retry_interval: ...
34
+ retry_exponential_backoff: ...
34
35
  ignore_error: ...
35
36
  ```
36
37
 
37
38
  ### Timeout
38
39
 
39
- `timeout` is an HTTP timeout in seconds. Optional.
40
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
40
41
 
41
- ### Interval
42
+ ### Pagination Interval
42
43
 
43
- `interval` is an interval in seconds between pagination. (If an analyzer does pagination). Optional.
44
+ `pagination_interval` (`integer`) is an interval in seconds between pagination. Optional. Defaults to 0.
44
45
 
45
46
  ### Pagination Limit
46
47
 
47
- `pagination_limit` is an limit for pagination. Defaults to 100.
48
+ `pagination_limit` (`integer`) is an limit for pagination. Optional. Defaults to 100.
48
49
 
49
50
  In the worst case, if something wrong with Mihari or a service, Mihari can drain API quota by doing pagination forever.
50
51
  `pagination_limit` is a safety valve for that. A number of pagination is limited as `pagination_limit` times.
51
52
 
52
53
  ### Retry Times
53
54
 
54
- `retry_times` is a number of times of retry when something goes wrong. Defaults to 3.
55
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
55
56
 
56
57
  ### Retry Interval
57
58
 
58
- `retry_interval` is an interval in seconds between retries. Defaults to 5.
59
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
60
+
61
+ ### Retry Exponential Backoff
62
+
63
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
59
64
 
60
65
  ### Ignore Error
61
66
 
62
- `ignore_error` controls whether to ignore an error or not. Defaults to `false`.
67
+ `ignore_error` (`bool`) controls whether to ignore an error or not. Optional. Defaults to `false`.
63
68
 
64
69
  Mihari uses fail-fast approach. For example, if Shodan returns an error, the Censys query next is not triggered because Mihari raises an error before it.
65
70
 
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a passive DNS search query. Domain or IP address.
24
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
@@ -33,7 +33,7 @@ api_key: ...
33
33
 
34
34
  ### Query
35
35
 
36
- `query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
36
+ `query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
37
37
 
38
38
  - Passive DNS: Domain, IP Address
39
39
  - Passive SSL: SHA1 certificate fingerprint
@@ -41,8 +41,8 @@ api_key: ...
41
41
 
42
42
  ### Username
43
43
 
44
- `username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
44
+ `username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
45
45
 
46
46
  ### API Key
47
47
 
48
- `api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
48
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a passive DNS search query. Domain or IP address.
24
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
@@ -30,8 +30,8 @@ api_key: ...
30
30
 
31
31
  ### Query
32
32
 
33
- `query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
33
+ `query` (`string`) is a passive DNS search/reverse whois query. Domain, IP address or mail.
34
34
 
35
35
  ### API Key
36
36
 
37
- `api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
37
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a search query.
24
+ `query` (`string`) is a search query.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
@@ -32,8 +32,8 @@ api_key: ...
32
32
 
33
33
  ### Query
34
34
 
35
- `query` is a passive DNS search query. Domain or IP address.
35
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
36
36
 
37
37
  ### API Key
38
38
 
39
- `api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
39
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
@@ -22,8 +22,8 @@ api_key: ...
22
22
 
23
23
  ### Query
24
24
 
25
- `query` is a search query.
25
+ `query` (`string`) is a search query.
26
26
 
27
27
  ### API Key
28
28
 
29
- `api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
29
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
@@ -22,12 +22,12 @@ api_key: ...
22
22
 
23
23
  ### Query
24
24
 
25
- `query` is a search query.
25
+ `query` (`string`) is a search query.
26
26
 
27
27
  ### Type
28
28
 
29
- `type` determines a search type. `web` or `host`.
29
+ `type` (`string`) determines a search type. `web` or `host`.
30
30
 
31
31
  ### API Key
32
32
 
33
- `api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
33
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
@@ -15,12 +15,12 @@ api_version: ...
15
15
 
16
16
  ### URL
17
17
 
18
- `url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
18
+ `url` (`string`) is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
19
19
 
20
20
  ### API Key
21
21
 
22
- `api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
22
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
23
23
 
24
24
  ### API Version
25
25
 
26
- `api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
26
+ `api_version` (`string`) is a version of The Hive API. Optional. `v4` or `v5`. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
@@ -5,3 +5,32 @@
5
5
  - [MISP](misp.md)
6
6
  - [Slack](slack.md)
7
7
  - [Webhook](webhook.md)
8
+
9
+ ## Options
10
+
11
+ All the emitters can have optional `options`.
12
+
13
+ ```yaml
14
+ emitter: ...
15
+ options:
16
+ timeout: ...
17
+ retry_times: ...
18
+ retry_interval: ...
19
+ retry_exponential_backoff: ...
20
+ ```
21
+
22
+ ### Timeout
23
+
24
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
25
+
26
+ ### Retry Times
27
+
28
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
29
+
30
+ ### Retry Interval
31
+
32
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
33
+
34
+ ### Retry Exponential Backoff
35
+
36
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
@@ -14,8 +14,8 @@ api_key: ...
14
14
 
15
15
  ### URL
16
16
 
17
- `url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
17
+ `url` (`string`) is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
18
18
 
19
19
  ### API Key
20
20
 
21
- `api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
21
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
@@ -19,8 +19,8 @@ channel: ...
19
19
 
20
20
  ### Webhook URL
21
21
 
22
- `url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
22
+ `url` (`string`) is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
23
23
 
24
24
  ### API Key
25
25
 
26
- `channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
26
+ `channel` (`string`) is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
@@ -14,19 +14,19 @@ template: ...
14
14
 
15
15
  ### URL
16
16
 
17
- `url` is a webhook URL.
17
+ `url` (`string`) is a webhook URL.
18
18
 
19
19
  ### Method
20
20
 
21
- `method` is an HTTP method. Optional. Defaults to `POST`.
21
+ `method` (`string`)is an HTTP method. Optional. Defaults to `POST`.
22
22
 
23
23
  ### Headers
24
24
 
25
- `headers` (hash) is HTTP headers. Optional.
25
+ `headers` (`hash`) are HTTP headers. Optional.
26
26
 
27
27
  ### Template
28
28
 
29
- `template` is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
29
+ `template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
30
30
 
31
31
  You can use the following parameters inside an ERB template.
32
32
 
@@ -4,3 +4,32 @@
4
4
  - [IPInfo](ipinfo.md)
5
5
  - [Shodan](shodan.md)
6
6
  - [Whois](whois.md)
7
+
8
+ ## Options
9
+
10
+ All the emitters can have optional `options`.
11
+
12
+ ```yaml
13
+ enricher: ...
14
+ options:
15
+ timeout: ...
16
+ retry_times: ...
17
+ retry_interval: ...
18
+ retry_exponential_backoff: ...
19
+ ```
20
+
21
+ ### Timeout
22
+
23
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
24
+
25
+ ### Retry Times
26
+
27
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
28
+
29
+ ### Retry Interval
30
+
31
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
32
+
33
+ ### Retry Exponential Backoff
34
+
35
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
@@ -12,8 +12,15 @@ This enricher uses ipinfo.io API to enrich an IP artifact.
12
12
 
13
13
  ```yaml
14
14
  enricher: ipinfo
15
+ api_key: ...
15
16
  ```
16
17
 
18
+ ## Components
19
+
20
+ ### API Key
21
+
22
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”IPINFO_API_KEY”]`.
23
+
17
24
  ## Supported Artifacts
18
25
 
19
26
  - IP address
data/docs/index.md CHANGED
@@ -9,5 +9,3 @@ Mihari can aggregate multiple searches across multiple services in a single rule
9
9
  - [How to Write a Rule](./rule.md)
10
10
  - [Usage](./usage.md)
11
11
  - [Configuration](./configuration.md)
12
- - [GitHub Actions](./github_actions.md)
13
- - [Alternatives](./alternatives.md)
data/docs/installation.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  ## Ruby Gem
4
4
 
5
- Mihari is packaged as a Ruby Gem.
5
+ Mihari is packaged as a Ruby Gem. Thus you can install it via `gem` command.
6
6
 
7
7
  ```bash
8
8
  gem install mihari
data/docs/rule.md CHANGED
@@ -68,36 +68,36 @@ falsepositives: []
68
68
 
69
69
  ### ID
70
70
 
71
- `id` is an unique ID of a rule. UUID v4 is recommended.
71
+ `id` (`string`) is an unique ID of a rule. UUID v4 is recommended.
72
72
 
73
73
  ### Title
74
74
 
75
- `title` is a title of a rule.
75
+ `title` (`string`) is a title of a rule.
76
76
 
77
77
  ### Description
78
78
 
79
- `description` is a short description of a rule.
79
+ `description` (`string`) is a short description of a rule.
80
80
 
81
81
  ### Created/Updated On
82
82
 
83
- `created_on` is a date of a rule creation. Optional.
83
+ `created_on` (`date`) is a date of a rule creation. Optional.
84
84
  Also a rule can have `updated_on` that is a date of a rule modification. Optional.
85
85
 
86
86
  ### Tags
87
87
 
88
- `tags` is a list of tags of a rule.
88
+ `tags` (`array[:string]`) is a list of tags of a rule.
89
89
 
90
90
  ### Author
91
91
 
92
- `author` is an author of a rule. Optional.
92
+ `author` (`string`) is an author of a rule. Optional.
93
93
 
94
94
  ### References
95
95
 
96
- `references` is a list of a references of a rule. Optional.
96
+ `references` (`array[:string]`) is a list of a references of a rule. Optional.
97
97
 
98
98
  ### Related
99
99
 
100
- `related` is a list of related rule IDs. Optional.
100
+ `related` (`array[:string]`) is a list of related rule IDs. Optional.
101
101
 
102
102
  ### Queries
103
103
 
@@ -130,7 +130,7 @@ Defaults to:
130
130
 
131
131
  ### Data Types
132
132
 
133
- `data_types` is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
133
+ `data_types` (`array[:string]`) is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
134
134
 
135
135
  Defaults to:
136
136
 
@@ -142,11 +142,11 @@ Defaults to:
142
142
 
143
143
  ### False positives
144
144
 
145
- `falsepositives` is a list of false positive values. A string or regexp can be used in here.
145
+ `falsepositives` (`array[:string]`) is a list of false positive values. A string or regexp can be used in here.
146
146
 
147
147
  ### Artifact TTL
148
148
 
149
- `artifact_ttl` (alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
149
+ `artifact_ttl` (`integer` / alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
150
150
 
151
151
  Mihari rejects a same artifact in a same rule in general.
152
152