mihari 5.4.8 → 5.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/docs/analyzers/binaryedge.md +2 -2
- data/docs/analyzers/censys.md +3 -3
- data/docs/analyzers/circl.md +3 -3
- data/docs/analyzers/crtsh.md +2 -2
- data/docs/analyzers/dnstwister.md +1 -1
- data/docs/analyzers/feed.md +7 -7
- data/docs/analyzers/greynoise.md +2 -2
- data/docs/analyzers/hunterhow.md +4 -4
- data/docs/analyzers/index.md +13 -8
- data/docs/analyzers/onyphe.md +2 -2
- data/docs/analyzers/otx.md +2 -2
- data/docs/analyzers/passivetotal.md +3 -3
- data/docs/analyzers/pulsedive.md +2 -2
- data/docs/analyzers/securitytrails.md +2 -2
- data/docs/analyzers/shodan.md +2 -2
- data/docs/analyzers/urlscan.md +2 -2
- data/docs/analyzers/virustotal.md +2 -2
- data/docs/analyzers/virustotal_intelligence.md +2 -2
- data/docs/analyzers/zoomeye.md +3 -3
- data/docs/emitters/hive.md +3 -3
- data/docs/emitters/index.md +29 -0
- data/docs/emitters/misp.md +2 -2
- data/docs/emitters/slack.md +2 -2
- data/docs/emitters/webhook.md +4 -4
- data/docs/enrichers/index.md +29 -0
- data/docs/enrichers/ipinfo.md +7 -0
- data/docs/index.md +0 -2
- data/docs/installation.md +1 -1
- data/docs/rule.md +11 -11
- data/frontend/package-lock.json +294 -2772
- data/frontend/package.json +10 -10
- data/lib/mihari/analyzers/base.rb +15 -8
- data/lib/mihari/analyzers/binaryedge.rb +5 -1
- data/lib/mihari/analyzers/censys.rb +6 -1
- data/lib/mihari/analyzers/greynoise.rb +5 -1
- data/lib/mihari/analyzers/hunterhow.rb +5 -1
- data/lib/mihari/analyzers/onyphe.rb +5 -1
- data/lib/mihari/analyzers/rule.rb +43 -7
- data/lib/mihari/analyzers/shodan.rb +5 -1
- data/lib/mihari/analyzers/urlscan.rb +5 -1
- data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -1
- data/lib/mihari/analyzers/zoomeye.rb +5 -1
- data/lib/mihari/clients/base.rb +7 -7
- data/lib/mihari/clients/binaryedge.rb +10 -4
- data/lib/mihari/clients/censys.rb +11 -4
- data/lib/mihari/clients/greynoise.rb +10 -4
- data/lib/mihari/clients/hunterhow.rb +10 -4
- data/lib/mihari/clients/misp.rb +3 -2
- data/lib/mihari/clients/onyphe.rb +10 -4
- data/lib/mihari/clients/shodan.rb +10 -4
- data/lib/mihari/clients/the_hive.rb +3 -2
- data/lib/mihari/clients/urlscan.rb +9 -3
- data/lib/mihari/clients/virustotal.rb +10 -4
- data/lib/mihari/clients/zoomeye.rb +11 -5
- data/lib/mihari/config.rb +8 -0
- data/lib/mihari/emitters/base.rb +49 -12
- data/lib/mihari/emitters/misp.rb +7 -6
- data/lib/mihari/emitters/slack.rb +24 -6
- data/lib/mihari/emitters/the_hive.rb +8 -7
- data/lib/mihari/emitters/webhook.rb +31 -29
- data/lib/mihari/enrichers/base.rb +53 -16
- data/lib/mihari/enrichers/google_public_dns.rb +33 -42
- data/lib/mihari/enrichers/ipinfo.rb +32 -34
- data/lib/mihari/enrichers/shodan.rb +18 -26
- data/lib/mihari/enrichers/whois.rb +121 -111
- data/lib/mihari/http.rb +3 -1
- data/lib/mihari/mixins/retriable.rb +4 -2
- data/lib/mihari/models/artifact.rb +37 -23
- data/lib/mihari/models/autonomous_system.rb +3 -2
- data/lib/mihari/models/cpe.rb +3 -2
- data/lib/mihari/models/dns.rb +3 -2
- data/lib/mihari/models/geolocation.rb +3 -2
- data/lib/mihari/models/port.rb +3 -2
- data/lib/mihari/models/reverse_dns.rb +3 -2
- data/lib/mihari/models/whois.rb +4 -3
- data/lib/mihari/schemas/analyzer.rb +2 -1
- data/lib/mihari/schemas/emitter.rb +39 -25
- data/lib/mihari/schemas/enricher.rb +28 -2
- data/lib/mihari/schemas/rule.rb +6 -2
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
- data/lib/mihari/web/public/assets/index-b5d817a3.js +1749 -0
- data/lib/mihari/web/public/index.html +1 -1
- data/lib/mihari/web/public/redoc-static.html +400 -400
- data/mihari.gemspec +2 -2
- data/mkdocs.yml +8 -6
- data/requirements.txt +1 -1
- metadata +7 -7
- data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0a0bb32d105b9879fbf87b5bcd5d49a4930cc9e054c42f992bd5c58d883ea8b0
|
|
4
|
+
data.tar.gz: 0c547d79f1a1950008f4797a743bf84b7bc1b766d693eb9c2e9b93d150ee4cb9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9d5217d01e12da402ad9edde9dbeb35c14f6b18061807c48e9e0f6b84419b009b0bbdd4848d3df7302ba4c414c0fe004d7e0ee86a3e9fa29dcaea7bb79b6a8e
|
|
7
|
+
data.tar.gz: aa353778dc0f9eb1d525c828e7e662531ba1318f8c380a93cd1f0bd7eca8da33dba7915de297695223cf53a7c3de35419f152ae6d1c199382e6aa7e870a629f2
|
|
@@ -19,8 +19,8 @@ api_key: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a search query.
|
|
22
|
+
`query` (`string`) is a search query.
|
|
23
23
|
|
|
24
24
|
### API Key
|
|
25
25
|
|
|
26
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
|
|
26
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
|
data/docs/analyzers/censys.md
CHANGED
|
@@ -20,12 +20,12 @@ secret: ...
|
|
|
20
20
|
|
|
21
21
|
### Query
|
|
22
22
|
|
|
23
|
-
`query` is a search query.
|
|
23
|
+
`query` (`string`) is a search query.
|
|
24
24
|
|
|
25
25
|
### ID
|
|
26
26
|
|
|
27
|
-
`id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
|
|
27
|
+
`id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
|
|
28
28
|
|
|
29
29
|
### Secret
|
|
30
30
|
|
|
31
|
-
`secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
|
|
31
|
+
`secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
|
data/docs/analyzers/circl.md
CHANGED
|
@@ -26,12 +26,12 @@ username: ...
|
|
|
26
26
|
|
|
27
27
|
### Query
|
|
28
28
|
|
|
29
|
-
`query` is a domain or SHA1 certificate fingerprint.
|
|
29
|
+
`query` (`string`) is a domain or SHA1 certificate fingerprint.
|
|
30
30
|
|
|
31
31
|
### Username
|
|
32
32
|
|
|
33
|
-
`username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
|
|
33
|
+
`username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
|
|
34
34
|
|
|
35
35
|
### Password
|
|
36
36
|
|
|
37
|
-
`password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
|
|
37
|
+
`password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
|
data/docs/analyzers/crtsh.md
CHANGED
|
@@ -19,8 +19,8 @@ exclude_expired: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a search query.
|
|
22
|
+
`query` (`string`) is a search query.
|
|
23
23
|
|
|
24
24
|
### Exclude Expired
|
|
25
25
|
|
|
26
|
-
`exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
|
|
26
|
+
`exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
|
data/docs/analyzers/feed.md
CHANGED
|
@@ -19,7 +19,7 @@ json: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a URL of a feed.
|
|
22
|
+
`query` (`string`) is a URL of a feed.
|
|
23
23
|
|
|
24
24
|
!!! note
|
|
25
25
|
|
|
@@ -27,27 +27,27 @@ json: ...
|
|
|
27
27
|
|
|
28
28
|
### Method
|
|
29
29
|
|
|
30
|
-
`method` is an HTTP method. Defaults to `GET`.
|
|
30
|
+
`method` (`string`) is an HTTP method. Defaults to `GET`.
|
|
31
31
|
|
|
32
32
|
### Selector
|
|
33
33
|
|
|
34
|
-
`selector` is a `jr` selector.
|
|
34
|
+
`selector` (`string`) is a `jr` selector.
|
|
35
35
|
|
|
36
36
|
### Headers
|
|
37
37
|
|
|
38
|
-
`headers` (hash) is an HTTP headers. Optional.
|
|
38
|
+
`headers` (`hash`) is an HTTP headers. Optional.
|
|
39
39
|
|
|
40
40
|
### Params
|
|
41
41
|
|
|
42
|
-
`params` (hash) is an HTTP query params. Optional.
|
|
42
|
+
`params` (`hash`) is an HTTP query params. Optional.
|
|
43
43
|
|
|
44
44
|
### Data
|
|
45
45
|
|
|
46
|
-
`data` (hash) is an HTTP form data. Optional.
|
|
46
|
+
`data` (`hash`) is an HTTP form data. Optional.
|
|
47
47
|
|
|
48
48
|
### JSON
|
|
49
49
|
|
|
50
|
-
`json` (hash) is an JSON body. Optional.
|
|
50
|
+
`json` (`hash`) is an JSON body. Optional.
|
|
51
51
|
|
|
52
52
|
## Examples
|
|
53
53
|
|
data/docs/analyzers/greynoise.md
CHANGED
|
@@ -19,8 +19,8 @@ api_key: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a GNQL search query.
|
|
22
|
+
`query` (`string`) is a GNQL search query.
|
|
23
23
|
|
|
24
24
|
### API Key
|
|
25
25
|
|
|
26
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
|
|
26
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
|
data/docs/analyzers/hunterhow.md
CHANGED
|
@@ -21,13 +21,13 @@ end_time: ...
|
|
|
21
21
|
|
|
22
22
|
### Query
|
|
23
23
|
|
|
24
|
-
`query` is a search query.
|
|
24
|
+
`query` (`string`) is a search query.
|
|
25
25
|
|
|
26
26
|
### Start/End Time
|
|
27
27
|
|
|
28
|
-
- `start_time` (date): Only show results after the given date.
|
|
29
|
-
- `end_time` (date): Only show results after the given date.
|
|
28
|
+
- `start_time` (`date`): Only show results after the given date.
|
|
29
|
+
- `end_time` (`date`): Only show results after the given date.
|
|
30
30
|
|
|
31
31
|
### API key
|
|
32
32
|
|
|
33
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
|
|
33
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
|
data/docs/analyzers/index.md
CHANGED
|
@@ -27,39 +27,44 @@ analyzer: ...
|
|
|
27
27
|
query: ...
|
|
28
28
|
options:
|
|
29
29
|
timeout: ...
|
|
30
|
-
|
|
30
|
+
pagination_interval: ...
|
|
31
31
|
pagination_limit: ...
|
|
32
32
|
retry_times: ...
|
|
33
33
|
retry_interval: ...
|
|
34
|
+
retry_exponential_backoff: ...
|
|
34
35
|
ignore_error: ...
|
|
35
36
|
```
|
|
36
37
|
|
|
37
38
|
### Timeout
|
|
38
39
|
|
|
39
|
-
`timeout` is an HTTP timeout in seconds. Optional.
|
|
40
|
+
`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
|
|
40
41
|
|
|
41
|
-
### Interval
|
|
42
|
+
### Pagination Interval
|
|
42
43
|
|
|
43
|
-
`
|
|
44
|
+
`pagination_interval` (`integer`) is an interval in seconds between pagination. Optional. Defaults to 0.
|
|
44
45
|
|
|
45
46
|
### Pagination Limit
|
|
46
47
|
|
|
47
|
-
`pagination_limit` is an limit for pagination. Defaults to 100.
|
|
48
|
+
`pagination_limit` (`integer`) is an limit for pagination. Optional. Defaults to 100.
|
|
48
49
|
|
|
49
50
|
In the worst case, if something wrong with Mihari or a service, Mihari can drain API quota by doing pagination forever.
|
|
50
51
|
`pagination_limit` is a safety valve for that. A number of pagination is limited as `pagination_limit` times.
|
|
51
52
|
|
|
52
53
|
### Retry Times
|
|
53
54
|
|
|
54
|
-
`retry_times` is a number of times of retry when something goes wrong. Defaults to 3.
|
|
55
|
+
`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
|
|
55
56
|
|
|
56
57
|
### Retry Interval
|
|
57
58
|
|
|
58
|
-
`retry_interval` is an interval in seconds between retries. Defaults to 5.
|
|
59
|
+
`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
|
|
60
|
+
|
|
61
|
+
### Retry Exponential Backoff
|
|
62
|
+
|
|
63
|
+
`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
|
|
59
64
|
|
|
60
65
|
### Ignore Error
|
|
61
66
|
|
|
62
|
-
`ignore_error` controls whether to ignore an error or not. Defaults to `false`.
|
|
67
|
+
`ignore_error` (`bool`) controls whether to ignore an error or not. Optional. Defaults to `false`.
|
|
63
68
|
|
|
64
69
|
Mihari uses fail-fast approach. For example, if Shodan returns an error, the Censys query next is not triggered because Mihari raises an error before it.
|
|
65
70
|
|
data/docs/analyzers/onyphe.md
CHANGED
|
@@ -19,8 +19,8 @@ api_key: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a search query.
|
|
22
|
+
`query` (`string`) is a search query.
|
|
23
23
|
|
|
24
24
|
### API Key
|
|
25
25
|
|
|
26
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
|
|
26
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
|
data/docs/analyzers/otx.md
CHANGED
|
@@ -21,8 +21,8 @@ api_key: ...
|
|
|
21
21
|
|
|
22
22
|
### Query
|
|
23
23
|
|
|
24
|
-
`query` is a passive DNS search query. Domain or IP address.
|
|
24
|
+
`query` (`string`) is a passive DNS search query. Domain or IP address.
|
|
25
25
|
|
|
26
26
|
### API Key
|
|
27
27
|
|
|
28
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
|
|
28
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
|
|
@@ -33,7 +33,7 @@ api_key: ...
|
|
|
33
33
|
|
|
34
34
|
### Query
|
|
35
35
|
|
|
36
|
-
`query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
|
|
36
|
+
`query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
|
|
37
37
|
|
|
38
38
|
- Passive DNS: Domain, IP Address
|
|
39
39
|
- Passive SSL: SHA1 certificate fingerprint
|
|
@@ -41,8 +41,8 @@ api_key: ...
|
|
|
41
41
|
|
|
42
42
|
### Username
|
|
43
43
|
|
|
44
|
-
`username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
|
|
44
|
+
`username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
|
|
45
45
|
|
|
46
46
|
### API Key
|
|
47
47
|
|
|
48
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
|
|
48
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
|
data/docs/analyzers/pulsedive.md
CHANGED
|
@@ -21,8 +21,8 @@ api_key: ...
|
|
|
21
21
|
|
|
22
22
|
### Query
|
|
23
23
|
|
|
24
|
-
`query` is a passive DNS search query. Domain or IP address.
|
|
24
|
+
`query` (`string`) is a passive DNS search query. Domain or IP address.
|
|
25
25
|
|
|
26
26
|
### API Key
|
|
27
27
|
|
|
28
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
|
|
28
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
|
|
@@ -30,8 +30,8 @@ api_key: ...
|
|
|
30
30
|
|
|
31
31
|
### Query
|
|
32
32
|
|
|
33
|
-
`query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
|
|
33
|
+
`query` (`string`) is a passive DNS search/reverse whois query. Domain, IP address or mail.
|
|
34
34
|
|
|
35
35
|
### API Key
|
|
36
36
|
|
|
37
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
|
|
37
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
|
data/docs/analyzers/shodan.md
CHANGED
|
@@ -19,8 +19,8 @@ api_key: ...
|
|
|
19
19
|
|
|
20
20
|
### Query
|
|
21
21
|
|
|
22
|
-
`query` is a search query.
|
|
22
|
+
`query` (`string`) is a search query.
|
|
23
23
|
|
|
24
24
|
### API Key
|
|
25
25
|
|
|
26
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
|
|
26
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
|
data/docs/analyzers/urlscan.md
CHANGED
|
@@ -21,8 +21,8 @@ api_key: ...
|
|
|
21
21
|
|
|
22
22
|
### Query
|
|
23
23
|
|
|
24
|
-
`query` is a search query.
|
|
24
|
+
`query` (`string`) is a search query.
|
|
25
25
|
|
|
26
26
|
### API Key
|
|
27
27
|
|
|
28
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
|
|
28
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
|
|
@@ -32,8 +32,8 @@ api_key: ...
|
|
|
32
32
|
|
|
33
33
|
### Query
|
|
34
34
|
|
|
35
|
-
`query` is a passive DNS search query. Domain or IP address.
|
|
35
|
+
`query` (`string`) is a passive DNS search query. Domain or IP address.
|
|
36
36
|
|
|
37
37
|
### API Key
|
|
38
38
|
|
|
39
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
|
|
39
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
|
|
@@ -22,8 +22,8 @@ api_key: ...
|
|
|
22
22
|
|
|
23
23
|
### Query
|
|
24
24
|
|
|
25
|
-
`query` is a search query.
|
|
25
|
+
`query` (`string`) is a search query.
|
|
26
26
|
|
|
27
27
|
### API Key
|
|
28
28
|
|
|
29
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
|
|
29
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
|
data/docs/analyzers/zoomeye.md
CHANGED
|
@@ -22,12 +22,12 @@ api_key: ...
|
|
|
22
22
|
|
|
23
23
|
### Query
|
|
24
24
|
|
|
25
|
-
`query` is a search query.
|
|
25
|
+
`query` (`string`) is a search query.
|
|
26
26
|
|
|
27
27
|
### Type
|
|
28
28
|
|
|
29
|
-
`type` determines a search type. `web` or `host`.
|
|
29
|
+
`type` (`string`) determines a search type. `web` or `host`.
|
|
30
30
|
|
|
31
31
|
### API Key
|
|
32
32
|
|
|
33
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
|
|
33
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
|
data/docs/emitters/hive.md
CHANGED
|
@@ -15,12 +15,12 @@ api_version: ...
|
|
|
15
15
|
|
|
16
16
|
### URL
|
|
17
17
|
|
|
18
|
-
`url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
|
|
18
|
+
`url` (`string`) is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
|
|
19
19
|
|
|
20
20
|
### API Key
|
|
21
21
|
|
|
22
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
|
|
22
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
|
|
23
23
|
|
|
24
24
|
### API Version
|
|
25
25
|
|
|
26
|
-
`api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
|
|
26
|
+
`api_version` (`string`) is a version of The Hive API. Optional. `v4` or `v5`. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
|
data/docs/emitters/index.md
CHANGED
|
@@ -5,3 +5,32 @@
|
|
|
5
5
|
- [MISP](misp.md)
|
|
6
6
|
- [Slack](slack.md)
|
|
7
7
|
- [Webhook](webhook.md)
|
|
8
|
+
|
|
9
|
+
## Options
|
|
10
|
+
|
|
11
|
+
All the emitters can have optional `options`.
|
|
12
|
+
|
|
13
|
+
```yaml
|
|
14
|
+
emitter: ...
|
|
15
|
+
options:
|
|
16
|
+
timeout: ...
|
|
17
|
+
retry_times: ...
|
|
18
|
+
retry_interval: ...
|
|
19
|
+
retry_exponential_backoff: ...
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
### Timeout
|
|
23
|
+
|
|
24
|
+
`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
|
|
25
|
+
|
|
26
|
+
### Retry Times
|
|
27
|
+
|
|
28
|
+
`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
|
|
29
|
+
|
|
30
|
+
### Retry Interval
|
|
31
|
+
|
|
32
|
+
`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
|
|
33
|
+
|
|
34
|
+
### Retry Exponential Backoff
|
|
35
|
+
|
|
36
|
+
`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
|
data/docs/emitters/misp.md
CHANGED
|
@@ -14,8 +14,8 @@ api_key: ...
|
|
|
14
14
|
|
|
15
15
|
### URL
|
|
16
16
|
|
|
17
|
-
`url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
|
|
17
|
+
`url` (`string`) is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
|
|
18
18
|
|
|
19
19
|
### API Key
|
|
20
20
|
|
|
21
|
-
`api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
|
|
21
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
|
data/docs/emitters/slack.md
CHANGED
|
@@ -19,8 +19,8 @@ channel: ...
|
|
|
19
19
|
|
|
20
20
|
### Webhook URL
|
|
21
21
|
|
|
22
|
-
`url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
|
|
22
|
+
`url` (`string`) is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
|
|
23
23
|
|
|
24
24
|
### API Key
|
|
25
25
|
|
|
26
|
-
`channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
|
|
26
|
+
`channel` (`string`) is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
|
data/docs/emitters/webhook.md
CHANGED
|
@@ -14,19 +14,19 @@ template: ...
|
|
|
14
14
|
|
|
15
15
|
### URL
|
|
16
16
|
|
|
17
|
-
`url` is a webhook URL.
|
|
17
|
+
`url` (`string`) is a webhook URL.
|
|
18
18
|
|
|
19
19
|
### Method
|
|
20
20
|
|
|
21
|
-
`method` is an HTTP method. Optional. Defaults to `POST`.
|
|
21
|
+
`method` (`string`)is an HTTP method. Optional. Defaults to `POST`.
|
|
22
22
|
|
|
23
23
|
### Headers
|
|
24
24
|
|
|
25
|
-
`headers` (hash)
|
|
25
|
+
`headers` (`hash`) are HTTP headers. Optional.
|
|
26
26
|
|
|
27
27
|
### Template
|
|
28
28
|
|
|
29
|
-
`template` is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
|
|
29
|
+
`template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
|
|
30
30
|
|
|
31
31
|
You can use the following parameters inside an ERB template.
|
|
32
32
|
|
data/docs/enrichers/index.md
CHANGED
|
@@ -4,3 +4,32 @@
|
|
|
4
4
|
- [IPInfo](ipinfo.md)
|
|
5
5
|
- [Shodan](shodan.md)
|
|
6
6
|
- [Whois](whois.md)
|
|
7
|
+
|
|
8
|
+
## Options
|
|
9
|
+
|
|
10
|
+
All the emitters can have optional `options`.
|
|
11
|
+
|
|
12
|
+
```yaml
|
|
13
|
+
enricher: ...
|
|
14
|
+
options:
|
|
15
|
+
timeout: ...
|
|
16
|
+
retry_times: ...
|
|
17
|
+
retry_interval: ...
|
|
18
|
+
retry_exponential_backoff: ...
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
### Timeout
|
|
22
|
+
|
|
23
|
+
`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
|
|
24
|
+
|
|
25
|
+
### Retry Times
|
|
26
|
+
|
|
27
|
+
`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
|
|
28
|
+
|
|
29
|
+
### Retry Interval
|
|
30
|
+
|
|
31
|
+
`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
|
|
32
|
+
|
|
33
|
+
### Retry Exponential Backoff
|
|
34
|
+
|
|
35
|
+
`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
|
data/docs/enrichers/ipinfo.md
CHANGED
|
@@ -12,8 +12,15 @@ This enricher uses ipinfo.io API to enrich an IP artifact.
|
|
|
12
12
|
|
|
13
13
|
```yaml
|
|
14
14
|
enricher: ipinfo
|
|
15
|
+
api_key: ...
|
|
15
16
|
```
|
|
16
17
|
|
|
18
|
+
## Components
|
|
19
|
+
|
|
20
|
+
### API Key
|
|
21
|
+
|
|
22
|
+
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”IPINFO_API_KEY”]`.
|
|
23
|
+
|
|
17
24
|
## Supported Artifacts
|
|
18
25
|
|
|
19
26
|
- IP address
|
data/docs/index.md
CHANGED
data/docs/installation.md
CHANGED
data/docs/rule.md
CHANGED
|
@@ -68,36 +68,36 @@ falsepositives: []
|
|
|
68
68
|
|
|
69
69
|
### ID
|
|
70
70
|
|
|
71
|
-
`id` is an unique ID of a rule. UUID v4 is recommended.
|
|
71
|
+
`id` (`string`) is an unique ID of a rule. UUID v4 is recommended.
|
|
72
72
|
|
|
73
73
|
### Title
|
|
74
74
|
|
|
75
|
-
`title` is a title of a rule.
|
|
75
|
+
`title` (`string`) is a title of a rule.
|
|
76
76
|
|
|
77
77
|
### Description
|
|
78
78
|
|
|
79
|
-
`description` is a short description of a rule.
|
|
79
|
+
`description` (`string`) is a short description of a rule.
|
|
80
80
|
|
|
81
81
|
### Created/Updated On
|
|
82
82
|
|
|
83
|
-
`created_on` is a date of a rule creation. Optional.
|
|
83
|
+
`created_on` (`date`) is a date of a rule creation. Optional.
|
|
84
84
|
Also a rule can have `updated_on` that is a date of a rule modification. Optional.
|
|
85
85
|
|
|
86
86
|
### Tags
|
|
87
87
|
|
|
88
|
-
`tags` is a list of tags of a rule.
|
|
88
|
+
`tags` (`array[:string]`) is a list of tags of a rule.
|
|
89
89
|
|
|
90
90
|
### Author
|
|
91
91
|
|
|
92
|
-
`author` is an author of a rule. Optional.
|
|
92
|
+
`author` (`string`) is an author of a rule. Optional.
|
|
93
93
|
|
|
94
94
|
### References
|
|
95
95
|
|
|
96
|
-
`references` is a list of a references of a rule. Optional.
|
|
96
|
+
`references` (`array[:string]`) is a list of a references of a rule. Optional.
|
|
97
97
|
|
|
98
98
|
### Related
|
|
99
99
|
|
|
100
|
-
`related` is a list of related rule IDs. Optional.
|
|
100
|
+
`related` (`array[:string]`) is a list of related rule IDs. Optional.
|
|
101
101
|
|
|
102
102
|
### Queries
|
|
103
103
|
|
|
@@ -130,7 +130,7 @@ Defaults to:
|
|
|
130
130
|
|
|
131
131
|
### Data Types
|
|
132
132
|
|
|
133
|
-
`data_types` is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
|
|
133
|
+
`data_types` (`array[:string]`) is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
|
|
134
134
|
|
|
135
135
|
Defaults to:
|
|
136
136
|
|
|
@@ -142,11 +142,11 @@ Defaults to:
|
|
|
142
142
|
|
|
143
143
|
### False positives
|
|
144
144
|
|
|
145
|
-
`falsepositives` is a list of false positive values. A string or regexp can be used in here.
|
|
145
|
+
`falsepositives` (`array[:string]`) is a list of false positive values. A string or regexp can be used in here.
|
|
146
146
|
|
|
147
147
|
### Artifact TTL
|
|
148
148
|
|
|
149
|
-
`artifact_ttl` (alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
|
|
149
|
+
`artifact_ttl` (`integer` / alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
|
|
150
150
|
|
|
151
151
|
Mihari rejects a same artifact in a same rule in general.
|
|
152
152
|
|