mihari 5.4.9 → 5.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (124) hide show
  1. checksums.yaml +4 -4
  2. data/docs/analyzers/binaryedge.md +2 -2
  3. data/docs/analyzers/censys.md +3 -3
  4. data/docs/analyzers/circl.md +3 -3
  5. data/docs/analyzers/crtsh.md +2 -2
  6. data/docs/analyzers/dnstwister.md +1 -1
  7. data/docs/analyzers/feed.md +7 -7
  8. data/docs/analyzers/greynoise.md +2 -2
  9. data/docs/analyzers/hunterhow.md +4 -4
  10. data/docs/analyzers/index.md +13 -8
  11. data/docs/analyzers/onyphe.md +2 -2
  12. data/docs/analyzers/otx.md +2 -2
  13. data/docs/analyzers/passivetotal.md +7 -3
  14. data/docs/analyzers/pulsedive.md +2 -2
  15. data/docs/analyzers/securitytrails.md +6 -2
  16. data/docs/analyzers/shodan.md +2 -2
  17. data/docs/analyzers/urlscan.md +2 -2
  18. data/docs/analyzers/virustotal.md +6 -2
  19. data/docs/analyzers/virustotal_intelligence.md +6 -2
  20. data/docs/analyzers/zoomeye.md +3 -3
  21. data/docs/emitters/hive.md +4 -4
  22. data/docs/emitters/index.md +29 -0
  23. data/docs/emitters/misp.md +2 -2
  24. data/docs/emitters/slack.md +2 -7
  25. data/docs/emitters/webhook.md +4 -4
  26. data/docs/enrichers/index.md +29 -0
  27. data/docs/enrichers/ipinfo.md +7 -0
  28. data/docs/index.md +0 -2
  29. data/docs/installation.md +1 -1
  30. data/docs/rule.md +12 -15
  31. data/docs/usage.md +5 -2
  32. data/frontend/package-lock.json +294 -2772
  33. data/frontend/package.json +10 -10
  34. data/frontend/src/components/ErrorMessage.vue +0 -1
  35. data/frontend/src/components/alert/Alerts.vue +0 -1
  36. data/frontend/src/components/alert/AlertsWithPagination.vue +0 -1
  37. data/frontend/src/components/alert/AlertsWrapper.vue +0 -6
  38. data/frontend/src/components/alert/Form.vue +1 -3
  39. data/frontend/src/components/artifact/Artifact.vue +0 -17
  40. data/frontend/src/components/artifact/ArtifactWrapper.vue +0 -2
  41. data/frontend/src/components/artifact/WhoisRecord.vue +0 -3
  42. data/frontend/src/components/config/ConfigsWrapper.vue +0 -2
  43. data/frontend/src/components/rule/EditRule.vue +0 -3
  44. data/frontend/src/components/rule/EditRuleWrapper.vue +0 -2
  45. data/frontend/src/components/rule/Form.vue +1 -3
  46. data/frontend/src/components/rule/NewRule.vue +0 -3
  47. data/frontend/src/components/rule/Rule.vue +1 -7
  48. data/frontend/src/components/rule/RuleWrapper.vue +0 -2
  49. data/frontend/src/components/rule/RulesWrapper.vue +0 -6
  50. data/frontend/src/swagger.yaml +254 -254
  51. data/lib/mihari/analyzers/base.rb +7 -37
  52. data/lib/mihari/analyzers/binaryedge.rb +5 -1
  53. data/lib/mihari/analyzers/censys.rb +6 -1
  54. data/lib/mihari/analyzers/greynoise.rb +5 -1
  55. data/lib/mihari/analyzers/hunterhow.rb +5 -1
  56. data/lib/mihari/analyzers/onyphe.rb +5 -1
  57. data/lib/mihari/analyzers/passivetotal.rb +9 -0
  58. data/lib/mihari/analyzers/pulsedive.rb +1 -1
  59. data/lib/mihari/analyzers/rule.rb +55 -54
  60. data/lib/mihari/analyzers/securitytrails.rb +9 -0
  61. data/lib/mihari/analyzers/shodan.rb +5 -1
  62. data/lib/mihari/analyzers/urlscan.rb +5 -1
  63. data/lib/mihari/analyzers/virustotal.rb +11 -2
  64. data/lib/mihari/analyzers/virustotal_intelligence.rb +21 -1
  65. data/lib/mihari/analyzers/zoomeye.rb +7 -3
  66. data/lib/mihari/base.rb +69 -0
  67. data/lib/mihari/cli/main.rb +36 -0
  68. data/lib/mihari/clients/base.rb +7 -7
  69. data/lib/mihari/clients/binaryedge.rb +10 -4
  70. data/lib/mihari/clients/censys.rb +11 -4
  71. data/lib/mihari/clients/greynoise.rb +10 -4
  72. data/lib/mihari/clients/hunterhow.rb +10 -4
  73. data/lib/mihari/clients/misp.rb +3 -2
  74. data/lib/mihari/clients/onyphe.rb +10 -4
  75. data/lib/mihari/clients/shodan.rb +10 -4
  76. data/lib/mihari/clients/the_hive.rb +3 -2
  77. data/lib/mihari/clients/urlscan.rb +9 -3
  78. data/lib/mihari/clients/virustotal.rb +10 -4
  79. data/lib/mihari/clients/zoomeye.rb +11 -5
  80. data/lib/mihari/commands/alert.rb +6 -33
  81. data/lib/mihari/commands/rule.rb +7 -12
  82. data/lib/mihari/commands/search.rb +10 -38
  83. data/lib/mihari/config.rb +8 -0
  84. data/lib/mihari/constants.rb +3 -3
  85. data/lib/mihari/emitters/base.rb +22 -15
  86. data/lib/mihari/emitters/database.rb +1 -1
  87. data/lib/mihari/emitters/misp.rb +7 -6
  88. data/lib/mihari/emitters/slack.rb +24 -6
  89. data/lib/mihari/emitters/the_hive.rb +8 -7
  90. data/lib/mihari/emitters/webhook.rb +31 -29
  91. data/lib/mihari/enrichers/base.rb +25 -19
  92. data/lib/mihari/enrichers/google_public_dns.rb +38 -38
  93. data/lib/mihari/enrichers/ipinfo.rb +32 -34
  94. data/lib/mihari/enrichers/shodan.rb +18 -26
  95. data/lib/mihari/enrichers/whois.rb +121 -111
  96. data/lib/mihari/mixins/retriable.rb +4 -2
  97. data/lib/mihari/models/artifact.rb +37 -23
  98. data/lib/mihari/models/autonomous_system.rb +3 -2
  99. data/lib/mihari/models/cpe.rb +3 -2
  100. data/lib/mihari/models/dns.rb +3 -2
  101. data/lib/mihari/models/geolocation.rb +3 -2
  102. data/lib/mihari/models/port.rb +3 -2
  103. data/lib/mihari/models/reverse_dns.rb +3 -2
  104. data/lib/mihari/models/whois.rb +4 -3
  105. data/lib/mihari/schemas/analyzer.rb +24 -23
  106. data/lib/mihari/schemas/emitter.rb +32 -25
  107. data/lib/mihari/schemas/enricher.rb +21 -2
  108. data/lib/mihari/schemas/options.rb +27 -0
  109. data/lib/mihari/schemas/rule.rb +8 -4
  110. data/lib/mihari/services/alert_runner.rb +1 -1
  111. data/lib/mihari/services/rule_runner.rb +1 -11
  112. data/lib/mihari/types.rb +1 -14
  113. data/lib/mihari/version.rb +1 -1
  114. data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
  115. data/lib/mihari/web/public/assets/{index-33165282.css → index-56fc2187.css} +1 -1
  116. data/lib/mihari/web/public/assets/index-9cc489e6.js +1749 -0
  117. data/lib/mihari/web/public/index.html +2 -2
  118. data/lib/mihari/web/public/redoc-static.html +400 -400
  119. data/lib/mihari.rb +67 -37
  120. data/mihari.gemspec +3 -2
  121. data/mkdocs.yml +8 -6
  122. data/requirements.txt +1 -1
  123. metadata +24 -8
  124. data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1075febacca36de11c1285b0c08ef54fb41d3c0c7fe3e3df51b2dff28c597fe4
4
- data.tar.gz: 56475aef95d5dd5fda32ef7a8633fc2d064219abdb05706d849f15f998c41db2
3
+ metadata.gz: 9131a7f69be7cde564ec00479ae3fa3723a3e80d28690c3e989119de3feab5f5
4
+ data.tar.gz: b115531cc635b7767e6bcf75c8ca0376e4ade45772e98aa9fc07df3b2dcc2e96
5
5
  SHA512:
6
- metadata.gz: e18c315a2389a836aff99fd1da1c50749e83d9272a79c1215d22cd649758c3fd6d74dfabc1445d2c1127b18ea100abebd21326766bc2da79cd5c77a9ba27da3d
7
- data.tar.gz: 696b2c8d8e045f647f33a25dceec868676f2e04a8a38cc1e55cfe357356e5a5282f6b42085c2a8c4277d7309e47d8724d86c05d63ec8baf8937bd65dc8cf97cd
6
+ metadata.gz: 9a893bb138e769bf082bbea057229726f9b2e353fa539c9a1fb64aabcc8a622ed22315a0aa42e5dc873f6a13e3ec145776afe75203db93b7a3d2352d46b026b9
7
+ data.tar.gz: cd11791f340b58ffc39a03fba8ee2aad1da58fcf47fd8a00281fe8984d0149fa1e448aff4b55860b47e5fb424d994a40ab00f7691b416f315b3fbfdcd5737509
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
@@ -20,12 +20,12 @@ secret: ...
20
20
 
21
21
  ### Query
22
22
 
23
- `query` is a search query.
23
+ `query` (`string`) is a search query.
24
24
 
25
25
  ### ID
26
26
 
27
- `id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
27
+ `id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
28
28
 
29
29
  ### Secret
30
30
 
31
- `secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
31
+ `secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
@@ -26,12 +26,12 @@ username: ...
26
26
 
27
27
  ### Query
28
28
 
29
- `query` is a domain or SHA1 certificate fingerprint.
29
+ `query` (`string`) is a domain or SHA1 certificate fingerprint.
30
30
 
31
31
  ### Username
32
32
 
33
- `username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
33
+ `username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
34
34
 
35
35
  ### Password
36
36
 
37
- `password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
37
+ `password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
@@ -19,8 +19,8 @@ exclude_expired: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### Exclude Expired
25
25
 
26
- `exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
26
+ `exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
@@ -18,7 +18,7 @@ query: ...
18
18
 
19
19
  ### Query
20
20
 
21
- `query` is a search query.
21
+ `query` (`string`) is a search query.
22
22
 
23
23
  !!! tip
24
24
 
@@ -19,7 +19,7 @@ json: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a URL of a feed.
22
+ `query` (`string`) is a URL of a feed.
23
23
 
24
24
  !!! note
25
25
 
@@ -27,27 +27,27 @@ json: ...
27
27
 
28
28
  ### Method
29
29
 
30
- `method` is an HTTP method. Defaults to `GET`.
30
+ `method` (`string`) is an HTTP method. Defaults to `GET`.
31
31
 
32
32
  ### Selector
33
33
 
34
- `selector` is a `jr` selector.
34
+ `selector` (`string`) is a `jr` selector.
35
35
 
36
36
  ### Headers
37
37
 
38
- `headers` (hash) is an HTTP headers. Optional.
38
+ `headers` (`hash`) is an HTTP headers. Optional.
39
39
 
40
40
  ### Params
41
41
 
42
- `params` (hash) is an HTTP query params. Optional.
42
+ `params` (`hash`) is an HTTP query params. Optional.
43
43
 
44
44
  ### Data
45
45
 
46
- `data` (hash) is an HTTP form data. Optional.
46
+ `data` (`hash`) is an HTTP form data. Optional.
47
47
 
48
48
  ### JSON
49
49
 
50
- `json` (hash) is an JSON body. Optional.
50
+ `json` (`hash`) is an JSON body. Optional.
51
51
 
52
52
  ## Examples
53
53
 
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a GNQL search query.
22
+ `query` (`string`) is a GNQL search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
@@ -21,13 +21,13 @@ end_time: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a search query.
24
+ `query` (`string`) is a search query.
25
25
 
26
26
  ### Start/End Time
27
27
 
28
- - `start_time` (date): Only show results after the given date.
29
- - `end_time` (date): Only show results after the given date.
28
+ - `start_time` (`date`): Only show results after the given date.
29
+ - `end_time` (`date`): Only show results after the given date.
30
30
 
31
31
  ### API key
32
32
 
33
- `api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
33
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
@@ -27,39 +27,44 @@ analyzer: ...
27
27
  query: ...
28
28
  options:
29
29
  timeout: ...
30
- interval: ...
30
+ pagination_interval: ...
31
31
  pagination_limit: ...
32
32
  retry_times: ...
33
33
  retry_interval: ...
34
+ retry_exponential_backoff: ...
34
35
  ignore_error: ...
35
36
  ```
36
37
 
37
38
  ### Timeout
38
39
 
39
- `timeout` is an HTTP timeout in seconds. Optional.
40
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
40
41
 
41
- ### Interval
42
+ ### Pagination Interval
42
43
 
43
- `interval` is an interval in seconds between pagination. (If an analyzer does pagination). Optional.
44
+ `pagination_interval` (`integer`) is an interval in seconds between pagination. Optional. Defaults to 0.
44
45
 
45
46
  ### Pagination Limit
46
47
 
47
- `pagination_limit` is an limit for pagination. Defaults to 100.
48
+ `pagination_limit` (`integer`) is an limit for pagination. Optional. Defaults to 100.
48
49
 
49
50
  In the worst case, if something wrong with Mihari or a service, Mihari can drain API quota by doing pagination forever.
50
51
  `pagination_limit` is a safety valve for that. A number of pagination is limited as `pagination_limit` times.
51
52
 
52
53
  ### Retry Times
53
54
 
54
- `retry_times` is a number of times of retry when something goes wrong. Defaults to 3.
55
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
55
56
 
56
57
  ### Retry Interval
57
58
 
58
- `retry_interval` is an interval in seconds between retries. Defaults to 5.
59
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
60
+
61
+ ### Retry Exponential Backoff
62
+
63
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
59
64
 
60
65
  ### Ignore Error
61
66
 
62
- `ignore_error` controls whether to ignore an error or not. Defaults to `false`.
67
+ `ignore_error` (`bool`) controls whether to ignore an error or not. Optional. Defaults to `false`.
63
68
 
64
69
  Mihari uses fail-fast approach. For example, if Shodan returns an error, the Censys query next is not triggered because Mihari raises an error before it.
65
70
 
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a passive DNS search query. Domain or IP address.
24
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
@@ -31,9 +31,13 @@ api_key: ...
31
31
 
32
32
  ## Components
33
33
 
34
+ ### Analyzer
35
+
36
+ `analyzer` (`string`) should be either of `passivetotal` and `pt`.
37
+
34
38
  ### Query
35
39
 
36
- `query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
40
+ `query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
37
41
 
38
42
  - Passive DNS: Domain, IP Address
39
43
  - Passive SSL: SHA1 certificate fingerprint
@@ -41,8 +45,8 @@ api_key: ...
41
45
 
42
46
  ### Username
43
47
 
44
- `username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
48
+ `username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
45
49
 
46
50
  ### API Key
47
51
 
48
- `api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
52
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a passive DNS search query. Domain or IP address.
24
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
@@ -28,10 +28,14 @@ api_key: ...
28
28
 
29
29
  ## Components
30
30
 
31
+ ### Analyzer
32
+
33
+ `analyzer` (`string`) should be either of `securitytrails` and `st`.
34
+
31
35
  ### Query
32
36
 
33
- `query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
37
+ `query` (`string`) is a passive DNS search/reverse whois query. Domain, IP address or mail.
34
38
 
35
39
  ### API Key
36
40
 
37
- `api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
41
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
@@ -19,8 +19,8 @@ api_key: ...
19
19
 
20
20
  ### Query
21
21
 
22
- `query` is a search query.
22
+ `query` (`string`) is a search query.
23
23
 
24
24
  ### API Key
25
25
 
26
- `api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
26
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
@@ -21,8 +21,8 @@ api_key: ...
21
21
 
22
22
  ### Query
23
23
 
24
- `query` is a search query.
24
+ `query` (`string`) is a search query.
25
25
 
26
26
  ### API Key
27
27
 
28
- `api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
28
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
@@ -30,10 +30,14 @@ api_key: ...
30
30
 
31
31
  ## Components
32
32
 
33
+ ### Analyzer
34
+
35
+ `analyzer` (`string`) should be either of `virustoal` and `vt`.
36
+
33
37
  ### Query
34
38
 
35
- `query` is a passive DNS search query. Domain or IP address.
39
+ `query` (`string`) is a passive DNS search query. Domain or IP address.
36
40
 
37
41
  ### API Key
38
42
 
39
- `api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
43
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
@@ -20,10 +20,14 @@ api_key: ...
20
20
 
21
21
  ## Components
22
22
 
23
+ ### Analyzer
24
+
25
+ `analyzer` (`string`) should be either of `virustotal_intelligence` and ``.
26
+
23
27
  ### Query
24
28
 
25
- `query` is a search query.
29
+ `query` (`string`) is a search query.
26
30
 
27
31
  ### API Key
28
32
 
29
- `api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
33
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
@@ -22,12 +22,12 @@ api_key: ...
22
22
 
23
23
  ### Query
24
24
 
25
- `query` is a search query.
25
+ `query` (`string`) is a search query.
26
26
 
27
27
  ### Type
28
28
 
29
- `type` determines a search type. `web` or `host`.
29
+ `type` (`string`) determines a search type. `web` or `host`.
30
30
 
31
31
  ### API Key
32
32
 
33
- `api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
33
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
@@ -5,7 +5,7 @@
5
5
  This emitter creates an alert on TheHive. TheHive v4 & v5 are supported.
6
6
 
7
7
  ```yaml
8
- emitter: the_hive
8
+ emitter: thehive
9
9
  url: ...
10
10
  api_key: ...
11
11
  api_version: ...
@@ -15,12 +15,12 @@ api_version: ...
15
15
 
16
16
  ### URL
17
17
 
18
- `url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
18
+ `url` (`string`) is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
19
19
 
20
20
  ### API Key
21
21
 
22
- `api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
22
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
23
23
 
24
24
  ### API Version
25
25
 
26
- `api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
26
+ `api_version` (`string`) is a version of The Hive API. Optional. `v4` or `v5`. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
@@ -5,3 +5,32 @@
5
5
  - [MISP](misp.md)
6
6
  - [Slack](slack.md)
7
7
  - [Webhook](webhook.md)
8
+
9
+ ## Options
10
+
11
+ All the emitters can have optional `options`.
12
+
13
+ ```yaml
14
+ emitter: ...
15
+ options:
16
+ timeout: ...
17
+ retry_times: ...
18
+ retry_interval: ...
19
+ retry_exponential_backoff: ...
20
+ ```
21
+
22
+ ### Timeout
23
+
24
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
25
+
26
+ ### Retry Times
27
+
28
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
29
+
30
+ ### Retry Interval
31
+
32
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
33
+
34
+ ### Retry Exponential Backoff
35
+
36
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
@@ -14,8 +14,8 @@ api_key: ...
14
14
 
15
15
  ### URL
16
16
 
17
- `url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
17
+ `url` (`string`) is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
18
18
 
19
19
  ### API Key
20
20
 
21
- `api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
21
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
@@ -10,17 +10,12 @@ webhook_url: ...
10
10
  channel: ...
11
11
  ```
12
12
 
13
- | Name | Type | Required? | Default | Desc. |
14
- | ----------- | ------ | --------- | ------------------------------- | ----------------- |
15
- | webhook_url | String | No | ENV[SLACK_WEBHOOK_URL] | Slack webhook URL |
16
- | channel | String | No | ENV[SLACK_CHANNEL] / `#general` | Slack channel |
17
-
18
13
  ## Components
19
14
 
20
15
  ### Webhook URL
21
16
 
22
- `url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
17
+ `url` (`string`) is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
23
18
 
24
19
  ### API Key
25
20
 
26
- `channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
21
+ `channel` (`string`) is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
@@ -14,19 +14,19 @@ template: ...
14
14
 
15
15
  ### URL
16
16
 
17
- `url` is a webhook URL.
17
+ `url` (`string`) is a webhook URL.
18
18
 
19
19
  ### Method
20
20
 
21
- `method` is an HTTP method. Optional. Defaults to `POST`.
21
+ `method` (`string`)is an HTTP method. Optional. Defaults to `POST`.
22
22
 
23
23
  ### Headers
24
24
 
25
- `headers` (hash) is HTTP headers. Optional.
25
+ `headers` (`hash`) are HTTP headers. Optional.
26
26
 
27
27
  ### Template
28
28
 
29
- `template` is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
29
+ `template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
30
30
 
31
31
  You can use the following parameters inside an ERB template.
32
32
 
@@ -4,3 +4,32 @@
4
4
  - [IPInfo](ipinfo.md)
5
5
  - [Shodan](shodan.md)
6
6
  - [Whois](whois.md)
7
+
8
+ ## Options
9
+
10
+ All the emitters can have optional `options`.
11
+
12
+ ```yaml
13
+ enricher: ...
14
+ options:
15
+ timeout: ...
16
+ retry_times: ...
17
+ retry_interval: ...
18
+ retry_exponential_backoff: ...
19
+ ```
20
+
21
+ ### Timeout
22
+
23
+ `timeout` (`integer`) is an HTTP timeout in seconds. Optional.
24
+
25
+ ### Retry Times
26
+
27
+ `retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
28
+
29
+ ### Retry Interval
30
+
31
+ `retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
32
+
33
+ ### Retry Exponential Backoff
34
+
35
+ `retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
@@ -12,8 +12,15 @@ This enricher uses ipinfo.io API to enrich an IP artifact.
12
12
 
13
13
  ```yaml
14
14
  enricher: ipinfo
15
+ api_key: ...
15
16
  ```
16
17
 
18
+ ## Components
19
+
20
+ ### API Key
21
+
22
+ `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”IPINFO_API_KEY”]`.
23
+
17
24
  ## Supported Artifacts
18
25
 
19
26
  - IP address
data/docs/index.md CHANGED
@@ -9,5 +9,3 @@ Mihari can aggregate multiple searches across multiple services in a single rule
9
9
  - [How to Write a Rule](./rule.md)
10
10
  - [Usage](./usage.md)
11
11
  - [Configuration](./configuration.md)
12
- - [GitHub Actions](./github_actions.md)
13
- - [Alternatives](./alternatives.md)
data/docs/installation.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  ## Ruby Gem
4
4
 
5
- Mihari is packaged as a Ruby Gem.
5
+ Mihari is packaged as a Ruby Gem. Thus you can install it via `gem` command.
6
6
 
7
7
  ```bash
8
8
  gem install mihari
data/docs/rule.md CHANGED
@@ -54,7 +54,7 @@ emitters:
54
54
  - emitter: database
55
55
  - emitter: misp
56
56
  - emitter: slack
57
- - emitter: the_hive
57
+ - emitter: thehive
58
58
  data_types:
59
59
  - hash
60
60
  - ip
@@ -68,36 +68,36 @@ falsepositives: []
68
68
 
69
69
  ### ID
70
70
 
71
- `id` is an unique ID of a rule. UUID v4 is recommended.
71
+ `id` (`string`) is an unique ID of a rule. UUID v4 is recommended.
72
72
 
73
73
  ### Title
74
74
 
75
- `title` is a title of a rule.
75
+ `title` (`string`) is a title of a rule.
76
76
 
77
77
  ### Description
78
78
 
79
- `description` is a short description of a rule.
79
+ `description` (`string`) is a short description of a rule.
80
80
 
81
81
  ### Created/Updated On
82
82
 
83
- `created_on` is a date of a rule creation. Optional.
83
+ `created_on` (`date`) is a date of a rule creation. Optional.
84
84
  Also a rule can have `updated_on` that is a date of a rule modification. Optional.
85
85
 
86
86
  ### Tags
87
87
 
88
- `tags` is a list of tags of a rule.
88
+ `tags` (`array[:string]`) is a list of tags of a rule.
89
89
 
90
90
  ### Author
91
91
 
92
- `author` is an author of a rule. Optional.
92
+ `author` (`string`) is an author of a rule. Optional.
93
93
 
94
94
  ### References
95
95
 
96
- `references` is a list of a references of a rule. Optional.
96
+ `references` (`array[:string]`) is a list of a references of a rule. Optional.
97
97
 
98
98
  ### Related
99
99
 
100
- `related` is a list of related rule IDs. Optional.
100
+ `related` (`array[:string]`) is a list of related rule IDs. Optional.
101
101
 
102
102
  ### Queries
103
103
 
@@ -124,13 +124,10 @@ See [Emitters](./emitters/index.md) to know details of each emitter.
124
124
  Defaults to:
125
125
 
126
126
  - `database`
127
- - `misp`
128
- - `slack`
129
- - `the_hive`
130
127
 
131
128
  ### Data Types
132
129
 
133
- `data_types` is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
130
+ `data_types` (`array[:string]`) is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
134
131
 
135
132
  Defaults to:
136
133
 
@@ -142,11 +139,11 @@ Defaults to:
142
139
 
143
140
  ### False positives
144
141
 
145
- `falsepositives` is a list of false positive values. A string or regexp can be used in here.
142
+ `falsepositives` (`array[:string]`) is a list of false positive values. A string or regexp can be used in here.
146
143
 
147
144
  ### Artifact TTL
148
145
 
149
- `artifact_ttl` (alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
146
+ `artifact_ttl` (`integer` / alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
150
147
 
151
148
  Mihari rejects a same artifact in a same rule in general.
152
149
 
data/docs/usage.md CHANGED
@@ -8,8 +8,11 @@ Commands:
8
8
  mihari db # Sub commands for DB
9
9
  mihari help [COMMAND] # Describe available commands or one specific command
10
10
  mihari rule # Sub commands for rule
11
- mihari search [PATH_OR_ID] # Search by a rule
11
+ mihari search [PATH_OR_ID] # Search by a rule (Outputs null if there is no new finding)
12
12
  mihari web # Launch the web app
13
+
14
+ Options:
15
+ -d, [--debug], [--no-debug] # Sets up debug mode
13
16
  ```
14
17
 
15
18
  ## `mihari db`
@@ -43,7 +46,7 @@ Mihari asks whether really you want to update a rule if there is a diff by defau
43
46
 
44
47
  ```bash
45
48
  $ mihari search /path/to/rule.yml
46
- There is a diff in the rule (6254bb74-5e5d-42ad-bc1e-231da0293b0f). Are you sure you want to overwrite the rule? (y/n)
49
+ There is a diff in the rule. Are you sure you want to overwrite the rule? (y/n)
47
50
  ```
48
51
 
49
52
  It can be suppressed by providing `-f`.