mihari 6.1.0 → 6.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/mihari/actor.rb +3 -5
- data/lib/mihari/analyzers/base.rb +7 -3
- data/lib/mihari/analyzers/circl.rb +1 -1
- data/lib/mihari/analyzers/dnstwister.rb +1 -1
- data/lib/mihari/analyzers/otx.rb +1 -1
- data/lib/mihari/analyzers/passivetotal.rb +1 -1
- data/lib/mihari/analyzers/pulsedive.rb +1 -1
- data/lib/mihari/analyzers/securitytrails.rb +1 -1
- data/lib/mihari/analyzers/virustotal.rb +1 -1
- data/lib/mihari/clients/google_public_dns.rb +31 -0
- data/lib/mihari/config.rb +5 -1
- data/lib/mihari/{type_checker.rb → data_type.rb} +32 -37
- data/lib/mihari/database.rb +1 -3
- data/lib/mihari/enrichers/google_public_dns.rb +4 -21
- data/lib/mihari/entities/artifact.rb +8 -0
- data/lib/mihari/models/alert.rb +4 -27
- data/lib/mihari/models/artifact.rb +65 -3
- data/lib/mihari/models/dns.rb +3 -8
- data/lib/mihari/models/rule.rb +2 -5
- data/lib/mihari/rule.rb +20 -7
- data/lib/mihari/schemas/options.rb +5 -1
- data/lib/mihari/structs/filters.rb +53 -9
- data/lib/mihari/structs/google_public_dns.rb +4 -8
- data/lib/mihari/version.rb +1 -1
- data/lib/mihari/web/endpoints/alerts.rb +2 -10
- data/lib/mihari/web/endpoints/artifacts.rb +64 -0
- data/lib/mihari/web/endpoints/exports.rb +0 -0
- data/lib/mihari/web/endpoints/rules.rb +1 -8
- data/lib/mihari/web/public/assets/index-81613_nX.js +1763 -0
- data/lib/mihari/web/public/assets/index-Wv6xUrTI.css +1 -0
- data/lib/mihari/web/public/index.html +2 -3
- data/lib/mihari/web/public/redoc-static.html +20 -16
- data/lib/mihari.rb +2 -1
- data/mihari.gemspec +8 -7
- data/requirements.txt +1 -1
- metadata +30 -56
- data/lib/mihari/web/public/assets/index-216d49d1.js +0 -1750
- data/lib/mihari/web/public/assets/index-4c8509ee.css +0 -1
- /data/lib/mihari/web/public/assets/{mode-yaml-24faa242.js → mode-yaml-BC4MIiYj.js} +0 -0
|
@@ -3,19 +3,63 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Structs
|
|
5
5
|
module Filters
|
|
6
|
+
module Artifact
|
|
7
|
+
class SearchFilter < Dry::Struct
|
|
8
|
+
# @!attribute [r] data_type
|
|
9
|
+
# @return [String, nil]
|
|
10
|
+
attribute? :data_type, Types::String.optional
|
|
11
|
+
|
|
12
|
+
# @!attribute [r] rule_id
|
|
13
|
+
# @return [String, nil]
|
|
14
|
+
attribute? :rule_id, Types::String.optional
|
|
15
|
+
|
|
16
|
+
# @!attribute [r] tag
|
|
17
|
+
# @return [String, nil]
|
|
18
|
+
attribute? :tag, Types::String.optional
|
|
19
|
+
|
|
20
|
+
# @!attribute [r] from_at
|
|
21
|
+
# @return [DateTime, nil]
|
|
22
|
+
attribute? :from_at, Types::DateTime.optional
|
|
23
|
+
|
|
24
|
+
# @!attribute [r] to_at
|
|
25
|
+
# @return [DateTime, nil]
|
|
26
|
+
attribute? :to_at, Types::DateTime.optional
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
class SearchFilterWithPagination < SearchFilter
|
|
30
|
+
# @!attribute [r] page
|
|
31
|
+
# @return [Integer, nil]
|
|
32
|
+
attribute? :page, Types::Int.default(1)
|
|
33
|
+
|
|
34
|
+
# @!attribute [r] limit
|
|
35
|
+
# @return [Integer, nil]
|
|
36
|
+
attribute? :limit, Types::Int.default(10)
|
|
37
|
+
|
|
38
|
+
def without_pagination
|
|
39
|
+
SearchFilter.new(
|
|
40
|
+
data_type: data_type,
|
|
41
|
+
from_at: from_at,
|
|
42
|
+
rule_id: rule_id,
|
|
43
|
+
tag: tag,
|
|
44
|
+
to_at: to_at
|
|
45
|
+
)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
6
50
|
module Alert
|
|
7
51
|
class SearchFilter < Dry::Struct
|
|
8
|
-
# @!attribute [r]
|
|
52
|
+
# @!attribute [r] artifact
|
|
9
53
|
# @return [String, nil]
|
|
10
|
-
attribute? :
|
|
54
|
+
attribute? :artifact, Types::String.optional
|
|
11
55
|
|
|
12
56
|
# @!attribute [r] rule_id
|
|
13
57
|
# @return [String, nil]
|
|
14
58
|
attribute? :rule_id, Types::String.optional
|
|
15
59
|
|
|
16
|
-
# @!attribute [r]
|
|
60
|
+
# @!attribute [r] tag
|
|
17
61
|
# @return [String, nil]
|
|
18
|
-
attribute? :
|
|
62
|
+
attribute? :tag, Types::String.optional
|
|
19
63
|
|
|
20
64
|
# @!attribute [r] from_at
|
|
21
65
|
# @return [DateTime, nil]
|
|
@@ -37,10 +81,10 @@ module Mihari
|
|
|
37
81
|
|
|
38
82
|
def without_pagination
|
|
39
83
|
SearchFilter.new(
|
|
40
|
-
|
|
84
|
+
artifact: artifact,
|
|
41
85
|
from_at: from_at,
|
|
42
86
|
rule_id: rule_id,
|
|
43
|
-
|
|
87
|
+
tag: tag,
|
|
44
88
|
to_at: to_at
|
|
45
89
|
)
|
|
46
90
|
end
|
|
@@ -53,9 +97,9 @@ module Mihari
|
|
|
53
97
|
# @return [String, nil]
|
|
54
98
|
attribute? :description, Types::String.optional
|
|
55
99
|
|
|
56
|
-
# @!attribute [r]
|
|
100
|
+
# @!attribute [r] tag
|
|
57
101
|
# @return [String, nil]
|
|
58
|
-
attribute? :
|
|
102
|
+
attribute? :tag, Types::String.optional
|
|
59
103
|
|
|
60
104
|
# @!attribute [r] title
|
|
61
105
|
# @return [String, nil]
|
|
@@ -83,7 +127,7 @@ module Mihari
|
|
|
83
127
|
SearchFilter.new(
|
|
84
128
|
description: description,
|
|
85
129
|
from_at: from_at,
|
|
86
|
-
|
|
130
|
+
tag: tag,
|
|
87
131
|
title: title,
|
|
88
132
|
to_at: to_at
|
|
89
133
|
)
|
|
@@ -3,13 +3,9 @@
|
|
|
3
3
|
module Mihari
|
|
4
4
|
module Structs
|
|
5
5
|
module GooglePublicDNS
|
|
6
|
-
INT_TYPE_TO_TYPE =
|
|
7
|
-
1 =>
|
|
8
|
-
|
|
9
|
-
5 => "CNAME",
|
|
10
|
-
16 => "TXT",
|
|
11
|
-
28 => "AAAA"
|
|
12
|
-
}.freeze
|
|
6
|
+
INT_TYPE_TO_TYPE =
|
|
7
|
+
{ 1 => :A, 38 => :A6, 28 => :AAAA, 18 => :AFSDB, 255 => :ANY, 42 => :APL, 34 => :ATMA, 252 => :AXFR, 37 => :CERT,
|
|
8
|
+
5 => :CNAME, 49 => :DHCID, 32_769 => :DLV, 39 => :DNAME, 48 => :DNSKEY, 43 => :DS, 31 => :EID, 102 => :GID, 27 => :GPOS, 13 => :HINFO, 45 => :IPSECKEY, 20 => :ISDN, 251 => :IXFR, 25 => :KEY, 36 => :KX, 29 => :LOC, 254 => :MAILA, 253 => :MAILB, 7 => :MB, 3 => :MD, 4 => :MF, 8 => :MG, 14 => :MINFO, 9 => :MR, 15 => :MX, 35 => :NAPTR, 32 => :NIMLOC, 2 => :NS, 22 => :NSAP, 23 => :NSAP_PTR, 47 => :NSEC, 50 => :NSEC3, 51 => :NSEC3PARAMS, 10 => :NULL, 30 => :NXT, 41 => :OPT, 12 => :PTR, 26 => :PX, 17 => :RP, 46 => :RRSIG, 21 => :RT, 24 => :SIG, 40 => :SINK, 6 => :SOA, 33 => :SRV, 44 => :SSHFP, 250 => :TSIG, 16 => :TXT, 101 => :UID, 100 => :UINFO, 103 => :UNSPEC, 11 => :WKS, 19 => :X25 }
|
|
13
9
|
|
|
14
10
|
class Answer < Dry::Struct
|
|
15
11
|
# @!attribute [r] name
|
|
@@ -30,7 +26,7 @@ module Mihari
|
|
|
30
26
|
#
|
|
31
27
|
def from_dynamic!(d)
|
|
32
28
|
d = Types::Hash[d]
|
|
33
|
-
resource_type = INT_TYPE_TO_TYPE[d.fetch("type")]
|
|
29
|
+
resource_type = INT_TYPE_TO_TYPE[d.fetch("type")].to_s
|
|
34
30
|
new(
|
|
35
31
|
name: d.fetch("name"),
|
|
36
32
|
data: d.fetch("data"),
|
data/lib/mihari/version.rb
CHANGED
|
@@ -36,18 +36,10 @@ module Mihari
|
|
|
36
36
|
# @return [ResultValue]
|
|
37
37
|
#
|
|
38
38
|
def call(params)
|
|
39
|
-
filter = params.to_h.to_snake_keys
|
|
40
|
-
|
|
41
|
-
# normalize keys
|
|
42
|
-
filter["artifact_data"] = filter["artifact"]
|
|
43
|
-
filter["tag_name"] = filter["tag"]
|
|
44
|
-
# symbolize hash keys
|
|
45
|
-
filter = filter.to_h.symbolize_keys
|
|
46
|
-
|
|
39
|
+
filter = params.to_h.to_snake_keys.symbolize_keys
|
|
47
40
|
search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
|
|
48
41
|
alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
|
|
49
42
|
total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
|
|
50
|
-
|
|
51
43
|
ResultValue.new(alerts: alerts, total: total, filter: filter)
|
|
52
44
|
end
|
|
53
45
|
end
|
|
@@ -83,7 +75,7 @@ module Mihari
|
|
|
83
75
|
optional :page, type: Integer, default: 1
|
|
84
76
|
optional :limit, type: Integer, default: 10
|
|
85
77
|
optional :artifact, type: String
|
|
86
|
-
optional :
|
|
78
|
+
optional :ruleId, type: String
|
|
87
79
|
optional :tag, type: String
|
|
88
80
|
optional :fromAt, type: DateTime
|
|
89
81
|
optional :toAt, type: DateTime
|
|
@@ -61,7 +61,71 @@ module Mihari
|
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
+
class ArtifactSearcher < Mihari::Service
|
|
65
|
+
class ResultValue
|
|
66
|
+
# @return [Array<Mihari::Models::Artifacts>]
|
|
67
|
+
attr_reader :artifacts
|
|
68
|
+
|
|
69
|
+
# @return [Integer]
|
|
70
|
+
attr_reader :total
|
|
71
|
+
|
|
72
|
+
# @return [Mihari::Structs::Filters::Artifact::SearchFilterWithPagination]
|
|
73
|
+
attr_reader :filter
|
|
74
|
+
|
|
75
|
+
#
|
|
76
|
+
# @param [Array<Mihari::Models::Artifact>] artifacts
|
|
77
|
+
# @param [Integer] total
|
|
78
|
+
# @param [Mihari::Structs::Filters::Artifacts::SearchFilterWithPagination] filter
|
|
79
|
+
#
|
|
80
|
+
def initialize(artifacts:, total:, filter:)
|
|
81
|
+
@artifacts = artifacts
|
|
82
|
+
@total = total
|
|
83
|
+
@filter = filter
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
#
|
|
88
|
+
# @param [Hash] params
|
|
89
|
+
#
|
|
90
|
+
# @return [ResultValue]
|
|
91
|
+
#
|
|
92
|
+
def call(params)
|
|
93
|
+
filter = params.to_h.to_snake_keys.symbolize_keys
|
|
94
|
+
search_filter_with_pagination = Structs::Filters::Artifact::SearchFilterWithPagination.new(**filter)
|
|
95
|
+
artifacts = Mihari::Models::Artifact.search(search_filter_with_pagination)
|
|
96
|
+
total = Mihari::Models::Artifact.count(search_filter_with_pagination.without_pagination)
|
|
97
|
+
ResultValue.new(artifacts: artifacts, total: total, filter: filter)
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
64
101
|
namespace :artifacts do
|
|
102
|
+
desc "Search artifacts", {
|
|
103
|
+
is_array: true,
|
|
104
|
+
success: Entities::ArtifactsWithPagination,
|
|
105
|
+
summary: "Search artifacts"
|
|
106
|
+
}
|
|
107
|
+
params do
|
|
108
|
+
optional :page, type: Integer, default: 1
|
|
109
|
+
optional :limit, type: Integer, default: 10
|
|
110
|
+
optional :dataType, type: String
|
|
111
|
+
optional :ruleId, type: String
|
|
112
|
+
optional :tag, type: String
|
|
113
|
+
optional :fromAt, type: DateTime
|
|
114
|
+
optional :toAt, type: DateTime
|
|
115
|
+
end
|
|
116
|
+
get "/" do
|
|
117
|
+
value = ArtifactSearcher.call(params.to_h)
|
|
118
|
+
present(
|
|
119
|
+
{
|
|
120
|
+
artifacts: value.artifacts,
|
|
121
|
+
total: value.total,
|
|
122
|
+
current_page: value.filter[:page].to_i,
|
|
123
|
+
page_size: value.filter[:limit].to_i
|
|
124
|
+
},
|
|
125
|
+
with: Entities::ArtifactsWithPagination
|
|
126
|
+
)
|
|
127
|
+
end
|
|
128
|
+
|
|
65
129
|
desc "Get an artifact", {
|
|
66
130
|
success: Entities::Artifact,
|
|
67
131
|
failure: [{ code: 404, model: Entities::Message }],
|
|
File without changes
|
|
@@ -36,17 +36,10 @@ module Mihari
|
|
|
36
36
|
# @return [ResultValue]
|
|
37
37
|
#
|
|
38
38
|
def call(params)
|
|
39
|
-
filter = params.to_h.to_snake_keys
|
|
40
|
-
|
|
41
|
-
# normalize keys
|
|
42
|
-
filter["tag_name"] = filter["tag"]
|
|
43
|
-
# symbolize hash keys
|
|
44
|
-
filter = filter.to_h.symbolize_keys
|
|
45
|
-
|
|
39
|
+
filter = params.to_h.to_snake_keys.symbolize_keys
|
|
46
40
|
search_filter_with_pagination = Mihari::Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
|
|
47
41
|
rules = Mihari::Models::Rule.search(search_filter_with_pagination)
|
|
48
42
|
total = Mihari::Models::Rule.count(search_filter_with_pagination.without_pagination)
|
|
49
|
-
|
|
50
43
|
ResultValue.new(rules: rules, total: total, filter: filter)
|
|
51
44
|
end
|
|
52
45
|
end
|