mihari 7.1.1 → 7.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mihari/actor.rb +5 -5
  3. data/lib/mihari/analyzers/base.rb +12 -3
  4. data/lib/mihari/analyzers/passivetotal.rb +1 -1
  5. data/lib/mihari/analyzers/securitytrails.rb +1 -1
  6. data/lib/mihari/analyzers/virustotal.rb +1 -1
  7. data/lib/mihari/analyzers/virustotal_intelligence.rb +2 -2
  8. data/lib/mihari/constants.rb +1 -1
  9. data/lib/mihari/emitters/base.rb +11 -1
  10. data/lib/mihari/emitters/database.rb +4 -0
  11. data/lib/mihari/emitters/misp.rb +7 -0
  12. data/lib/mihari/emitters/slack.rb +7 -0
  13. data/lib/mihari/emitters/the_hive.rb +7 -0
  14. data/lib/mihari/emitters/webhook.rb +7 -0
  15. data/lib/mihari/enrichers/base.rb +3 -1
  16. data/lib/mihari/enrichers/google_public_dns.rb +1 -1
  17. data/lib/mihari/schemas/analyzer.rb +19 -19
  18. data/lib/mihari/schemas/emitter.rb +5 -5
  19. data/lib/mihari/schemas/enricher.rb +4 -4
  20. data/lib/mihari/structs/config.rb +1 -1
  21. data/lib/mihari/version.rb +1 -1
  22. data/lib/mihari/web/public/assets/{index-U5u7qHZZ.js → index-Guw2aMpk.js} +53 -53
  23. data/lib/mihari/web/public/index.html +1 -1
  24. data/lib/mihari.rb +3 -3
  25. data/mihari.gemspec +4 -4
  26. metadata +57 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8ea0adf73bba53f264c22f8885d44e24de5657a2a77c2b7ea3533bb5acf6e78b
4
- data.tar.gz: 77ab077d9322a22b0e399c81c057485aec1c4cdb1a14f15cbd81f1a3650f37a6
3
+ metadata.gz: 52d1c8320fdb5233c9738f3b4599868260fef892599cdfb42da6c3af17583b75
4
+ data.tar.gz: 625cd92558eff5a4d5613e588cc5ee85b9b714a9af211788da1a294d8d54ac45
5
5
  SHA512:
6
- metadata.gz: 3b68702c146819189140c0c5626c27f7b53f94021dd21138f0ac2758366486cebb7c450e0168f76cfc3d9940ee86eb2b279eb1725a3922614f51930dcb0e6b71
7
- data.tar.gz: e30c01360a6d382e73a8e88a40a5cd3f1dba6bac9ebbbe9b87b9b51cff4a6dc59676d19eec4fe757a3a40d78a560886e434802b74fdf125e663b73ae4c7abd8a
6
+ metadata.gz: 96811d3ebfffcb27a7577b814be280916dd46bd3477233374ffafd2bf784d9e5133f89b1d7650c722c25e2f678f82380f5ced2eff8f9b7e1f3c96583f54a1114
7
+ data.tar.gz: 5c13581e670c7aff158e93335fe9c626294cad622f153e61a338f31bb5a1e459302f34a3a9ddf18e0bb322e1359c43a6b782387cdc800f9b047c04e5521f4c70
data/lib/mihari/actor.rb CHANGED
@@ -55,7 +55,7 @@ module Mihari
55
55
 
56
56
  joined = self.class.configuration_keys.join(", ")
57
57
  be = (self.class.configuration_keys.length > 1) ? "are" : "is"
58
- message = "#{self.class.class_key} is not configured correctly. #{joined} #{be} missing."
58
+ message = "#{self.class.key} is not configured correctly. #{joined} #{be} missing."
59
59
  raise ConfigurationError, message
60
60
  end
61
61
 
@@ -75,22 +75,22 @@ module Mihari
75
75
  #
76
76
  # @return [String]
77
77
  #
78
- def class_key
78
+ def key
79
79
  to_s.split("::").last.downcase
80
80
  end
81
81
 
82
82
  #
83
83
  # @return [Array<String>, nil]
84
84
  #
85
- def class_key_aliases
85
+ def key_aliases
86
86
  nil
87
87
  end
88
88
 
89
89
  #
90
90
  # @return [Array<String>]
91
91
  #
92
- def class_keys
93
- ([class_key] + [class_key_aliases]).flatten.compact.map(&:downcase)
92
+ def keys
93
+ ([key] + [key_aliases]).flatten.compact.map(&:downcase)
94
94
  end
95
95
  end
96
96
  end
data/lib/mihari/analyzers/base.rb CHANGED
@@ -65,7 +65,7 @@ module Mihari
65
65
  # It is set automatically in #initialize
66
66
  artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
67
67
 
68
- artifact.source = self.class.class_key
68
+ artifact.source = self.class.key
69
69
  artifact.query = query
70
70
 
71
71
  artifact
@@ -93,14 +93,23 @@ module Mihari
93
93
  return result if result.success?
94
94
 
95
95
  # Wrap failure with AnalyzerError to explicitly name a failed analyzer
96
- error = AnalyzerError.new(result.failure.message, self.class.class_key, cause: result.failure)
96
+ error = AnalyzerError.new(result.failure.message, self.class.key, cause: result.failure)
97
97
  return Failure(error) unless ignore_error?
98
98
 
99
99
  # Return Success if ignore_error? is true with logging
100
- Mihari.logger.warn("Analyzer:#{self.class.class_key} failed - #{result.failure}")
100
+ Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
101
101
  Success([])
102
102
  end
103
103
 
104
+ #
105
+ # Truncate query for logging
106
+ #
107
+ # @return [String]
108
+ #
109
+ def truncated_query
110
+ query.truncate(32)
111
+ end
112
+
104
113
  class << self
105
114
  #
106
115
  # Initialize an analyzer by query params
data/lib/mihari/analyzers/passivetotal.rb CHANGED
@@ -57,7 +57,7 @@ module Mihari
57
57
  #
58
58
  # @return [Array<String>, nil]
59
59
  #
60
- def class_key_aliases
60
+ def key_aliases
61
61
  ["pt"]
62
62
  end
63
63
  end
data/lib/mihari/analyzers/securitytrails.rb CHANGED
@@ -51,7 +51,7 @@ module Mihari
51
51
  #
52
52
  # @return [Array<String>, nil]
53
53
  #
54
- def class_key_aliases
54
+ def key_aliases
55
55
  ["st"]
56
56
  end
57
57
  end
data/lib/mihari/analyzers/virustotal.rb CHANGED
@@ -46,7 +46,7 @@ module Mihari
46
46
  #
47
47
  # @return [Array<String>, nil]
48
48
  #
49
- def class_key_aliases
49
+ def key_aliases
50
50
  ["vt"]
51
51
  end
52
52
  end
data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED
@@ -34,14 +34,14 @@ module Mihari
34
34
  #
35
35
  # @return [String]
36
36
  #
37
- def class_key
37
+ def key
38
38
  "virustotal_intelligence"
39
39
  end
40
40
 
41
41
  #
42
42
  # @return [Array<String>, nil]
43
43
  #
44
- def class_key_aliases
44
+ def key_aliases
45
45
  ["vt_intel"]
46
46
  end
47
47
  end
data/lib/mihari/constants.rb CHANGED
@@ -5,7 +5,7 @@ module Mihari
5
5
  DEFAULT_DATA_TYPES = Types::DataTypes.values.freeze
6
6
 
7
7
  # @return [Array<Hash>]
8
- DEFAULT_EMITTERS = Emitters::Database.class_keys.map { |name| { emitter: name.downcase } }.freeze
8
+ DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| { emitter: name.downcase } }.freeze
9
9
 
10
10
  # @return [Array<Hash>]
11
11
  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| { enricher: name.downcase } }.freeze
data/lib/mihari/emitters/base.rb CHANGED
@@ -19,6 +19,14 @@ module Mihari
19
19
  @rule = rule
20
20
  end
21
21
 
22
+ # A target to emit the data
23
+ #
24
+ # @return [String]
25
+ #
26
+ def target
27
+ raise NotImplementedError, "You must implement #{self.class}##{__method__}"
28
+ end
29
+
22
30
  #
23
31
  # @param [Array<Mihari::Models::Artifact>] artifacts
24
32
  #
@@ -38,7 +46,9 @@ module Mihari
38
46
  ) { call(artifacts) }
39
47
  end.to_result
40
48
 
41
- Mihari.logger.warn("Emitter:#{self.class.class_key} failed - #{result.failure}") if result.failure?
49
+ if result.failure?
50
+ Mihari.logger.warn("Emitter:#{self.class.key} for #{target.truncate(32)} failed - #{result.failure}")
51
+ end
42
52
 
43
53
  result
44
54
  end
data/lib/mihari/emitters/database.rb CHANGED
@@ -21,6 +21,10 @@ module Mihari
21
21
  alert
22
22
  end
23
23
 
24
+ def target
25
+ Mihari.config.database_url.host || Mihari.config.database_url.to_s
26
+ end
27
+
24
28
  class << self
25
29
  def configuration_keys
26
30
  %w[database_url]
data/lib/mihari/emitters/misp.rb CHANGED
@@ -56,6 +56,13 @@ module Mihari
56
56
  })
57
57
  end
58
58
 
59
+ #
60
+ # @return [String]
61
+ #
62
+ def target
63
+ URI(url).host || "N/A"
64
+ end
65
+
59
66
  class << self
60
67
  def configuration_keys
61
68
  %w[misp_url misp_api_key]
data/lib/mihari/emitters/slack.rb CHANGED
@@ -165,6 +165,13 @@ module Mihari
165
165
  webhook_url?
166
166
  end
167
167
 
168
+ #
169
+ # @return [String]
170
+ #
171
+ def target
172
+ channel
173
+ end
174
+
168
175
  #
169
176
  # @return [::Slack::Notifier]
170
177
  #
data/lib/mihari/emitters/the_hive.rb CHANGED
@@ -33,6 +33,13 @@ module Mihari
33
33
  api_key? && url?
34
34
  end
35
35
 
36
+ #
37
+ # @return [String]
38
+ #
39
+ def target
40
+ URI(url).host || "N/A"
41
+ end
42
+
36
43
  #
37
44
  # Create a Hive alert
38
45
  #
data/lib/mihari/emitters/webhook.rb CHANGED
@@ -55,6 +55,13 @@ module Mihari
55
55
  %w[http https].include? url.scheme.downcase
56
56
  end
57
57
 
58
+ #
59
+ # @return [String]
60
+ #
61
+ def target
62
+ URI(url).host || "N/A"
63
+ end
64
+
58
65
  #
59
66
  # @param [Array<Mihari::Models::Artifact>] artifacts
60
67
  #
data/lib/mihari/enrichers/base.rb CHANGED
@@ -33,7 +33,9 @@ module Mihari
33
33
  ) { call value }
34
34
  end.to_result
35
35
 
36
- Mihari.logger.warn("Enricher:#{self.class.class_key} failed: #{result.failure}") if result.failure?
36
+ if result.failure?
37
+ Mihari.logger.warn("Enricher:#{self.class.key} for #{value.truncate(32)} failed: #{result.failure}")
38
+ end
37
39
 
38
40
  result
39
41
  end
data/lib/mihari/enrichers/google_public_dns.rb CHANGED
@@ -21,7 +21,7 @@ module Mihari
21
21
  #
22
22
  # @return [String]
23
23
  #
24
- def class_key
24
+ def key
25
25
  "google_public_dns"
26
26
  end
27
27
  end
data/lib/mihari/schemas/analyzer.rb CHANGED
@@ -10,12 +10,12 @@ module Mihari
10
10
 
11
11
  # Analyzer with API key and pagination
12
12
  [
13
- Mihari::Analyzers::BinaryEdge.class_keys,
14
- Mihari::Analyzers::GreyNoise.class_keys,
15
- Mihari::Analyzers::Onyphe.class_keys,
16
- Mihari::Analyzers::Shodan.class_keys,
17
- Mihari::Analyzers::Urlscan.class_keys,
18
- Mihari::Analyzers::VirusTotalIntelligence.class_keys
13
+ Mihari::Analyzers::BinaryEdge.keys,
14
+ Mihari::Analyzers::GreyNoise.keys,
15
+ Mihari::Analyzers::Onyphe.keys,
16
+ Mihari::Analyzers::Shodan.keys,
17
+ Mihari::Analyzers::Urlscan.keys,
18
+ Mihari::Analyzers::VirusTotalIntelligence.keys
19
19
  ].each do |keys|
20
20
  key = keys.first
21
21
  const_set(key.upcase, Dry::Schema.Params do
@@ -28,10 +28,10 @@ module Mihari
28
28
 
29
29
  # Analyzer with API key
30
30
  [
31
- Mihari::Analyzers::OTX.class_keys,
32
- Mihari::Analyzers::Pulsedive.class_keys,
33
- Mihari::Analyzers::VirusTotal.class_keys,
34
- Mihari::Analyzers::SecurityTrails.class_keys
31
+ Mihari::Analyzers::OTX.keys,
32
+ Mihari::Analyzers::Pulsedive.keys,
33
+ Mihari::Analyzers::VirusTotal.keys,
34
+ Mihari::Analyzers::SecurityTrails.keys
35
35
  ].each do |keys|
36
36
  key = keys.first
37
37
  const_set(key.upcase, Dry::Schema.Params do
@@ -43,13 +43,13 @@ module Mihari
43
43
  end
44
44
 
45
45
  DNSTwister = Dry::Schema.Params do
46
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.class_keys))
46
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.keys))
47
47
  required(:query).value(:string)
48
48
  optional(:options).hash(AnalyzerOptions)
49
49
  end
50
50
 
51
51
  Censys = Dry::Schema.Params do
52
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.class_keys))
52
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.keys))
53
53
  required(:query).value(:string)
54
54
  optional(:id).value(:string)
55
55
  optional(:secret).value(:string)
@@ -57,7 +57,7 @@ module Mihari
57
57
  end
58
58
 
59
59
  CIRCL = Dry::Schema.Params do
60
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.class_keys))
60
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.keys))
61
61
  required(:query).value(:string)
62
62
  optional(:username).value(:string)
63
63
  optional(:password).value(:string)
@@ -65,7 +65,7 @@ module Mihari
65
65
  end
66
66
 
67
67
  Fofa = Dry::Schema.Params do
68
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.class_keys))
68
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.keys))
69
69
  required(:query).value(:string)
70
70
  optional(:api_key).value(:string)
71
71
  optional(:email).value(:string)
@@ -73,7 +73,7 @@ module Mihari
73
73
  end
74
74
 
75
75
  PassiveTotal = Dry::Schema.Params do
76
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.class_keys))
76
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.keys))
77
77
  required(:query).value(:string)
78
78
  optional(:username).value(:string)
79
79
  optional(:api_key).value(:string)
@@ -81,14 +81,14 @@ module Mihari
81
81
  end
82
82
 
83
83
  ZoomEye = Dry::Schema.Params do
84
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.class_keys))
84
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.keys))
85
85
  required(:query).value(:string)
86
86
  required(:type).value(Types::String.enum("host", "web"))
87
87
  optional(:options).hash(AnalyzerPaginationOptions)
88
88
  end
89
89
 
90
90
  Crtsh = Dry::Schema.Params do
91
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.class_keys))
91
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.keys))
92
92
  required(:query).value(:string)
93
93
  optional(:exclude_expired).value(:bool).default(true)
94
94
  optional(:match).value(Types::String.enum("=", "ILIKE", "LIKE", "single", "any", "FTS")).default(nil)
@@ -96,7 +96,7 @@ module Mihari
96
96
  end
97
97
 
98
98
  HunterHow = Dry::Schema.Params do
99
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.class_keys))
99
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.keys))
100
100
  required(:query).value(:string)
101
101
  required(:start_time).value(:date)
102
102
  required(:end_time).value(:date)
@@ -105,7 +105,7 @@ module Mihari
105
105
  end
106
106
 
107
107
  Feed = Dry::Schema.Params do
108
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.class_keys))
108
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.keys))
109
109
  required(:query).value(:string)
110
110
  required(:selector).value(:string)
111
111
  optional(:method).value(Types::HTTPRequestMethods).default("GET")
data/lib/mihari/schemas/emitter.rb CHANGED
@@ -9,33 +9,33 @@ module Mihari
9
9
  extend Concerns::Orrable
10
10
 
11
11
  Database = Dry::Schema.Params do
12
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.class_keys))
12
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.keys))
13
13
  optional(:options).hash(Options)
14
14
  end
15
15
 
16
16
  MISP = Dry::Schema.Params do
17
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.class_keys))
17
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.keys))
18
18
  optional(:url).value(:string)
19
19
  optional(:api_key).value(:string)
20
20
  optional(:options).hash(Options)
21
21
  end
22
22
 
23
23
  TheHive = Dry::Schema.Params do
24
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.class_keys))
24
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.keys))
25
25
  optional(:url).value(:string)
26
26
  optional(:api_key).value(:string)
27
27
  optional(:options).hash(Options)
28
28
  end
29
29
 
30
30
  Slack = Dry::Schema.Params do
31
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.class_keys))
31
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.keys))
32
32
  optional(:webhook_url).value(:string)
33
33
  optional(:channel).value(:string)
34
34
  optional(:options).hash(Options)
35
35
  end
36
36
 
37
37
  Webhook = Dry::Schema.Params do
38
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.class_keys))
38
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.keys))
39
39
  required(:url).value(:string)
40
40
  optional(:method).value(Types::HTTPRequestMethods).default("POST")
41
41
  optional(:headers).value(:hash).default({})
data/lib/mihari/schemas/enricher.rb CHANGED
@@ -9,22 +9,22 @@ module Mihari
9
9
  extend Concerns::Orrable
10
10
 
11
11
  MMDB = Dry::Schema.Params do
12
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.class_keys))
12
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.keys))
13
13
  optional(:options).hash(Options)
14
14
  end
15
15
 
16
16
  Whois = Dry::Schema.Params do
17
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.class_keys))
17
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.keys))
18
18
  optional(:options).hash(Options)
19
19
  end
20
20
 
21
21
  Shodan = Dry::Schema.Params do
22
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.class_keys))
22
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.keys))
23
23
  optional(:options).hash(Options)
24
24
  end
25
25
 
26
26
  GooglePublicDNS = Dry::Schema.Params do
27
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.class_keys))
27
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.keys))
28
28
  optional(:options).hash(Options)
29
29
  end
30
30
  end
data/lib/mihari/structs/config.rb CHANGED
@@ -68,7 +68,7 @@ module Mihari
68
68
  begin
69
69
  instance = get_dummy(klass)
70
70
  new(
71
- name: klass.class_key,
71
+ name: klass.key,
72
72
  items: klass.configuration_items,
73
73
  configured: instance.configured?,
74
74
  type: type
data/lib/mihari/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "7.1.1"
4
+ VERSION = "7.1.2"
5
5
  end