mihari 7.1.1 → 7.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mihari/actor.rb +5 -5
  3. data/lib/mihari/analyzers/base.rb +12 -3
  4. data/lib/mihari/analyzers/passivetotal.rb +1 -1
  5. data/lib/mihari/analyzers/securitytrails.rb +1 -1
  6. data/lib/mihari/analyzers/virustotal.rb +1 -1
  7. data/lib/mihari/analyzers/virustotal_intelligence.rb +2 -2
  8. data/lib/mihari/constants.rb +1 -1
  9. data/lib/mihari/emitters/base.rb +11 -1
  10. data/lib/mihari/emitters/database.rb +4 -0
  11. data/lib/mihari/emitters/misp.rb +7 -0
  12. data/lib/mihari/emitters/slack.rb +7 -0
  13. data/lib/mihari/emitters/the_hive.rb +7 -0
  14. data/lib/mihari/emitters/webhook.rb +7 -0
  15. data/lib/mihari/enrichers/base.rb +3 -1
  16. data/lib/mihari/enrichers/google_public_dns.rb +1 -1
  17. data/lib/mihari/schemas/analyzer.rb +19 -19
  18. data/lib/mihari/schemas/emitter.rb +5 -5
  19. data/lib/mihari/schemas/enricher.rb +4 -4
  20. data/lib/mihari/structs/config.rb +1 -1
  21. data/lib/mihari/version.rb +1 -1
  22. data/lib/mihari/web/public/assets/{index-U5u7qHZZ.js → index-Guw2aMpk.js} +53 -53
  23. data/lib/mihari/web/public/index.html +1 -1
  24. data/lib/mihari.rb +3 -3
  25. data/mihari.gemspec +4 -4
  26. metadata +57 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8ea0adf73bba53f264c22f8885d44e24de5657a2a77c2b7ea3533bb5acf6e78b
4
- data.tar.gz: 77ab077d9322a22b0e399c81c057485aec1c4cdb1a14f15cbd81f1a3650f37a6
3
+ metadata.gz: 52d1c8320fdb5233c9738f3b4599868260fef892599cdfb42da6c3af17583b75
4
+ data.tar.gz: 625cd92558eff5a4d5613e588cc5ee85b9b714a9af211788da1a294d8d54ac45
5
5
  SHA512:
6
- metadata.gz: 3b68702c146819189140c0c5626c27f7b53f94021dd21138f0ac2758366486cebb7c450e0168f76cfc3d9940ee86eb2b279eb1725a3922614f51930dcb0e6b71
7
- data.tar.gz: e30c01360a6d382e73a8e88a40a5cd3f1dba6bac9ebbbe9b87b9b51cff4a6dc59676d19eec4fe757a3a40d78a560886e434802b74fdf125e663b73ae4c7abd8a
6
+ metadata.gz: 96811d3ebfffcb27a7577b814be280916dd46bd3477233374ffafd2bf784d9e5133f89b1d7650c722c25e2f678f82380f5ced2eff8f9b7e1f3c96583f54a1114
7
+ data.tar.gz: 5c13581e670c7aff158e93335fe9c626294cad622f153e61a338f31bb5a1e459302f34a3a9ddf18e0bb322e1359c43a6b782387cdc800f9b047c04e5521f4c70
data/lib/mihari/actor.rb CHANGED
@@ -55,7 +55,7 @@ module Mihari
55
55
 
56
56
  joined = self.class.configuration_keys.join(", ")
57
57
  be = (self.class.configuration_keys.length > 1) ? "are" : "is"
58
- message = "#{self.class.class_key} is not configured correctly. #{joined} #{be} missing."
58
+ message = "#{self.class.key} is not configured correctly. #{joined} #{be} missing."
59
59
  raise ConfigurationError, message
60
60
  end
61
61
 
@@ -75,22 +75,22 @@ module Mihari
75
75
  #
76
76
  # @return [String]
77
77
  #
78
- def class_key
78
+ def key
79
79
  to_s.split("::").last.downcase
80
80
  end
81
81
 
82
82
  #
83
83
  # @return [Array<String>, nil]
84
84
  #
85
- def class_key_aliases
85
+ def key_aliases
86
86
  nil
87
87
  end
88
88
 
89
89
  #
90
90
  # @return [Array<String>]
91
91
  #
92
- def class_keys
93
- ([class_key] + [class_key_aliases]).flatten.compact.map(&:downcase)
92
+ def keys
93
+ ([key] + [key_aliases]).flatten.compact.map(&:downcase)
94
94
  end
95
95
  end
96
96
  end
data/lib/mihari/analyzers/base.rb CHANGED
@@ -65,7 +65,7 @@ module Mihari
65
65
  # It is set automatically in #initialize
66
66
  artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
67
67
 
68
- artifact.source = self.class.class_key
68
+ artifact.source = self.class.key
69
69
  artifact.query = query
70
70
 
71
71
  artifact
@@ -93,14 +93,23 @@ module Mihari
93
93
  return result if result.success?
94
94
 
95
95
  # Wrap failure with AnalyzerError to explicitly name a failed analyzer
96
- error = AnalyzerError.new(result.failure.message, self.class.class_key, cause: result.failure)
96
+ error = AnalyzerError.new(result.failure.message, self.class.key, cause: result.failure)
97
97
  return Failure(error) unless ignore_error?
98
98
 
99
99
  # Return Success if ignore_error? is true with logging
100
- Mihari.logger.warn("Analyzer:#{self.class.class_key} failed - #{result.failure}")
100
+ Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
101
101
  Success([])
102
102
  end
103
103
 
104
+ #
105
+ # Truncate query for logging
106
+ #
107
+ # @return [String]
108
+ #
109
+ def truncated_query
110
+ query.truncate(32)
111
+ end
112
+
104
113
  class << self
105
114
  #
106
115
  # Initialize an analyzer by query params
data/lib/mihari/analyzers/passivetotal.rb CHANGED
@@ -57,7 +57,7 @@ module Mihari
57
57
  #
58
58
  # @return [Array<String>, nil]
59
59
  #
60
- def class_key_aliases
60
+ def key_aliases
61
61
  ["pt"]
62
62
  end
63
63
  end
data/lib/mihari/analyzers/securitytrails.rb CHANGED
@@ -51,7 +51,7 @@ module Mihari
51
51
  #
52
52
  # @return [Array<String>, nil]
53
53
  #
54
- def class_key_aliases
54
+ def key_aliases
55
55
  ["st"]
56
56
  end
57
57
  end
data/lib/mihari/analyzers/virustotal.rb CHANGED
@@ -46,7 +46,7 @@ module Mihari
46
46
  #
47
47
  # @return [Array<String>, nil]
48
48
  #
49
- def class_key_aliases
49
+ def key_aliases
50
50
  ["vt"]
51
51
  end
52
52
  end
data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED
@@ -34,14 +34,14 @@ module Mihari
34
34
  #
35
35
  # @return [String]
36
36
  #
37
- def class_key
37
+ def key
38
38
  "virustotal_intelligence"
39
39
  end
40
40
 
41
41
  #
42
42
  # @return [Array<String>, nil]
43
43
  #
44
- def class_key_aliases
44
+ def key_aliases
45
45
  ["vt_intel"]
46
46
  end
47
47
  end
data/lib/mihari/constants.rb CHANGED
@@ -5,7 +5,7 @@ module Mihari
5
5
  DEFAULT_DATA_TYPES = Types::DataTypes.values.freeze
6
6
 
7
7
  # @return [Array<Hash>]
8
- DEFAULT_EMITTERS = Emitters::Database.class_keys.map { |name| { emitter: name.downcase } }.freeze
8
+ DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| { emitter: name.downcase } }.freeze
9
9
 
10
10
  # @return [Array<Hash>]
11
11
  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| { enricher: name.downcase } }.freeze
data/lib/mihari/emitters/base.rb CHANGED
@@ -19,6 +19,14 @@ module Mihari
19
19
  @rule = rule
20
20
  end
21
21
 
22
+ # A target to emit the data
23
+ #
24
+ # @return [String]
25
+ #
26
+ def target
27
+ raise NotImplementedError, "You must implement #{self.class}##{__method__}"
28
+ end
29
+
22
30
  #
23
31
  # @param [Array<Mihari::Models::Artifact>] artifacts
24
32
  #
@@ -38,7 +46,9 @@ module Mihari
38
46
  ) { call(artifacts) }
39
47
  end.to_result
40
48
 
41
- Mihari.logger.warn("Emitter:#{self.class.class_key} failed - #{result.failure}") if result.failure?
49
+ if result.failure?
50
+ Mihari.logger.warn("Emitter:#{self.class.key} for #{target.truncate(32)} failed - #{result.failure}")
51
+ end
42
52
 
43
53
  result
44
54
  end
data/lib/mihari/emitters/database.rb CHANGED
@@ -21,6 +21,10 @@ module Mihari
21
21
  alert
22
22
  end
23
23
 
24
+ def target
25
+ Mihari.config.database_url.host || Mihari.config.database_url.to_s
26
+ end
27
+
24
28
  class << self
25
29
  def configuration_keys
26
30
  %w[database_url]
data/lib/mihari/emitters/misp.rb CHANGED
@@ -56,6 +56,13 @@ module Mihari
56
56
  })
57
57
  end
58
58
 
59
+ #
60
+ # @return [String]
61
+ #
62
+ def target
63
+ URI(url).host || "N/A"
64
+ end
65
+
59
66
  class << self
60
67
  def configuration_keys
61
68
  %w[misp_url misp_api_key]
data/lib/mihari/emitters/slack.rb CHANGED
@@ -165,6 +165,13 @@ module Mihari
165
165
  webhook_url?
166
166
  end
167
167
 
168
+ #
169
+ # @return [String]
170
+ #
171
+ def target
172
+ channel
173
+ end
174
+
168
175
  #
169
176
  # @return [::Slack::Notifier]
170
177
  #
data/lib/mihari/emitters/the_hive.rb CHANGED
@@ -33,6 +33,13 @@ module Mihari
33
33
  api_key? && url?
34
34
  end
35
35
 
36
+ #
37
+ # @return [String]
38
+ #
39
+ def target
40
+ URI(url).host || "N/A"
41
+ end
42
+
36
43
  #
37
44
  # Create a Hive alert
38
45
  #
data/lib/mihari/emitters/webhook.rb CHANGED
@@ -55,6 +55,13 @@ module Mihari
55
55
  %w[http https].include? url.scheme.downcase
56
56
  end
57
57
 
58
+ #
59
+ # @return [String]
60
+ #
61
+ def target
62
+ URI(url).host || "N/A"
63
+ end
64
+
58
65
  #
59
66
  # @param [Array<Mihari::Models::Artifact>] artifacts
60
67
  #
data/lib/mihari/enrichers/base.rb CHANGED
@@ -33,7 +33,9 @@ module Mihari
33
33
  ) { call value }
34
34
  end.to_result
35
35
 
36
- Mihari.logger.warn("Enricher:#{self.class.class_key} failed: #{result.failure}") if result.failure?
36
+ if result.failure?
37
+ Mihari.logger.warn("Enricher:#{self.class.key} for #{value.truncate(32)} failed: #{result.failure}")
38
+ end
37
39
 
38
40
  result
39
41
  end
data/lib/mihari/enrichers/google_public_dns.rb CHANGED
@@ -21,7 +21,7 @@ module Mihari
21
21
  #
22
22
  # @return [String]
23
23
  #
24
- def class_key
24
+ def key
25
25
  "google_public_dns"
26
26
  end
27
27
  end
data/lib/mihari/schemas/analyzer.rb CHANGED
@@ -10,12 +10,12 @@ module Mihari
10
10
 
11
11
  # Analyzer with API key and pagination
12
12
  [
13
- Mihari::Analyzers::BinaryEdge.class_keys,
14
- Mihari::Analyzers::GreyNoise.class_keys,
15
- Mihari::Analyzers::Onyphe.class_keys,
16
- Mihari::Analyzers::Shodan.class_keys,
17
- Mihari::Analyzers::Urlscan.class_keys,
18
- Mihari::Analyzers::VirusTotalIntelligence.class_keys
13
+ Mihari::Analyzers::BinaryEdge.keys,
14
+ Mihari::Analyzers::GreyNoise.keys,
15
+ Mihari::Analyzers::Onyphe.keys,
16
+ Mihari::Analyzers::Shodan.keys,
17
+ Mihari::Analyzers::Urlscan.keys,
18
+ Mihari::Analyzers::VirusTotalIntelligence.keys
19
19
  ].each do |keys|
20
20
  key = keys.first
21
21
  const_set(key.upcase, Dry::Schema.Params do
@@ -28,10 +28,10 @@ module Mihari
28
28
 
29
29
  # Analyzer with API key
30
30
  [
31
- Mihari::Analyzers::OTX.class_keys,
32
- Mihari::Analyzers::Pulsedive.class_keys,
33
- Mihari::Analyzers::VirusTotal.class_keys,
34
- Mihari::Analyzers::SecurityTrails.class_keys
31
+ Mihari::Analyzers::OTX.keys,
32
+ Mihari::Analyzers::Pulsedive.keys,
33
+ Mihari::Analyzers::VirusTotal.keys,
34
+ Mihari::Analyzers::SecurityTrails.keys
35
35
  ].each do |keys|
36
36
  key = keys.first
37
37
  const_set(key.upcase, Dry::Schema.Params do
@@ -43,13 +43,13 @@ module Mihari
43
43
  end
44
44
 
45
45
  DNSTwister = Dry::Schema.Params do
46
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.class_keys))
46
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.keys))
47
47
  required(:query).value(:string)
48
48
  optional(:options).hash(AnalyzerOptions)
49
49
  end
50
50
 
51
51
  Censys = Dry::Schema.Params do
52
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.class_keys))
52
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.keys))
53
53
  required(:query).value(:string)
54
54
  optional(:id).value(:string)
55
55
  optional(:secret).value(:string)
@@ -57,7 +57,7 @@ module Mihari
57
57
  end
58
58
 
59
59
  CIRCL = Dry::Schema.Params do
60
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.class_keys))
60
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.keys))
61
61
  required(:query).value(:string)
62
62
  optional(:username).value(:string)
63
63
  optional(:password).value(:string)
@@ -65,7 +65,7 @@ module Mihari
65
65
  end
66
66
 
67
67
  Fofa = Dry::Schema.Params do
68
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.class_keys))
68
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.keys))
69
69
  required(:query).value(:string)
70
70
  optional(:api_key).value(:string)
71
71
  optional(:email).value(:string)
@@ -73,7 +73,7 @@ module Mihari
73
73
  end
74
74
 
75
75
  PassiveTotal = Dry::Schema.Params do
76
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.class_keys))
76
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.keys))
77
77
  required(:query).value(:string)
78
78
  optional(:username).value(:string)
79
79
  optional(:api_key).value(:string)
@@ -81,14 +81,14 @@ module Mihari
81
81
  end
82
82
 
83
83
  ZoomEye = Dry::Schema.Params do
84
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.class_keys))
84
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.keys))
85
85
  required(:query).value(:string)
86
86
  required(:type).value(Types::String.enum("host", "web"))
87
87
  optional(:options).hash(AnalyzerPaginationOptions)
88
88
  end
89
89
 
90
90
  Crtsh = Dry::Schema.Params do
91
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.class_keys))
91
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.keys))
92
92
  required(:query).value(:string)
93
93
  optional(:exclude_expired).value(:bool).default(true)
94
94
  optional(:match).value(Types::String.enum("=", "ILIKE", "LIKE", "single", "any", "FTS")).default(nil)
@@ -96,7 +96,7 @@ module Mihari
96
96
  end
97
97
 
98
98
  HunterHow = Dry::Schema.Params do
99
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.class_keys))
99
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.keys))
100
100
  required(:query).value(:string)
101
101
  required(:start_time).value(:date)
102
102
  required(:end_time).value(:date)
@@ -105,7 +105,7 @@ module Mihari
105
105
  end
106
106
 
107
107
  Feed = Dry::Schema.Params do
108
- required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.class_keys))
108
+ required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.keys))
109
109
  required(:query).value(:string)
110
110
  required(:selector).value(:string)
111
111
  optional(:method).value(Types::HTTPRequestMethods).default("GET")
data/lib/mihari/schemas/emitter.rb CHANGED
@@ -9,33 +9,33 @@ module Mihari
9
9
  extend Concerns::Orrable
10
10
 
11
11
  Database = Dry::Schema.Params do
12
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.class_keys))
12
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.keys))
13
13
  optional(:options).hash(Options)
14
14
  end
15
15
 
16
16
  MISP = Dry::Schema.Params do
17
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.class_keys))
17
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.keys))
18
18
  optional(:url).value(:string)
19
19
  optional(:api_key).value(:string)
20
20
  optional(:options).hash(Options)
21
21
  end
22
22
 
23
23
  TheHive = Dry::Schema.Params do
24
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.class_keys))
24
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.keys))
25
25
  optional(:url).value(:string)
26
26
  optional(:api_key).value(:string)
27
27
  optional(:options).hash(Options)
28
28
  end
29
29
 
30
30
  Slack = Dry::Schema.Params do
31
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.class_keys))
31
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.keys))
32
32
  optional(:webhook_url).value(:string)
33
33
  optional(:channel).value(:string)
34
34
  optional(:options).hash(Options)
35
35
  end
36
36
 
37
37
  Webhook = Dry::Schema.Params do
38
- required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.class_keys))
38
+ required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.keys))
39
39
  required(:url).value(:string)
40
40
  optional(:method).value(Types::HTTPRequestMethods).default("POST")
41
41
  optional(:headers).value(:hash).default({})
data/lib/mihari/schemas/enricher.rb CHANGED
@@ -9,22 +9,22 @@ module Mihari
9
9
  extend Concerns::Orrable
10
10
 
11
11
  MMDB = Dry::Schema.Params do
12
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.class_keys))
12
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.keys))
13
13
  optional(:options).hash(Options)
14
14
  end
15
15
 
16
16
  Whois = Dry::Schema.Params do
17
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.class_keys))
17
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.keys))
18
18
  optional(:options).hash(Options)
19
19
  end
20
20
 
21
21
  Shodan = Dry::Schema.Params do
22
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.class_keys))
22
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.keys))
23
23
  optional(:options).hash(Options)
24
24
  end
25
25
 
26
26
  GooglePublicDNS = Dry::Schema.Params do
27
- required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.class_keys))
27
+ required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.keys))
28
28
  optional(:options).hash(Options)
29
29
  end
30
30
  end
data/lib/mihari/structs/config.rb CHANGED
@@ -68,7 +68,7 @@ module Mihari
68
68
  begin
69
69
  instance = get_dummy(klass)
70
70
  new(
71
- name: klass.class_key,
71
+ name: klass.key,
72
72
  items: klass.configuration_items,
73
73
  configured: instance.configured?,
74
74
  type: type
data/lib/mihari/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "7.1.1"
4
+ VERSION = "7.1.2"
5
5
  end