RubyGems - mihari - Versions diffs - 7.3.2 → 7.5.0 - Mend

mihari 7.3.2 → 7.5.0

Files changed (131) hide show

checksums.yaml +4 -4
data/.gitignore +8 -0
data/.rubocop.yml +0 -2
data/.shadowenv.d/.gitignore +2 -0
data/.shadowenv.d/000_unset_all.lisp +39 -0
data/README.md +0 -8
data/lib/mihari/analyzers/base.rb +2 -2
data/lib/mihari/analyzers/binaryedge.rb +5 -5
data/lib/mihari/analyzers/censys.rb +6 -6
data/lib/mihari/analyzers/circl.rb +2 -2
data/lib/mihari/analyzers/crtsh.rb +3 -3
data/lib/mihari/analyzers/dnstwister.rb +2 -2
data/lib/mihari/analyzers/feed.rb +12 -18
data/lib/mihari/analyzers/fofa.rb +6 -6
data/lib/mihari/analyzers/greynoise.rb +5 -5
data/lib/mihari/analyzers/hunterhow.rb +4 -4
data/lib/mihari/analyzers/onyphe.rb +5 -5
data/lib/mihari/analyzers/otx.rb +2 -2
data/lib/mihari/analyzers/passivetotal.rb +3 -3
data/lib/mihari/analyzers/pulsedive.rb +3 -3
data/lib/mihari/analyzers/securitytrails.rb +4 -4
data/lib/mihari/analyzers/shodan.rb +5 -5
data/lib/mihari/analyzers/urlscan.rb +5 -5
data/lib/mihari/analyzers/virustotal.rb +4 -4
data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -5
data/lib/mihari/analyzers/zoomeye.rb +5 -5
data/lib/mihari/cli/application.rb +1 -1
data/lib/mihari/clients/base.rb +7 -6
data/lib/mihari/clients/binaryedge.rb +6 -6
data/lib/mihari/clients/censys.rb +4 -4
data/lib/mihari/clients/circl.rb +2 -2
data/lib/mihari/clients/crtsh.rb +2 -2
data/lib/mihari/clients/dnstwister.rb +1 -1
data/lib/mihari/clients/fofa.rb +4 -4
data/lib/mihari/clients/google_public_dns.rb +2 -2
data/lib/mihari/clients/greynoise.rb +4 -4
data/lib/mihari/clients/hunterhow.rb +10 -10
data/lib/mihari/clients/misp.rb +1 -1
data/lib/mihari/clients/mmdb.rb +1 -1
data/lib/mihari/clients/onyphe.rb +4 -4
data/lib/mihari/clients/otx.rb +1 -1
data/lib/mihari/clients/passivetotal.rb +5 -5
data/lib/mihari/clients/publsedive.rb +3 -3
data/lib/mihari/clients/securitytrails.rb +6 -6
data/lib/mihari/clients/shodan.rb +6 -6
data/lib/mihari/clients/shodan_internet_db.rb +1 -1
data/lib/mihari/clients/the_hive.rb +2 -2
data/lib/mihari/clients/urlscan.rb +4 -4
data/lib/mihari/clients/virustotal.rb +4 -4
data/lib/mihari/clients/whois.rb +118 -0
data/lib/mihari/clients/yeti.rb +38 -0
data/lib/mihari/clients/zoomeye.rb +12 -12
data/lib/mihari/commands/alert.rb +1 -1
data/lib/mihari/commands/artifact.rb +1 -1
data/lib/mihari/commands/rule.rb +1 -1
data/lib/mihari/commands/tag.rb +1 -1
data/lib/mihari/concerns/autonomous_system_normalizable.rb +1 -4
data/lib/mihari/concerns/configurable.rb +1 -1
data/lib/mihari/concerns/database_connectable.rb +2 -2
data/lib/mihari/concerns/retriable.rb +1 -1
data/lib/mihari/config.rb +14 -2
data/lib/mihari/constants.rb +2 -2
data/lib/mihari/data_type.rb +1 -3
data/lib/mihari/emitters/base.rb +2 -2
data/lib/mihari/emitters/database.rb +1 -1
data/lib/mihari/emitters/misp.rb +12 -4
data/lib/mihari/emitters/slack.rb +9 -9
data/lib/mihari/emitters/the_hive.rb +9 -4
data/lib/mihari/emitters/webhook.rb +4 -4
data/lib/mihari/emitters/yeti.rb +107 -0
data/lib/mihari/enrichers/base.rb +1 -1
data/lib/mihari/enrichers/google_public_dns.rb +1 -1
data/lib/mihari/enrichers/mmdb.rb +1 -1
data/lib/mihari/enrichers/shodan.rb +3 -3
data/lib/mihari/enrichers/whois.rb +6 -91
data/lib/mihari/entities/alert.rb +6 -6
data/lib/mihari/entities/artifact.rb +17 -17
data/lib/mihari/entities/autonomous_system.rb +1 -1
data/lib/mihari/entities/config.rb +8 -4
data/lib/mihari/entities/cpe.rb +2 -2
data/lib/mihari/entities/dns.rb +3 -3
data/lib/mihari/entities/geolocation.rb +3 -3
data/lib/mihari/entities/ip_address.rb +3 -3
data/lib/mihari/entities/messages.rb +3 -3
data/lib/mihari/entities/pagination.rb +3 -3
data/lib/mihari/entities/port.rb +2 -2
data/lib/mihari/entities/reverse_dns.rb +2 -2
data/lib/mihari/entities/rule.rb +8 -8
data/lib/mihari/entities/tag.rb +3 -3
data/lib/mihari/entities/vulnerability.rb +2 -2
data/lib/mihari/entities/whois.rb +7 -7
data/lib/mihari/errors.rb +1 -1
data/lib/mihari/models/artifact.rb +2 -2
data/lib/mihari/models/port.rb +1 -1
data/lib/mihari/models/tag.rb +3 -0
data/lib/mihari/rule.rb +10 -14
data/lib/mihari/schemas/emitter.rb +9 -0
data/lib/mihari/services/feed.rb +3 -3
data/lib/mihari/services/getters.rb +1 -1
data/lib/mihari/services/proxies.rb +1 -1
data/lib/mihari/services/renderer.rb +2 -0
data/lib/mihari/services/searchers.rb +1 -1
data/lib/mihari/sidekiq/application.rb +2 -2
data/lib/mihari/structs/censys.rb +4 -4
data/lib/mihari/structs/google_public_dns.rb +3 -3
data/lib/mihari/structs/greynoise.rb +2 -2
data/lib/mihari/structs/onyphe.rb +3 -3
data/lib/mihari/structs/shodan.rb +10 -10
data/lib/mihari/structs/urlscan.rb +1 -1
data/lib/mihari/structs/virustotal_intelligence.rb +2 -2
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +1 -1
data/lib/mihari/web/application.rb +1 -1
data/lib/mihari/web/endpoints/alerts.rb +12 -12
data/lib/mihari/web/endpoints/artifacts.rb +11 -11
data/lib/mihari/web/endpoints/configs.rb +7 -2
data/lib/mihari/web/endpoints/ip_addresses.rb +5 -5
data/lib/mihari/web/endpoints/rules.rb +26 -26
data/lib/mihari/web/endpoints/tags.rb +4 -4
data/lib/mihari/web/public/assets/{index-ReF8ffd-.css → index-80oZkhZG.css} +1 -1
data/lib/mihari/web/public/assets/index-BNLbw8nG.js +1783 -0
data/lib/mihari/web/public/index.html +2 -2
data/lib/mihari/web/public/redoc-static.html +2 -2
data/lib/mihari.rb +4 -1
data/mihari.gemspec +19 -19
data/renovate.json +1 -3
data/requirements.txt +1 -1
metadata +48 -44
data/.standard.yml +0 -4
data/lib/mihari/web/public/assets/index-lRP933ks.js +0 -1787
/data/lib/mihari/web/public/assets/{mode-yaml-BC4MIiYj.js → mode-yaml-ELgwiJiP.js} +0 -0

data/lib/mihari/clients/whois.rb ADDED Viewed

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+require "whois-parser"
+module Mihari
+  module Clients
+    #
+    # Whois client
+    #
+    class Whois
+      # @return [Integer, nil]
+      attr_reader :timeout
+      # @return [::Whois::Client]
+      attr_reader :client
+      #
+      # @param [Integer, nil] timeout
+      #
+      def initialize(timeout: nil)
+        @timeout = timeout
+        @client = lambda do
+          return ::Whois::Client.new if timeout.nil?
+          ::Whois::Client.new(timeout:)
+        end.call
+      end
+      #
+      # Query IAIA Whois API
+      #
+      # @param [Mihari::Models::Artifact] artifact
+      #
+      # @param [Object] domain
+      def lookup(domain)
+        record = client.lookup(domain)
+        return if record.parser.available?
+        Models::WhoisRecord.new(
+          domain:,
+          created_on: get_created_on(record.parser),
+          updated_on: get_updated_on(record.parser),
+          expires_on: get_expires_on(record.parser),
+          registrar: get_registrar(record.parser),
+          contacts: get_contacts(record.parser)
+        )
+      end
+      private
+      #
+      # Get created_on
+      #
+      # @param [::Whois::Parser] parser
+      #
+      # @return [Date, nil]
+      #
+      def get_created_on(parser)
+        parser.created_on
+      rescue ::Whois::AttributeNotImplemented
+        nil
+      end
+      #
+      # Get updated_on
+      #
+      # @param [::Whois::Parser] parser
+      #
+      # @return [Date, nil]
+      #
+      def get_updated_on(parser)
+        parser.updated_on
+      rescue ::Whois::AttributeNotImplemented
+        nil
+      end
+      #
+      # Get expires_on
+      #
+      # @param [::Whois::Parser] parser
+      #
+      # @return [Date, nil]
+      #
+      def get_expires_on(parser)
+        parser.expires_on
+      rescue ::Whois::AttributeNotImplemented
+        nil
+      end
+      #
+      # Get registrar
+      #
+      # @param [::Whois::Parser] parser
+      #
+      # @return [Hash, nil]
+      #
+      def get_registrar(parser)
+        parser.registrar&.to_h
+      rescue ::Whois::AttributeNotImplemented
+        nil
+      end
+      #
+      # Get contacts
+      #
+      # @param [::Whois::Parser] parser
+      #
+      # @return [Array<Hash>, nil]
+      #
+      def get_contacts(parser)
+        parser.contacts.map(&:to_h)
+      rescue ::Whois::AttributeNotImplemented
+        nil
+      end
+    end
+  end
+end

data/lib/mihari/clients/yeti.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module Mihari
+  module Clients
+    #
+    # Yeti API client
+    #
+    class Yeti < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      # @param [Integer, nil] timeout
+      #
+      def initialize(base_url, api_key:, headers: {}, timeout: nil)
+        raise(ArgumentError, "api_key is required") unless api_key
+        headers["x-yeti-apikey"] = api_key
+        super(base_url, headers:, timeout:)
+      end
+      def get_token
+        res = post_json("/api/v2/auth/api-token")
+        res["access_token"]
+      end
+      #
+      # @param [Hash] json
+      #
+      # @return [Hash]
+      #
+      def create_observables(json)
+        token = get_token
+        post_json("/api/v2/observables/bulk", json:, headers: {authorization: "Bearer #{token}"})
+      end
+    end
+  end
+end

data/lib/mihari/clients/zoomeye.rb CHANGED Viewed

@@ -27,14 +27,14 @@ module Mihari
         raise(ArgumentError, "api_key is required") unless api_key
         headers["api-key"] = api_key
-        super(base_url, headers: headers, pagination_interval: pagination_interval, timeout: timeout)
+        super(base_url, headers:, pagination_interval:, timeout:)
       end
       #
       # @return [::HTTP::Client]
       #
       def http
-        @http ||= HTTP::Factory.build(headers: headers, timeout: timeout, raise_exception: false)
+        @http ||= HTTP::Factory.build(headers:, timeout:, raise_exception: false)
       end
       #
@@ -48,11 +48,11 @@ module Mihari
       #
       def host_search(query, page: nil, facets: nil)
         params = {
-          query: query,
-          page: page,
-          facets: facets
+          query:,
+          page:,
+          facets:
         }.compact
-        get_json "/host/search", params: params
+        get_json "/host/search", params:
       end
       #
@@ -65,7 +65,7 @@ module Mihari
       def host_search_with_pagination(query, facets: nil, pagination_limit: Mihari.config.pagination_limit)
         Enumerator.new do |y|
           (1..pagination_limit).each do |page|
-            res = host_search(query, facets: facets, page: page)
+            res = host_search(query, facets:, page:)
             break if res.nil?
@@ -90,11 +90,11 @@ module Mihari
       #
       def web_search(query, page: nil, facets: nil)
         params = {
-          query: query,
-          page: page,
-          facets: facets
+          query:,
+          page:,
+          facets:
         }.compact
-        get_json "/web/search", params: params
+        get_json "/web/search", params:
       end
       #
@@ -107,7 +107,7 @@ module Mihari
       def web_search_with_pagination(query, facets: nil, pagination_limit: Mihari.config.pagination_limit)
         Enumerator.new do |y|
           (1..pagination_limit).each do |page|
-            res = web_search(query, facets: facets, page: page)
+            res = web_search(query, facets:, page:)
             break if res.nil?

data/lib/mihari/commands/alert.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::AlertSearcher.result(filter).value!
               end
             end

data/lib/mihari/commands/artifact.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::ArtifactSearcher.result(filter).value!
               end
             end

data/lib/mihari/commands/rule.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::RuleSearcher.result(filter).value!
               end
             end

data/lib/mihari/commands/tag.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Mihari
               # @return [Mihari::Services::ResultValue]
               #
               def _search(q, page: 1, limit: 10)
-                filter = Structs::Filters::Search.new(q: q, page: page, limit: limit)
+                filter = Structs::Filters::Search.new(q:, page:, limit:)
                 Services::TagSearcher.result(filter).value!
               end
             end

data/lib/mihari/concerns/autonomous_system_normalizable.rb CHANGED Viewed

@@ -16,10 +16,7 @@ module Mihari
       # @return [Integer]
       #
       def normalize_asn(asn)
-        return asn if asn.is_a?(Integer)
-        return asn.to_i unless asn.start_with?("AS")
-        asn.delete_prefix("AS").to_i
+        asn.to_s.delete_prefix("AS").to_i
       end
     end
   end

data/lib/mihari/concerns/configurable.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Mihari
           configuration_keys.map do |key|
             value = Mihari.config.send(key)
             value = "REDACTED" if value && Mihari.config.hide_config_values
-            { key: key.upcase, value: value }
+            {key: key.upcase, value:}
           end
         end

data/lib/mihari/concerns/database_connectable.rb CHANGED Viewed

@@ -8,8 +8,8 @@ module Mihari
     module DatabaseConnectable
       extend ActiveSupport::Concern
-      def with_db_connection(&block)
-        Database.with_db_connection(&block)
+      def with_db_connection(&)
+        Database.with_db_connection(&)
       end
     end
   end

data/lib/mihari/concerns/retriable.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Mihari
         begin
           try += 1
           yield
-        rescue StandardError => e
+        rescue => e
           # Raise error if it's not a retriable error
           raise e unless condition.call(e)

data/lib/mihari/config.rb CHANGED Viewed

@@ -34,6 +34,8 @@ module Mihari
       thehive_url: nil,
       urlscan_api_key: nil,
       virustotal_api_key: nil,
+      yeti_api_key: nil,
+      yeti_url: nil,
       zoomeye_api_key: nil,
       # sidekiq
       sidekiq_redis_url: nil,
@@ -42,7 +44,8 @@ module Mihari
       ignore_error: false,
       pagination_interval: 0,
       pagination_limit: 100,
-      parallel: false,
+      analyzer_parallelism: false,
+      emitter_parallelism: true,
       retry_exponential_backoff: true,
       retry_interval: 5,
       retry_times: 3,
@@ -122,6 +125,12 @@ module Mihari
     # @!attribute [r] virustotal_api_key
     #   @return [String, nil]
+    # @!attribute [r] yeti_url
+    #   @return [String, nil]
+    # @!attribute [r] yeti_api_key
+    #   @return [String, nil]
     # @!attribute [r] zoomeye_api_key
     #   @return [String, nil]
@@ -146,7 +155,10 @@ module Mihari
     # @!attribute [r] pagination_limit
     #   @return [Integer]
-    # @!attribute [r] parallel
+    # @!attribute [r] analyzer_parallelism
+    #   @return [Boolean]
+    # @!attribute [r] emitter_parallelism
     #   @return [Boolean]
     # @!attribute [r] ignore_error

data/lib/mihari/constants.rb CHANGED Viewed

@@ -5,8 +5,8 @@ module Mihari
   DEFAULT_DATA_TYPES = Types::DataTypes.values.freeze
   # @return [Array<Hash>]
-  DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| { emitter: name.downcase } }.freeze
+  DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| {emitter: name.downcase} }.freeze
   # @return [Array<Hash>]
-  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| { enricher: name.downcase } }.freeze
+  DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| {enricher: name.downcase} }.freeze
 end

data/lib/mihari/data_type.rb CHANGED Viewed

@@ -26,9 +26,7 @@ module Mihari
     # @return [Boolean]
     def ip?
-      Try[IPAddr::InvalidAddressError] do
-        IPAddr.new(data).to_s == data
-      end.recover { false }.value!
+      Try[IPAddr::InvalidAddressError] { IPAddr.new(data).to_s == data }.recover { false }.value!
     end
     # @return [Boolean]

data/lib/mihari/emitters/base.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module Mihari
       # @param [Hash, nil] options
       #
       def initialize(rule:, options: nil)
-        super(options: options)
+        super(options:)
         @rule = rule
       end
@@ -23,7 +23,7 @@ module Mihari
       # @return [Boolean]
       #
       def parallel?
-        options[:parallel] || Mihari.config.parallel
+        options[:parallel] || Mihari.config.emitter_parallelism
       end
       # A target to emit the data

data/lib/mihari/emitters/database.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Mihari
       def call(artifacts)
         return if artifacts.empty?
-        alert = Models::Alert.new(artifacts: artifacts, rule_id: rule.id)
+        alert = Models::Alert.new(artifacts:, rule_id: rule.id)
         alert.save
         alert
       end

data/lib/mihari/emitters/misp.rb CHANGED Viewed

@@ -12,6 +12,9 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [Array<String>]
+      attr_reader :attribute_tags
       # @return [Mihari::Rule]
       attr_reader :rule
@@ -24,10 +27,11 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
         @url = params[:url] || Mihari.config.misp_url
         @api_key = params[:api_key] || Mihari.config.misp_api_key
+        @attribute_tags = params[:attribute_tags] || []
         @artifacts = []
       end
@@ -51,7 +55,7 @@ module Mihari
           Event: {
             info: rule.title,
             Attribute: artifacts.map { |artifact| build_attribute(artifact) },
-            Tag: rule.tags.map { |tag| { name: tag } }
+            Tag: rule.tags.map { |tag| {name: tag.name} }
           }
         })
       end
@@ -66,7 +70,7 @@ module Mihari
       private
       def client
-        @client ||= Clients::MISP.new(url, api_key: api_key, timeout: timeout)
+        @client ||= Clients::MISP.new(url, api_key:, timeout:)
       end
       #
@@ -77,7 +81,11 @@ module Mihari
       # @return [Hash]
       #
       def build_attribute(artifact)
-        { value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data) }
+        {
+          value: artifact.data,
+          type: to_misp_type(type: artifact.data_type, value: artifact.data),
+          Tag: attribute_tags.map { |tag| {name: tag} }
+        }
       end
       #

data/lib/mihari/emitters/slack.rb CHANGED Viewed

@@ -30,25 +30,25 @@ module Mihari
       def vt_link
         return nil unless _vt_link
-        { type: "button", text: "VirusTotal", url: _vt_link }
+        {type: "button", text: "VirusTotal", url: _vt_link}
       end
       def urlscan_link
         return nil unless _urlscan_link
-        { type: "button", text: "urlscan.io", url: _urlscan_link }
+        {type: "button", text: "urlscan.io", url: _urlscan_link}
       end
       def censys_link
         return nil unless _censys_link
-        { type: "button", text: "Censys", url: _censys_link }
+        {type: "button", text: "Censys", url: _censys_link}
       end
       def shodan_link
         return nil unless _shodan_link
-        { type: "button", text: "Shodan", url: _shodan_link }
+        {type: "button", text: "Shodan", url: _shodan_link}
       end
       # @return [Array]
@@ -57,7 +57,7 @@ module Mihari
           {
             text: defanged_data,
             fallback: "VT & urlscan.io links",
-            actions: actions
+            actions:
           }
         ]
       end
@@ -140,7 +140,7 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
         @webhook_url = params[:webhook_url] || Mihari.config.slack_webhook_url
         @channel = params[:channel] || Mihari.config.slack_channel || DEFAULT_CHANNEL
@@ -177,9 +177,9 @@ module Mihari
       #
       def notifier
         @notifier ||= lambda do
-          return ::Slack::Notifier.new(webhook_url, channel: channel, username: username) if timeout.nil?
+          return ::Slack::Notifier.new(webhook_url, channel:, username:) if timeout.nil?
-          ::Slack::Notifier.new(webhook_url, channel: channel, username: username, http_options: { timeout: timeout })
+          ::Slack::Notifier.new(webhook_url, channel:, username:, http_options: {timeout:})
         end.call
       end
@@ -215,7 +215,7 @@ module Mihari
         @artifacts = artifacts
-        notifier.post(text: text, attachments: attachments, mrkdwn: true)
+        notifier.post(text:, attachments:, mrkdwn: true)
       end
     end
   end

data/lib/mihari/emitters/the_hive.rb CHANGED Viewed

@@ -9,6 +9,9 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
+      # @return [Array<String>]
+      attr_reader :observable_tags
       # @return [Array<Mihari::Models::Artifact>]
       attr_accessor :artifacts
@@ -18,10 +21,11 @@ module Mihari
       # @param [Hash] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
         @url = params[:url] || Mihari.config.thehive_url
         @api_key = params[:api_key] || Mihari.config.thehive_api_key
+        @observable_tags = params[:observable_tags] || []
         @artifacts = []
       end
@@ -56,7 +60,7 @@ module Mihari
       private
       def client
-        Clients::TheHive.new(url, api_key: api_key, api_version: "v1", timeout: timeout)
+        Clients::TheHive.new(url, api_key:, api_version: "v1", timeout:)
       end
       #
@@ -81,10 +85,11 @@ module Mihari
             {
               data: artifact.data,
               data_type: artifact.data_type,
-              message: rule.description
+              message: rule.description,
+              tags: observable_tags
             }
           end,
-          tags: rule.tags,
+          tags: rule.tags.map(&:name),
           type: "external",
           source: "mihari",
           source_ref: SecureRandom.uuid

data/lib/mihari/emitters/webhook.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Mihari
       # @param [Hash, nil] params
       #
       def initialize(rule:, options: nil, **params)
-        super(rule: rule, options: options)
+        super(rule:, options:)
         @url = Addressable::URI.parse(params[:url])
         @headers = params[:headers] || {}
@@ -75,14 +75,14 @@ module Mihari
         when "GET"
           http.get(url).body.to_s
         when "POST"
-          http.post(url, json: json).body.to_s
+          http.post(url, json:).body.to_s
         end
       end
       private
       def http
-        HTTP::Factory.build headers: headers, timeout: timeout
+        HTTP::Factory.build headers:, timeout:
       end
       #
@@ -91,7 +91,7 @@ module Mihari
       # @return [String]
       #
       def render
-        Services::JbuilderRenderer.call(template, { rule: rule, artifacts: artifacts })
+        Services::JbuilderRenderer.call(template, {rule:, artifacts:})
       end
       #