RubyGems - mihari - Versions diffs - 5.4.9 → 5.5.0 - Mend

mihari 5.4.9 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

checksums.yaml +4 -4
data/docs/analyzers/binaryedge.md +2 -2
data/docs/analyzers/censys.md +3 -3
data/docs/analyzers/circl.md +3 -3
data/docs/analyzers/crtsh.md +2 -2
data/docs/analyzers/dnstwister.md +1 -1
data/docs/analyzers/feed.md +7 -7
data/docs/analyzers/greynoise.md +2 -2
data/docs/analyzers/hunterhow.md +4 -4
data/docs/analyzers/index.md +13 -8
data/docs/analyzers/onyphe.md +2 -2
data/docs/analyzers/otx.md +2 -2
data/docs/analyzers/passivetotal.md +3 -3
data/docs/analyzers/pulsedive.md +2 -2
data/docs/analyzers/securitytrails.md +2 -2
data/docs/analyzers/shodan.md +2 -2
data/docs/analyzers/urlscan.md +2 -2
data/docs/analyzers/virustotal.md +2 -2
data/docs/analyzers/virustotal_intelligence.md +2 -2
data/docs/analyzers/zoomeye.md +3 -3
data/docs/emitters/hive.md +3 -3
data/docs/emitters/index.md +29 -0
data/docs/emitters/misp.md +2 -2
data/docs/emitters/slack.md +2 -2
data/docs/emitters/webhook.md +4 -4
data/docs/enrichers/index.md +29 -0
data/docs/enrichers/ipinfo.md +7 -0
data/docs/index.md +0 -2
data/docs/installation.md +1 -1
data/docs/rule.md +11 -11
data/frontend/package-lock.json +294 -2772
data/frontend/package.json +10 -10
data/lib/mihari/analyzers/base.rb +15 -8
data/lib/mihari/analyzers/binaryedge.rb +5 -1
data/lib/mihari/analyzers/censys.rb +6 -1
data/lib/mihari/analyzers/greynoise.rb +5 -1
data/lib/mihari/analyzers/hunterhow.rb +5 -1
data/lib/mihari/analyzers/onyphe.rb +5 -1
data/lib/mihari/analyzers/rule.rb +43 -7
data/lib/mihari/analyzers/shodan.rb +5 -1
data/lib/mihari/analyzers/urlscan.rb +5 -1
data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -1
data/lib/mihari/analyzers/zoomeye.rb +5 -1
data/lib/mihari/clients/base.rb +7 -7
data/lib/mihari/clients/binaryedge.rb +10 -4
data/lib/mihari/clients/censys.rb +11 -4
data/lib/mihari/clients/greynoise.rb +10 -4
data/lib/mihari/clients/hunterhow.rb +10 -4
data/lib/mihari/clients/misp.rb +3 -2
data/lib/mihari/clients/onyphe.rb +10 -4
data/lib/mihari/clients/shodan.rb +10 -4
data/lib/mihari/clients/the_hive.rb +3 -2
data/lib/mihari/clients/urlscan.rb +9 -3
data/lib/mihari/clients/virustotal.rb +10 -4
data/lib/mihari/clients/zoomeye.rb +11 -5
data/lib/mihari/config.rb +8 -0
data/lib/mihari/emitters/base.rb +49 -12
data/lib/mihari/emitters/misp.rb +7 -6
data/lib/mihari/emitters/slack.rb +24 -6
data/lib/mihari/emitters/the_hive.rb +8 -7
data/lib/mihari/emitters/webhook.rb +31 -29
data/lib/mihari/enrichers/base.rb +53 -16
data/lib/mihari/enrichers/google_public_dns.rb +33 -42
data/lib/mihari/enrichers/ipinfo.rb +32 -34
data/lib/mihari/enrichers/shodan.rb +18 -26
data/lib/mihari/enrichers/whois.rb +121 -111
data/lib/mihari/mixins/retriable.rb +4 -2
data/lib/mihari/models/artifact.rb +37 -23
data/lib/mihari/models/autonomous_system.rb +3 -2
data/lib/mihari/models/cpe.rb +3 -2
data/lib/mihari/models/dns.rb +3 -2
data/lib/mihari/models/geolocation.rb +3 -2
data/lib/mihari/models/port.rb +3 -2
data/lib/mihari/models/reverse_dns.rb +3 -2
data/lib/mihari/models/whois.rb +4 -3
data/lib/mihari/schemas/analyzer.rb +2 -1
data/lib/mihari/schemas/emitter.rb +39 -25
data/lib/mihari/schemas/enricher.rb +28 -2
data/lib/mihari/schemas/rule.rb +6 -2
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
data/lib/mihari/web/public/assets/index-b5d817a3.js +1749 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +400 -400
data/mihari.gemspec +2 -2
data/mkdocs.yml +8 -6
data/requirements.txt +1 -1
metadata +7 -7
data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1075febacca36de11c1285b0c08ef54fb41d3c0c7fe3e3df51b2dff28c597fe4
-  data.tar.gz: 56475aef95d5dd5fda32ef7a8633fc2d064219abdb05706d849f15f998c41db2
+  metadata.gz: 0a0bb32d105b9879fbf87b5bcd5d49a4930cc9e054c42f992bd5c58d883ea8b0
+  data.tar.gz: 0c547d79f1a1950008f4797a743bf84b7bc1b766d693eb9c2e9b93d150ee4cb9
 SHA512:
-  metadata.gz: e18c315a2389a836aff99fd1da1c50749e83d9272a79c1215d22cd649758c3fd6d74dfabc1445d2c1127b18ea100abebd21326766bc2da79cd5c77a9ba27da3d
-  data.tar.gz: 696b2c8d8e045f647f33a25dceec868676f2e04a8a38cc1e55cfe357356e5a5282f6b42085c2a8c4277d7309e47d8724d86c05d63ec8baf8937bd65dc8cf97cd
+  metadata.gz: f9d5217d01e12da402ad9edde9dbeb35c14f6b18061807c48e9e0f6b84419b009b0bbdd4848d3df7302ba4c414c0fe004d7e0ee86a3e9fa29dcaea7bb79b6a8e
+  data.tar.gz: aa353778dc0f9eb1d525c828e7e662531ba1318f8c380a93cd1f0bd7eca8da33dba7915de297695223cf53a7c3de35419f152ae6d1c199382e6aa7e870a629f2

data/docs/analyzers/binaryedge.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.

data/docs/analyzers/censys.md CHANGED Viewed

@@ -20,12 +20,12 @@ secret: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### ID
-`id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
+`id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
 ### Secret
-`secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
+`secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.

data/docs/analyzers/circl.md CHANGED Viewed

@@ -26,12 +26,12 @@ username: ...
 ### Query
-`query` is a domain or SHA1 certificate fingerprint.
+`query` (`string`) is a domain or SHA1 certificate fingerprint.
 ### Username
-`username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
+`username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
 ### Password
-`password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
+`password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.

data/docs/analyzers/crtsh.md CHANGED Viewed

@@ -19,8 +19,8 @@ exclude_expired: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Exclude Expired
-`exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
+`exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.

data/docs/analyzers/dnstwister.md CHANGED Viewed

@@ -18,7 +18,7 @@ query: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 !!! tip

data/docs/analyzers/feed.md CHANGED Viewed

@@ -19,7 +19,7 @@ json: ...
 ### Query
-`query` is a URL of a feed.
+`query` (`string`) is a URL of a feed.
 !!! note
@@ -27,27 +27,27 @@ json: ...
 ### Method
-`method` is an HTTP method. Defaults to `GET`.
+`method` (`string`) is an HTTP method. Defaults to `GET`.
 ### Selector
-`selector` is a `jr` selector.
+`selector` (`string`) is a `jr` selector.
 ### Headers
-`headers` (hash) is an HTTP headers. Optional.
+`headers` (`hash`) is an HTTP headers. Optional.
 ### Params
-`params` (hash) is an HTTP query params. Optional.
+`params` (`hash`) is an HTTP query params. Optional.
 ### Data
-`data` (hash) is an HTTP form data. Optional.
+`data` (`hash`) is an HTTP form data. Optional.
 ### JSON
-`json` (hash) is an JSON body. Optional.
+`json` (`hash`) is an JSON body. Optional.
 ## Examples

data/docs/analyzers/greynoise.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a GNQL search query.
+`query` (`string`) is a GNQL search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.

data/docs/analyzers/hunterhow.md CHANGED Viewed

@@ -21,13 +21,13 @@ end_time: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Start/End Time
-- `start_time` (date): Only show results after the given date.
-- `end_time` (date): Only show results after the given date.
+- `start_time` (`date`): Only show results after the given date.
+- `end_time` (`date`): Only show results after the given date.
 ### API key
-`api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.

data/docs/analyzers/index.md CHANGED Viewed

@@ -27,39 +27,44 @@ analyzer: ...
 query: ...
 options:
   timeout: ...
-  interval: ...
+  pagination_interval: ...
   pagination_limit: ...
   retry_times: ...
   retry_interval: ...
+  retry_exponential_backoff: ...
   ignore_error: ...
 ```
 ### Timeout
-`timeout` is an HTTP timeout in seconds. Optional.
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
-### Interval
+### Pagination Interval
-`interval` is an interval in seconds between pagination. (If an analyzer does pagination). Optional.
+`pagination_interval` (`integer`) is an interval in seconds between pagination. Optional. Defaults to 0.
 ### Pagination Limit
-`pagination_limit` is an limit for pagination. Defaults to 100.
+`pagination_limit` (`integer`) is an limit for pagination. Optional. Defaults to 100.
 In the worst case, if something wrong with Mihari or a service, Mihari can drain API quota by doing pagination forever.
 `pagination_limit` is a safety valve for that. A number of pagination is limited as `pagination_limit` times.
 ### Retry Times
-`retry_times` is a number of times of retry when something goes wrong. Defaults to 3.
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
 ### Retry Interval
-`retry_interval` is an interval in seconds between retries. Defaults to 5.
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
 ### Ignore Error
-`ignore_error` controls whether to ignore an error or not. Defaults to `false`.
+`ignore_error` (`bool`) controls whether to ignore an error or not. Optional. Defaults to `false`.
 Mihari uses fail-fast approach. For example, if Shodan returns an error, the Censys query next is not triggered because Mihari raises an error before it.

data/docs/analyzers/onyphe.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.

data/docs/analyzers/otx.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.

data/docs/analyzers/passivetotal.md CHANGED Viewed

@@ -33,7 +33,7 @@ api_key: ...
 ### Query
-`query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
+`query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
 - Passive DNS: Domain, IP Address
 - Passive SSL: SHA1 certificate fingerprint
@@ -41,8 +41,8 @@ api_key: ...
 ### Username
-`username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
+`username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.

data/docs/analyzers/pulsedive.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.

data/docs/analyzers/securitytrails.md CHANGED Viewed

@@ -30,8 +30,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
+`query` (`string`) is a passive DNS search/reverse whois query. Domain, IP address or mail.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.

data/docs/analyzers/shodan.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.

data/docs/analyzers/urlscan.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.

data/docs/analyzers/virustotal.md CHANGED Viewed

@@ -32,8 +32,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/virustotal_intelligence.md CHANGED Viewed

@@ -22,8 +22,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/zoomeye.md CHANGED Viewed

@@ -22,12 +22,12 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Type
-`type` determines a search type. `web` or `host`.
+`type` (`string`) determines a search type. `web` or `host`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.

data/docs/emitters/hive.md CHANGED Viewed

@@ -15,12 +15,12 @@ api_version: ...
 ### URL
-`url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
+`url` (`string`) is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
 ### API Version
-`api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
+`api_version` (`string`) is a version of The Hive API. Optional. `v4` or `v5`. Defaults to `ENV[”THEHIVE_API_VERSION”]`.

data/docs/emitters/index.md CHANGED Viewed

@@ -5,3 +5,32 @@
 - [MISP](misp.md)
 - [Slack](slack.md)
 - [Webhook](webhook.md)
+## Options
+All the emitters can have optional `options`.
+```yaml
+emitter: ...
+options:
+  timeout: ...
+  retry_times: ...
+  retry_interval: ...
+  retry_exponential_backoff: ...
+```
+### Timeout
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
+### Retry Times
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
+### Retry Interval
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.

data/docs/emitters/misp.md CHANGED Viewed

@@ -14,8 +14,8 @@ api_key: ...
 ### URL
-`url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
+`url` (`string`) is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.

data/docs/emitters/slack.md CHANGED Viewed

@@ -19,8 +19,8 @@ channel: ...
 ### Webhook URL
-`url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
+`url` (`string`) is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
 ### API Key
-`channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
+`channel` (`string`) is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.

data/docs/emitters/webhook.md CHANGED Viewed

@@ -14,19 +14,19 @@ template: ...
 ### URL
-`url` is a webhook URL.
+`url` (`string`) is a webhook URL.
 ### Method
-`method` is an HTTP method. Optional. Defaults to `POST`.
+`method` (`string`)is an HTTP method. Optional. Defaults to `POST`.
 ### Headers
-`headers` (hash) is HTTP headers. Optional.
+`headers` (`hash`) are HTTP headers. Optional.
 ### Template
-`template` is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
+`template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
 You can use the following parameters inside an ERB template.

data/docs/enrichers/index.md CHANGED Viewed

@@ -4,3 +4,32 @@
 - [IPInfo](ipinfo.md)
 - [Shodan](shodan.md)
 - [Whois](whois.md)
+## Options
+All the emitters can have optional `options`.
+```yaml
+enricher: ...
+options:
+  timeout: ...
+  retry_times: ...
+  retry_interval: ...
+  retry_exponential_backoff: ...
+```
+### Timeout
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
+### Retry Times
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
+### Retry Interval
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.

data/docs/enrichers/ipinfo.md CHANGED Viewed

@@ -12,8 +12,15 @@ This enricher uses ipinfo.io API to enrich an IP artifact.
 ```yaml
 enricher: ipinfo
+api_key: ...
 ```
+## Components
+### API Key
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”IPINFO_API_KEY”]`.
 ## Supported Artifacts
 - IP address

data/docs/index.md CHANGED Viewed

@@ -9,5 +9,3 @@ Mihari can aggregate multiple searches across multiple services in a single rule
 - [How to Write a Rule](./rule.md)
 - [Usage](./usage.md)
 - [Configuration](./configuration.md)
-- [GitHub Actions](./github_actions.md)
-- [Alternatives](./alternatives.md)

data/docs/installation.md CHANGED Viewed

@@ -2,7 +2,7 @@
 ## Ruby Gem
-Mihari is packaged as a Ruby Gem.
+Mihari is packaged as a Ruby Gem. Thus you can install it via `gem` command.
 ```bash
 gem install mihari

data/docs/rule.md CHANGED Viewed

@@ -68,36 +68,36 @@ falsepositives: []
 ### ID
-`id` is an unique ID of a rule. UUID v4 is recommended.
+`id` (`string`) is an unique ID of a rule. UUID v4 is recommended.
 ### Title
-`title` is a title of a rule.
+`title` (`string`) is a title of a rule.
 ### Description
-`description` is a short description of a rule.
+`description` (`string`) is a short description of a rule.
 ### Created/Updated On
-`created_on` is a date of a rule creation. Optional.
+`created_on` (`date`) is a date of a rule creation. Optional.
 Also a rule can have `updated_on` that is a date of a rule modification. Optional.
 ### Tags
-`tags` is a list of tags of a rule.
+`tags` (`array[:string]`) is a list of tags of a rule.
 ### Author
-`author` is an author of a rule. Optional.
+`author` (`string`) is an author of a rule. Optional.
 ### References
-`references` is a list of a references of a rule. Optional.
+`references` (`array[:string]`) is a list of a references of a rule. Optional.
 ### Related
-`related` is a list of related rule IDs. Optional.
+`related` (`array[:string]`) is a list of related rule IDs. Optional.
 ### Queries
@@ -130,7 +130,7 @@ Defaults to:
 ### Data Types
-`data_types` is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
+`data_types` (`array[:string]`) is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
 Defaults to:
@@ -142,11 +142,11 @@ Defaults to:
 ### False positives
-`falsepositives` is a list of false positive values. A string or regexp can be used in here.
+`falsepositives` (`array[:string]`) is a list of false positive values. A string or regexp can be used in here.
 ### Artifact TTL
-`artifact_ttl` (alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
+`artifact_ttl` (`integer` / alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
 Mihari rejects a same artifact in a same rule in general.