RubyGems - mihari - Versions diffs - 5.4.9 → 5.5.0 - Mend

mihari 5.4.9 → 5.5.0

Files changed (89) hide show

checksums.yaml +4 -4
data/docs/analyzers/binaryedge.md +2 -2
data/docs/analyzers/censys.md +3 -3
data/docs/analyzers/circl.md +3 -3
data/docs/analyzers/crtsh.md +2 -2
data/docs/analyzers/dnstwister.md +1 -1
data/docs/analyzers/feed.md +7 -7
data/docs/analyzers/greynoise.md +2 -2
data/docs/analyzers/hunterhow.md +4 -4
data/docs/analyzers/index.md +13 -8
data/docs/analyzers/onyphe.md +2 -2
data/docs/analyzers/otx.md +2 -2
data/docs/analyzers/passivetotal.md +3 -3
data/docs/analyzers/pulsedive.md +2 -2
data/docs/analyzers/securitytrails.md +2 -2
data/docs/analyzers/shodan.md +2 -2
data/docs/analyzers/urlscan.md +2 -2
data/docs/analyzers/virustotal.md +2 -2
data/docs/analyzers/virustotal_intelligence.md +2 -2
data/docs/analyzers/zoomeye.md +3 -3
data/docs/emitters/hive.md +3 -3
data/docs/emitters/index.md +29 -0
data/docs/emitters/misp.md +2 -2
data/docs/emitters/slack.md +2 -2
data/docs/emitters/webhook.md +4 -4
data/docs/enrichers/index.md +29 -0
data/docs/enrichers/ipinfo.md +7 -0
data/docs/index.md +0 -2
data/docs/installation.md +1 -1
data/docs/rule.md +11 -11
data/frontend/package-lock.json +294 -2772
data/frontend/package.json +10 -10
data/lib/mihari/analyzers/base.rb +15 -8
data/lib/mihari/analyzers/binaryedge.rb +5 -1
data/lib/mihari/analyzers/censys.rb +6 -1
data/lib/mihari/analyzers/greynoise.rb +5 -1
data/lib/mihari/analyzers/hunterhow.rb +5 -1
data/lib/mihari/analyzers/onyphe.rb +5 -1
data/lib/mihari/analyzers/rule.rb +43 -7
data/lib/mihari/analyzers/shodan.rb +5 -1
data/lib/mihari/analyzers/urlscan.rb +5 -1
data/lib/mihari/analyzers/virustotal_intelligence.rb +5 -1
data/lib/mihari/analyzers/zoomeye.rb +5 -1
data/lib/mihari/clients/base.rb +7 -7
data/lib/mihari/clients/binaryedge.rb +10 -4
data/lib/mihari/clients/censys.rb +11 -4
data/lib/mihari/clients/greynoise.rb +10 -4
data/lib/mihari/clients/hunterhow.rb +10 -4
data/lib/mihari/clients/misp.rb +3 -2
data/lib/mihari/clients/onyphe.rb +10 -4
data/lib/mihari/clients/shodan.rb +10 -4
data/lib/mihari/clients/the_hive.rb +3 -2
data/lib/mihari/clients/urlscan.rb +9 -3
data/lib/mihari/clients/virustotal.rb +10 -4
data/lib/mihari/clients/zoomeye.rb +11 -5
data/lib/mihari/config.rb +8 -0
data/lib/mihari/emitters/base.rb +49 -12
data/lib/mihari/emitters/misp.rb +7 -6
data/lib/mihari/emitters/slack.rb +24 -6
data/lib/mihari/emitters/the_hive.rb +8 -7
data/lib/mihari/emitters/webhook.rb +31 -29
data/lib/mihari/enrichers/base.rb +53 -16
data/lib/mihari/enrichers/google_public_dns.rb +33 -42
data/lib/mihari/enrichers/ipinfo.rb +32 -34
data/lib/mihari/enrichers/shodan.rb +18 -26
data/lib/mihari/enrichers/whois.rb +121 -111
data/lib/mihari/mixins/retriable.rb +4 -2
data/lib/mihari/models/artifact.rb +37 -23
data/lib/mihari/models/autonomous_system.rb +3 -2
data/lib/mihari/models/cpe.rb +3 -2
data/lib/mihari/models/dns.rb +3 -2
data/lib/mihari/models/geolocation.rb +3 -2
data/lib/mihari/models/port.rb +3 -2
data/lib/mihari/models/reverse_dns.rb +3 -2
data/lib/mihari/models/whois.rb +4 -3
data/lib/mihari/schemas/analyzer.rb +2 -1
data/lib/mihari/schemas/emitter.rb +39 -25
data/lib/mihari/schemas/enricher.rb +28 -2
data/lib/mihari/schemas/rule.rb +6 -2
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/ip_addresses.rb +1 -1
data/lib/mihari/web/public/assets/index-b5d817a3.js +1749 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +400 -400
data/mihari.gemspec +2 -2
data/mkdocs.yml +8 -6
data/requirements.txt +1 -1
metadata +7 -7
data/lib/mihari/web/public/assets/index-a92abd57.js +0 -1740

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1075febacca36de11c1285b0c08ef54fb41d3c0c7fe3e3df51b2dff28c597fe4
-  data.tar.gz: 56475aef95d5dd5fda32ef7a8633fc2d064219abdb05706d849f15f998c41db2
+  metadata.gz: 0a0bb32d105b9879fbf87b5bcd5d49a4930cc9e054c42f992bd5c58d883ea8b0
+  data.tar.gz: 0c547d79f1a1950008f4797a743bf84b7bc1b766d693eb9c2e9b93d150ee4cb9
 SHA512:
-  metadata.gz: e18c315a2389a836aff99fd1da1c50749e83d9272a79c1215d22cd649758c3fd6d74dfabc1445d2c1127b18ea100abebd21326766bc2da79cd5c77a9ba27da3d
-  data.tar.gz: 696b2c8d8e045f647f33a25dceec868676f2e04a8a38cc1e55cfe357356e5a5282f6b42085c2a8c4277d7309e47d8724d86c05d63ec8baf8937bd65dc8cf97cd
+  metadata.gz: f9d5217d01e12da402ad9edde9dbeb35c14f6b18061807c48e9e0f6b84419b009b0bbdd4848d3df7302ba4c414c0fe004d7e0ee86a3e9fa29dcaea7bb79b6a8e
+  data.tar.gz: aa353778dc0f9eb1d525c828e7e662531ba1318f8c380a93cd1f0bd7eca8da33dba7915de297695223cf53a7c3de35419f152ae6d1c199382e6aa7e870a629f2

data/docs/analyzers/binaryedge.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.

data/docs/analyzers/censys.md CHANGED Viewed

@@ -20,12 +20,12 @@ secret: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### ID
-`id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
+`id` (`string`) is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
 ### Secret
-`secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.
+`secret` (`string`) is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.

data/docs/analyzers/circl.md CHANGED Viewed

@@ -26,12 +26,12 @@ username: ...
 ### Query
-`query` is a domain or SHA1 certificate fingerprint.
+`query` (`string`) is a domain or SHA1 certificate fingerprint.
 ### Username
-`username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
+`username` (`string`) is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
 ### Password
-`password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.
+`password` (`string`) is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.

data/docs/analyzers/crtsh.md CHANGED Viewed

@@ -19,8 +19,8 @@ exclude_expired: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Exclude Expired
-`exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.
+`exclude_expired` (`boolean`) determines whether to exclude expired domains or not. Optional. Defaults to `true`.

data/docs/analyzers/dnstwister.md CHANGED Viewed

@@ -18,7 +18,7 @@ query: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 !!! tip

data/docs/analyzers/feed.md CHANGED Viewed

@@ -19,7 +19,7 @@ json: ...
 ### Query
-`query` is a URL of a feed.
+`query` (`string`) is a URL of a feed.
 !!! note
@@ -27,27 +27,27 @@ json: ...
 ### Method
-`method` is an HTTP method. Defaults to `GET`.
+`method` (`string`) is an HTTP method. Defaults to `GET`.
 ### Selector
-`selector` is a `jr` selector.
+`selector` (`string`) is a `jr` selector.
 ### Headers
-`headers` (hash) is an HTTP headers. Optional.
+`headers` (`hash`) is an HTTP headers. Optional.
 ### Params
-`params` (hash) is an HTTP query params. Optional.
+`params` (`hash`) is an HTTP query params. Optional.
 ### Data
-`data` (hash) is an HTTP form data. Optional.
+`data` (`hash`) is an HTTP form data. Optional.
 ### JSON
-`json` (hash) is an JSON body. Optional.
+`json` (`hash`) is an JSON body. Optional.
 ## Examples

data/docs/analyzers/greynoise.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a GNQL search query.
+`query` (`string`) is a GNQL search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.

data/docs/analyzers/hunterhow.md CHANGED Viewed

@@ -21,13 +21,13 @@ end_time: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Start/End Time
-- `start_time` (date): Only show results after the given date.
-- `end_time` (date): Only show results after the given date.
+- `start_time` (`date`): Only show results after the given date.
+- `end_time` (`date`): Only show results after the given date.
 ### API key
-`api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.

data/docs/analyzers/index.md CHANGED Viewed

@@ -27,39 +27,44 @@ analyzer: ...
 query: ...
 options:
   timeout: ...
-  interval: ...
+  pagination_interval: ...
   pagination_limit: ...
   retry_times: ...
   retry_interval: ...
+  retry_exponential_backoff: ...
   ignore_error: ...
 ```
 ### Timeout
-`timeout` is an HTTP timeout in seconds. Optional.
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
-### Interval
+### Pagination Interval
-`interval` is an interval in seconds between pagination. (If an analyzer does pagination). Optional.
+`pagination_interval` (`integer`) is an interval in seconds between pagination. Optional. Defaults to 0.
 ### Pagination Limit
-`pagination_limit` is an limit for pagination. Defaults to 100.
+`pagination_limit` (`integer`) is an limit for pagination. Optional. Defaults to 100.
 In the worst case, if something wrong with Mihari or a service, Mihari can drain API quota by doing pagination forever.
 `pagination_limit` is a safety valve for that. A number of pagination is limited as `pagination_limit` times.
 ### Retry Times
-`retry_times` is a number of times of retry when something goes wrong. Defaults to 3.
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
 ### Retry Interval
-`retry_interval` is an interval in seconds between retries. Defaults to 5.
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.
 ### Ignore Error
-`ignore_error` controls whether to ignore an error or not. Defaults to `false`.
+`ignore_error` (`bool`) controls whether to ignore an error or not. Optional. Defaults to `false`.
 Mihari uses fail-fast approach. For example, if Shodan returns an error, the Censys query next is not triggered because Mihari raises an error before it.

data/docs/analyzers/onyphe.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.

data/docs/analyzers/otx.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.

data/docs/analyzers/passivetotal.md CHANGED Viewed

@@ -33,7 +33,7 @@ api_key: ...
 ### Query
-`query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
+`query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
 - Passive DNS: Domain, IP Address
 - Passive SSL: SHA1 certificate fingerprint
@@ -41,8 +41,8 @@ api_key: ...
 ### Username
-`username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
+`username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.

data/docs/analyzers/pulsedive.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.

data/docs/analyzers/securitytrails.md CHANGED Viewed

@@ -30,8 +30,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
+`query` (`string`) is a passive DNS search/reverse whois query. Domain, IP address or mail.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.

data/docs/analyzers/shodan.md CHANGED Viewed

@@ -19,8 +19,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.

data/docs/analyzers/urlscan.md CHANGED Viewed

@@ -21,8 +21,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.

data/docs/analyzers/virustotal.md CHANGED Viewed

@@ -32,8 +32,8 @@ api_key: ...
 ### Query
-`query` is a passive DNS search query. Domain or IP address.
+`query` (`string`) is a passive DNS search query. Domain or IP address.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/virustotal_intelligence.md CHANGED Viewed

@@ -22,8 +22,8 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/zoomeye.md CHANGED Viewed

@@ -22,12 +22,12 @@ api_key: ...
 ### Query
-`query` is a search query.
+`query` (`string`) is a search query.
 ### Type
-`type` determines a search type. `web` or `host`.
+`type` (`string`) determines a search type. `web` or `host`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.

data/docs/emitters/hive.md CHANGED Viewed

@@ -15,12 +15,12 @@ api_version: ...
 ### URL
-`url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
+`url` (`string`) is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
 ### API Version
-`api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.
+`api_version` (`string`) is a version of The Hive API. Optional. `v4` or `v5`. Defaults to `ENV[”THEHIVE_API_VERSION”]`.

data/docs/emitters/index.md CHANGED Viewed

@@ -5,3 +5,32 @@
 - [MISP](misp.md)
 - [Slack](slack.md)
 - [Webhook](webhook.md)
+## Options
+All the emitters can have optional `options`.
+```yaml
+emitter: ...
+options:
+  timeout: ...
+  retry_times: ...
+  retry_interval: ...
+  retry_exponential_backoff: ...
+```
+### Timeout
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
+### Retry Times
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
+### Retry Interval
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.

data/docs/emitters/misp.md CHANGED Viewed

@@ -14,8 +14,8 @@ api_key: ...
 ### URL
-`url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
+`url` (`string`) is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
 ### API Key
-`api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.

data/docs/emitters/slack.md CHANGED Viewed

@@ -19,8 +19,8 @@ channel: ...
 ### Webhook URL
-`url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
+`url` (`string`) is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
 ### API Key
-`channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.
+`channel` (`string`) is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.

data/docs/emitters/webhook.md CHANGED Viewed

@@ -14,19 +14,19 @@ template: ...
 ### URL
-`url` is a webhook URL.
+`url` (`string`) is a webhook URL.
 ### Method
-`method` is an HTTP method. Optional. Defaults to `POST`.
+`method` (`string`)is an HTTP method. Optional. Defaults to `POST`.
 ### Headers
-`headers` (hash) is HTTP headers. Optional.
+`headers` (`hash`) are HTTP headers. Optional.
 ### Template
-`template` is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
+`template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.
 You can use the following parameters inside an ERB template.

data/docs/enrichers/index.md CHANGED Viewed

@@ -4,3 +4,32 @@
 - [IPInfo](ipinfo.md)
 - [Shodan](shodan.md)
 - [Whois](whois.md)
+## Options
+All the emitters can have optional `options`.
+```yaml
+enricher: ...
+options:
+  timeout: ...
+  retry_times: ...
+  retry_interval: ...
+  retry_exponential_backoff: ...
+```
+### Timeout
+`timeout` (`integer`) is an HTTP timeout in seconds. Optional.
+### Retry Times
+`retry_times` (`integer`) is a number of times of retry when something goes wrong. Optional. Defaults to 3.
+### Retry Interval
+`retry_interval` (`integer`) is an interval in seconds between retries. Optional. Defaults to 5.
+### Retry Exponential Backoff
+`retry_exponential_backoff` (`bool`) controls whether to do exponential backoff. Optional. Defaults to `true`.

data/docs/enrichers/ipinfo.md CHANGED Viewed

@@ -12,8 +12,15 @@ This enricher uses ipinfo.io API to enrich an IP artifact.
 ```yaml
 enricher: ipinfo
+api_key: ...
 ```
+## Components
+### API Key
+`api_key` (`string`) is an API key. Optional. Defaults to `ENV[”IPINFO_API_KEY”]`.
 ## Supported Artifacts
 - IP address

data/docs/index.md CHANGED Viewed

@@ -9,5 +9,3 @@ Mihari can aggregate multiple searches across multiple services in a single rule
 - [How to Write a Rule](./rule.md)
 - [Usage](./usage.md)
 - [Configuration](./configuration.md)
-- [GitHub Actions](./github_actions.md)
-- [Alternatives](./alternatives.md)

data/docs/installation.md CHANGED Viewed

@@ -2,7 +2,7 @@
 ## Ruby Gem
-Mihari is packaged as a Ruby Gem.
+Mihari is packaged as a Ruby Gem. Thus you can install it via `gem` command.
 ```bash
 gem install mihari

data/docs/rule.md CHANGED Viewed

@@ -68,36 +68,36 @@ falsepositives: []
 ### ID
-`id` is an unique ID of a rule. UUID v4 is recommended.
+`id` (`string`) is an unique ID of a rule. UUID v4 is recommended.
 ### Title
-`title` is a title of a rule.
+`title` (`string`) is a title of a rule.
 ### Description
-`description` is a short description of a rule.
+`description` (`string`) is a short description of a rule.
 ### Created/Updated On
-`created_on` is a date of a rule creation. Optional.
+`created_on` (`date`) is a date of a rule creation. Optional.
 Also a rule can have `updated_on` that is a date of a rule modification. Optional.
 ### Tags
-`tags` is a list of tags of a rule.
+`tags` (`array[:string]`) is a list of tags of a rule.
 ### Author
-`author` is an author of a rule. Optional.
+`author` (`string`) is an author of a rule. Optional.
 ### References
-`references` is a list of a references of a rule. Optional.
+`references` (`array[:string]`) is a list of a references of a rule. Optional.
 ### Related
-`related` is a list of related rule IDs. Optional.
+`related` (`array[:string]`) is a list of related rule IDs. Optional.
 ### Queries
@@ -130,7 +130,7 @@ Defaults to:
 ### Data Types
-`data_types` is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
+`data_types` (`array[:string]`) is a list of data (artifact) types to allow by a rule. Types not defined in here will be automatically rejected.
 Defaults to:
@@ -142,11 +142,11 @@ Defaults to:
 ### False positives
-`falsepositives` is a list of false positive values. A string or regexp can be used in here.
+`falsepositives` (`array[:string]`) is a list of false positive values. A string or regexp can be used in here.
 ### Artifact TTL
-`artifact_ttl` (alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
+`artifact_ttl` (`integer` / alias: `artifact_lifetime`) is an integer value of artifact TTL (Time-To-Live) in seconds.
 Mihari rejects a same artifact in a same rule in general.