class Mihari::Emitters::MISP
Public Class Methods
new()
click to toggle source
Calls superclass method
# File lib/mihari/emitters/misp.rb, line 9 def initialize super() ::MISP.configure do |config| config.api_endpoint = Mihari.config.misp_api_endpoint config.api_key = Mihari.config.misp_api_key end end
Public Instance Methods
emit(title:, artifacts:, tags: [], **_options)
click to toggle source
# File lib/mihari/emitters/misp.rb, line 23 def emit(title:, artifacts:, tags: [], **_options) return if artifacts.empty? event = ::MISP::Event.new(info: title) artifacts.each do |artifact| event.attributes << build_attribute(artifact) end tags.each do |tag| event.add_tag name: tag end event.create end
valid?()
click to toggle source
@return [Boolean]
# File lib/mihari/emitters/misp.rb, line 19 def valid? api_endpoint? && api_key? && ping? end
Private Instance Methods
api_endpoint?()
click to toggle source
Check whether an API endpoint is set or not
@return [Boolean]
# File lib/mihari/emitters/misp.rb, line 102 def api_endpoint? api_endpoint = ::MISP.configuration.api_endpoint !api_endpoint.nil? && !api_endpoint.empty? end
api_key?()
click to toggle source
Check whether an API key is set or not
@return [Boolean]
# File lib/mihari/emitters/misp.rb, line 112 def api_key? api_key = ::MISP.configuration.api_key !api_key.nil? && !api_key.empty? end
build_attribute(artifact)
click to toggle source
Build a MISP
attribute
@param [Mihari::Artifact] artifact
@return [::MISP::Attribute] <description>
# File lib/mihari/emitters/misp.rb, line 52 def build_attribute(artifact) ::MISP::Attribute.new(value: artifact.data, type: to_misp_type(type: artifact.data_type, value: artifact.data)) end
configuration_keys()
click to toggle source
# File lib/mihari/emitters/misp.rb, line 41 def configuration_keys %w[misp_api_endpoint misp_api_key] end
hash_type(value)
click to toggle source
Get a type of a hash
@param [String] value
@return [String]
# File lib/mihari/emitters/misp.rb, line 63 def hash_type(value) case value.length when 32 "md5" when 40 "sha1" when 64 "sha256" when 128 "sha512" end end
ping?()
click to toggle source
Check whether an API endpoint is reachable or not
@return [Boolean]
# File lib/mihari/emitters/misp.rb, line 122 def ping? base_url = ::MISP.configuration.api_endpoint base_url = base_url.end_with?("/") ? base_url[0..-2] : base_url url = "#{base_url}/users/login" http = Net::Ping::HTTP.new(url) http.ping? end
to_misp_type(type:, value:)
click to toggle source
Convert a type to a MISP
type
@param [String] type @param [String] value
@return [String]
# File lib/mihari/emitters/misp.rb, line 84 def to_misp_type(type:, value:) type = type.to_sym table = { ip: "ip-dst", mail: "email-dst", url: "url", domain: "domain" } return table[type] if table.key?(type) hash_type value end