Hachi
Hachi(蜂
) is a dead simple TheHive API wrapper for Ruby.
Installation
gem install hachi
Usage
require "hachi"
api = Hachi::API.new
api = Hachi::API.new(api_endpoint: "http://your_api_endpoint", api_key: "yoru_api_key")
api.alert.list
api.artifact.search(data: "1.1.1.1", data_type: "ip")
api.artifact.search(data: %w(1.1.1.1 8.8.8.8 github.com))
See samples
for more.
Implemented methods
Alert
HTTP Method |
URI |
Action |
API method |
GET |
/api/alert |
List alerts |
#api.alert.list |
POST |
/api/alert/_search |
Find alerts |
#api.alert.search(attributes, range: "all") |
PATCH |
/api/alert/_bulk |
Update alerts in bulk |
N/A |
POST |
/api/alert/_stats |
Compute stats on alerts |
N/A |
POST |
/api/alert |
Create an alert |
#api.alert.create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil) |
GET |
/api/alert/:alertId |
Get an alert |
#api.alert.get_by_id(id) |
PATCH |
/api/alert/:alertId |
Update an alert |
#api.alert.update(id, title:, description:, severity: nil, tags: nil, tlp: nil, artifacts: nil) |
DELETE |
/api/alert/:alertId |
Delete an alert |
#api.alert.delete_by_id(id) |
POST |
/api/alert/:alertId/markAsRead |
Mark an alert as read |
#api.alert.mark_as_read(id) |
POST |
/api/alert/:alertId/markAsUnread |
Mark an alert as unread |
#api.alert.mark_as_unread(id) |
POST |
/api/alert/:alertId/createCase |
Create a case from an alert |
#api.alert.promote_to_case(id) |
POST |
/api/alert/:alertId/follow |
Follow an alert |
N/A |
POST |
/api/alert/:alertId/unfollow |
Unfollow an alert |
N/A |
POST |
/api/alert/:alertId/merge/:caseId |
Merge an alert in a case |
#api.alert.merge_into_case(*ids, case_id) |
Artifact(Observable)
HTTP Method |
URI |
Action |
API method |
POST |
/api/case/artifact/_search |
Find observables |
#api.artifact.search(attributes, range: "all") |
POST |
/api/case/artifact/_stats |
Compute stats on observables |
N/A |
POST |
/api/case/:caseId/artifact |
Create an observable |
#api.artifact.create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil) |
GET |
/api/case/artifact/:artifactId |
Get an observable |
#api.artifact.get_by_id(id) |
DELETE |
/api/case/artifact/:artifactId |
Remove an observable |
#api.artifact.delete_by_id(id) |
PATCH |
/api/case/artifact/:artifactId |
Update an observable |
N/A |
GET |
/api/case/artifact/:artifactId/similar |
Get list of similar observables |
#api.artifact.similar(id) |
PATCH |
/api/case/artifact/_bulk |
Update observables in bulk |
N/A |
Case
HTTP Method |
URI |
Action |
API method |
GET |
/api/case |
List cases |
#api.case.list |
POST |
/api/case/_search |
Find cases |
#api.case.search(attributes, range: "all") |
PATCH |
/api/case/_bulk |
Update cases in bulk |
N/A |
POST |
/api/case/_stats |
Compute stats on cases |
N/A |
POST |
/api/case |
Create a case |
#api.case.create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil) |
GET |
/api/case/:caseId |
Get a case |
#api.case.get_by_id(id) |
PATCH |
/api/case/:caseId |
Update a case |
N/A |
DELETE |
/api/case/:caseId |
Remove a case |
#api.case.delete_by_id(id) |
GET |
/api/case/:caseId/links |
Get list of cases linked to this case |
#api.case.links(id) |
POST |
/api/case/:caseId1/_merge/:caseId2 |
Merge two cases |
#api.case.merge(id1, id2) |
User
HTTP Method |
URI |
Action |
API method |
GET |
/api/logout |
Logout |
N/A |
POST |
/api/login |
User login |
N/A |
GET |
/api/user/current |
Get current user |
#api.user.current |
POST |
/api/user/_search |
Find user |
N/A |
POST |
/api/user |
Create a user |
#api.user.create(login:, name:, roles:, password:) |
GET |
/api/user/:userId |
Get a user |
#api.user.get_by_id(id) |
DELETE |
/api/user/:userId |
Delete a case |
#api.user.delete_by_id(id) |
PATCH |
/api/user/:userId |
Update user details |
N/A |
POST |
/api/user/:userId/password/set |
Set password |
N/A |
POST |
/api/user/:userId/password/change |
Change password |
N/A |
License
The gem is available as open source under the terms of the MIT License.