Class: Mihari::Analyzers::BinaryEdge

Inherits:
Base
  • Object
show all
Defined in:
lib/mihari/analyzers/binaryedge.rb

Instance Attribute Summary collapse

Attributes inherited from Base

#ignore_old_artifacts, #ignore_threshold

Instance Method Summary collapse

Methods inherited from Base

inherited, #run, #run_emitter, #source

Methods included from Retriable

#retry_on_error

Methods included from Configurable

#configuration_values, #configured?

Constructor Details

#initialize(query, title: nil, description: nil, tags: []) ⇒ BinaryEdge

Returns a new instance of BinaryEdge.



10
11
12
13
14
15
16
17
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 10

def initialize(query, title: nil, description: nil, tags: [])
  super()

  @query = query
  @title = title || "BinaryEdge lookup"
  @description = description || "query = #{query}"
  @tags = tags
end

Instance Attribute Details

#descriptionObject (readonly)

Returns the value of attribute description.



8
9
10
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 8

def description
  @description
end

#queryObject (readonly)

Returns the value of attribute query.



8
9
10
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 8

def query
  @query
end

#tagsObject (readonly)

Returns the value of attribute tags.



8
9
10
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 8

def tags
  @tags
end

#titleObject (readonly)

Returns the value of attribute title.



8
9
10
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 8

def title
  @title
end

Instance Method Details

#artifactsObject 



19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/mihari/analyzers/binaryedge.rb', line 19

def artifacts
  results = search
  return [] unless results || results.empty?

  results.map do |result|
    events = result["events"] || []
    events.map do |event|
      event.dig "target", "ip"
    end.compact
  end.flatten.compact.uniq
end