Class: Mihari::Analyzers::Base

Inherits:
Object
  • Object
show all
Extended by:
Dry::Initializer
Includes:
Mixins::AutonomousSystem, Mixins::Configurable, Mixins::Database, Mixins::Retriable
Defined in:
lib/mihari/analyzers/base.rb

Constant Summary

Constants included from Mixins::Retriable

Mixins::Retriable::DEFAULT_ON

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Mixins::Retriable

#retry_on_error

Methods included from Mixins::Database

#with_db_connection

Methods included from Mixins::Configurable

#configuration_keys, #configuration_values, #configured?

Methods included from Mixins::AutonomousSystem

#normalize_asn

Constructor Details

#initialize(*args, **kwargs) ⇒ Base

Returns a new instance of Base.



15
16
17
18
19
20
 
# File 'lib/mihari/analyzers/base.rb', line 15

def initialize(*args, **kwargs)
  super

  @ignore_old_artifacts = false
  @ignore_threshold = 0
end

Instance Attribute Details

#ignore_old_artifactsObject

Returns the value of attribute ignore_old_artifacts.



13
14
15
 
# File 'lib/mihari/analyzers/base.rb', line 13

def ignore_old_artifacts
  @ignore_old_artifacts
end

#ignore_thresholdObject

Returns the value of attribute ignore_threshold.



13
14
15
 
# File 'lib/mihari/analyzers/base.rb', line 13

def ignore_threshold
  @ignore_threshold
end

Class Method Details

.inherited(child) ⇒ Object 



84
85
86
87
 
# File 'lib/mihari/analyzers/base.rb', line 84

def inherited(child)
  super
  Mihari.analyzers << child
end

Instance Method Details

#artifactsArray<String>, Array<Mihari::Artifact>

Returns:

Raises:

  • (NotImplementedError) 


23
24
25
 
# File 'lib/mihari/analyzers/base.rb', line 23

def artifacts
  raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#descriptionString

Returns:

  • (String)

Raises:

  • (NotImplementedError) 


33
34
35
 
# File 'lib/mihari/analyzers/base.rb', line 33

def description
  raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#normalized_artifactsArray<Mihari::Artifact>

Normalize artifacts

  • Convert data (string) into an artifact

  • Reject an invalid artifact

  • Uniquefy artifacts by data

Returns:



98
99
100
101
102
103
104
 
# File 'lib/mihari/analyzers/base.rb', line 98

def normalized_artifacts
  @normalized_artifacts ||= artifacts.compact.sort.map do |artifact|
    # No need to set data_type manually
    # It is set automatically in #initialize
    artifact.is_a?(Artifact) ? artifact : Artifact.new(data: artifact, source: source)
  end.select(&:valid?).uniq(&:data)
end

#runMihari::Alert?

Set artifacts & run emitters in parallel

Returns:



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/mihari/analyzers/base.rb', line 52

def run
  unless configured?
    class_name = self.class.to_s.split("::").last
    raise ConfigurationError, "#{class_name} is not configured correctly"
  end

  with_db_connection do
    set_enriched_artifacts

    responses = Parallel.map(valid_emitters) do |emitter|
      run_emitter emitter
    end

    # returns Mihari::Alert created by the database emitter
    responses.find { |res| res.is_a?(Mihari::Alert) }
  end
end

#run_emitter(emitter) ⇒ nil

Run emitter

Parameters:

Returns:

  • (nil) 


77
78
79
80
81
 
# File 'lib/mihari/analyzers/base.rb', line 77

def run_emitter(emitter)
  emitter.run(title: title, description: description, artifacts: enriched_artifacts, source: source, tags: tags)
rescue StandardError => e
  Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
end

#sourceString

Returns:

  • (String) 


38
39
40
 
# File 'lib/mihari/analyzers/base.rb', line 38

def source
  self.class.to_s.split("::").last.to_s
end

#tagsArray<String>

Returns:

  • (Array<String>) 


43
44
45
 
# File 'lib/mihari/analyzers/base.rb', line 43

def tags
  []
end

#titleString

Returns:

  • (String) 


28
29
30
 
# File 'lib/mihari/analyzers/base.rb', line 28

def title
  self.class.to_s.split("::").last.to_s
end