Class: Mihari::Analyzers::Base
- Inherits:
-
Object
- Object
- Mihari::Analyzers::Base
- Extended by:
- Dry::Initializer
- Defined in:
- lib/mihari/analyzers/base.rb
Direct Known Subclasses
BinaryEdge, CIRCL, Censys, Crtsh, DNPedia, DNSTwister, Feed, GreyNoise, OTX, Onyphe, PassiveTotal, Pulsedive, Rule, SecurityTrails, Shodan, Urlscan, VirusTotal, VirusTotalIntelligence, ZoomEye
Constant Summary
Constants included from Mixins::Retriable
Instance Attribute Summary collapse
- #rule ⇒ Mihari::Structs::Rule? readonly
Class Method Summary collapse
Instance Method Summary collapse
- #artifacts ⇒ Array<String>, Array<Mihari::Artifact>
-
#initialize(*args, **kwargs) ⇒ Base
constructor
A new instance of Base.
-
#normalized_artifacts ⇒ Array<Mihari::Artifact>
Normalize artifacts - Convert data (string) into an artifact - Reject an invalid artifact - Uniquefy artifacts by data.
-
#run ⇒ Mihari::Alert?
Set artifacts & run emitters in parallel.
-
#run_emitter(emitter) ⇒ Mihari::Alert?
Run emitter.
- #source ⇒ String
Methods included from Mixins::Retriable
Methods included from Mixins::Configurable
#configuration_keys, #configuration_values, #configured?
Methods included from Mixins::AutonomousSystem
Constructor Details
#initialize(*args, **kwargs) ⇒ Base
Returns a new instance of Base.
17 18 19 20 21 |
# File 'lib/mihari/analyzers/base.rb', line 17 def initialize(*args, **kwargs) super(*args, **kwargs) @base_time = Time.now.utc end |
Instance Attribute Details
#rule ⇒ Mihari::Structs::Rule? (readonly)
15 16 17 |
# File 'lib/mihari/analyzers/base.rb', line 15 def rule @rule end |
Class Method Details
.inherited(child) ⇒ Object
74 75 76 77 |
# File 'lib/mihari/analyzers/base.rb', line 74 def inherited(child) super Mihari.analyzers << child end |
Instance Method Details
#artifacts ⇒ Array<String>, Array<Mihari::Artifact>
24 25 26 |
# File 'lib/mihari/analyzers/base.rb', line 24 def artifacts raise NotImplementedError, "You must implement #{self.class}##{__method__}" end |
#normalized_artifacts ⇒ Array<Mihari::Artifact>
Normalize artifacts
-
Convert data (string) into an artifact
-
Reject an invalid artifact
-
Uniquefy artifacts by data
88 89 90 91 92 93 94 95 96 97 |
# File 'lib/mihari/analyzers/base.rb', line 88 def normalized_artifacts @normalized_artifacts ||= artifacts.compact.sort.map do |artifact| # No need to set data_type manually # It is set automatically in #initialize artifact.is_a?(Artifact) ? artifact : Artifact.new(data: artifact, source: source) end.select(&:valid?).uniq(&:data).map do |artifact| artifact.rule_id = rule&.id artifact end end |
#run ⇒ Mihari::Alert?
Set artifacts & run emitters in parallel
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/mihari/analyzers/base.rb', line 38 def run unless configured? class_name = self.class.to_s.split("::").last raise ConfigurationError, "#{class_name} is not configured correctly" end set_enriched_artifacts responses = Parallel.map(valid_emitters) do |emitter| run_emitter emitter end # returns Mihari::Alert created by the database emitter responses.find { |res| res.is_a?(Mihari::Alert) } end |
#run_emitter(emitter) ⇒ Mihari::Alert?
Run emitter
61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/mihari/analyzers/base.rb', line 61 def run_emitter(emitter) return if enriched_artifacts.empty? alert_or_something = emitter.run(artifacts: enriched_artifacts, rule: rule) Mihari.logger.info "Emission by #{emitter.class} is succedded" alert_or_something rescue StandardError => e Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}" end |
#source ⇒ String
29 30 31 |
# File 'lib/mihari/analyzers/base.rb', line 29 def source self.class.to_s.split("::").last.to_s end |