Class: Mihari::Analyzers::Base

Inherits:

Object

• Object
• Mihari::Analyzers::Base

Extended by:

Dry::Initializer

Includes:

Mixins::AutonomousSystem, Mixins::Configurable, Mixins::Retriable

Defined in:

lib/mihari/analyzers/base.rb

Direct Known Subclasses

BinaryEdge, CIRCL, Censys, Crtsh, DNPedia, DNSTwister, Feed, GreyNoise, OTX, Onyphe, PassiveTotal, Pulsedive, Rule, SecurityTrails, Shodan, Urlscan, VirusTotal, VirusTotalIntelligence, ZoomEye

Constant Summary

Constants included from Mixins::Retriable

Mixins::Retriable::DEFAULT_ON

Instance Attribute Summary

• #rule ⇒ Mihari::Structs::Rule^? readonly

Class Method Summary

• .inherited(child) ⇒ Object

Instance Method Summary

• #artifacts ⇒ Array<String>, Array<Mihari::Artifact>
• #initialize(*args, **kwargs) ⇒ Base constructor

  A new instance of Base.

• #normalized_artifacts ⇒ Array<Mihari::Artifact>

  Normalize artifacts - Convert data (string) into an artifact - Reject an invalid artifact - Uniquefy artifacts by data.

• #run ⇒ Mihari::Alert^?

  Set artifacts & run emitters in parallel.

• #run_emitter(emitter) ⇒ Mihari::Alert^?

  Run emitter.

• #source ⇒ String

Methods included from Mixins::Retriable

#retry_on_error

Methods included from Mixins::Configurable

#configuration_keys, #configuration_values, #configured?

Methods included from Mixins::AutonomousSystem

#normalize_asn

Constructor Details

#initialize(*args, **kwargs) ⇒ Base

Returns a new instance of Base.

# File 'lib/mihari/analyzers/base.rb', line 17

def initialize(*args, **kwargs)
  super(*args, **kwargs)

  @base_time = Time.now.utc
end

Instance Attribute Details

#rule ⇒ Mihari::Structs::Rule^? (readonly)

Returns:

• (Mihari::Structs::Rule, nil)

# File 'lib/mihari/analyzers/base.rb', line 15

def rule
  @rule
end

Class Method Details

.inherited(child) ⇒ Object

# File 'lib/mihari/analyzers/base.rb', line 74

def inherited(child)
  super
  Mihari.analyzers << child
end

Instance Method Details

#artifacts ⇒ Array<String>, Array<Mihari::Artifact>

Returns:

• (Array<String>, Array<Mihari::Artifact>)

Raises:

• (NotImplementedError)

# File 'lib/mihari/analyzers/base.rb', line 24

def artifacts
  raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#normalized_artifacts ⇒ Array<Mihari::Artifact>

Normalize artifacts

• Convert data (string) into an artifact

• Reject an invalid artifact

• Uniquefy artifacts by data

Returns:

• (Array<Mihari::Artifact>)

# File 'lib/mihari/analyzers/base.rb', line 88

def normalized_artifacts
  @normalized_artifacts ||= artifacts.compact.sort.map do |artifact|
    # No need to set data_type manually
    # It is set automatically in #initialize
    artifact.is_a?(Artifact) ? artifact : Artifact.new(data: artifact, source: source)
  end.select(&:valid?).uniq(&:data).map do |artifact|
    artifact.rule_id = rule&.id
    artifact
  end
end

#run ⇒ Mihari::Alert^?

Set artifacts & run emitters in parallel

Returns:

• (Mihari::Alert, nil)

# File 'lib/mihari/analyzers/base.rb', line 38

def run
  unless configured?
    class_name = self.class.to_s.split("::").last
    raise ConfigurationError, "#{class_name} is not configured correctly"
  end

  set_enriched_artifacts

  responses = Parallel.map(valid_emitters) do |emitter|
    run_emitter emitter
  end

  # returns Mihari::Alert created by the database emitter
  responses.find { |res| res.is_a?(Mihari::Alert) }
end

#run_emitter(emitter) ⇒ Mihari::Alert^?

Run emitter

Parameters:

• emitter (Mihari::Emitters::Base)

Returns:

• (Mihari::Alert, nil)

# File 'lib/mihari/analyzers/base.rb', line 61

def run_emitter(emitter)
  return if enriched_artifacts.empty?

  alert_or_something = emitter.run(artifacts: enriched_artifacts, rule: rule)

  Mihari.logger.info "Emission by #{emitter.class} is succedded"

  alert_or_something
rescue StandardError => e
  Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
end

#source ⇒ String

Returns:

• (String)

# File 'lib/mihari/analyzers/base.rb', line 29

def source
  self.class.to_s.split("::").last.to_s
end