Class: Mihari::Emitters::MISP
Constant Summary
Constants included from Mixins::Retriable
Instance Attribute Summary collapse
- #api_key ⇒ String? readonly
- #url ⇒ String? readonly
Instance Method Summary collapse
-
#emit(rule:, artifacts:, **_options) ⇒ ::MISP::Event
Create a MISP event.
-
#initialize(*args, **kwargs) ⇒ MISP
constructor
A new instance of MISP.
- #valid? ⇒ Boolean
Methods inherited from Base
Methods included from Mixins::Retriable
Methods included from Mixins::Configurable
#configuration_values, #configured?
Constructor Details
#initialize(*args, **kwargs) ⇒ MISP
Returns a new instance of MISP.
14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/mihari/emitters/misp.rb', line 14 def initialize(*args, **kwargs) super(*args, **kwargs) @url = kwargs[:url] || Mihari.config.misp_url @api_key = kwargs[:api_key] || Mihari.config.misp_api_key ::MISP.configure do |config| config.api_endpoint = url config.api_key = api_key end end |
Instance Attribute Details
#api_key ⇒ String? (readonly)
12 13 14 |
# File 'lib/mihari/emitters/misp.rb', line 12 def api_key @api_key end |
#url ⇒ String? (readonly)
9 10 11 |
# File 'lib/mihari/emitters/misp.rb', line 9 def url @url end |
Instance Method Details
#emit(rule:, artifacts:, **_options) ⇒ ::MISP::Event
Create a MISP event
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/mihari/emitters/misp.rb', line 50 def emit(rule:, artifacts:, **) return if artifacts.empty? event = ::MISP::Event.new(info: rule.title) artifacts.each do |artifact| event.attributes << build_attribute(artifact) end rule..each do |tag| event.add_tag name: tag end event.create end |
#valid? ⇒ Boolean
27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/mihari/emitters/misp.rb', line 27 def valid? unless url? && api_key? Mihari.logger.info("MISP URL is not set") unless url? Mihari.logger.info("MISP API key is not set") unless api_key? return false end unless ping? Mihari.logger.info("MISP URL (#{url}) is not reachable") return false end true end |