Class: Mihari::Emitters::TheHive

Inherits:

Base

• Object
• Base
• Mihari::Emitters::TheHive

Defined in:

lib/mihari/emitters/the_hive.rb

Constant Summary

Constants included from Mixins::Retriable

Mixins::Retriable::DEFAULT_ON

Instance Attribute Summary

• #api_key ⇒ String^? readonly
• #api_version ⇒ String^? readonly
• #url ⇒ String^? readonly

Instance Method Summary

• #emit(rule:, artifacts:, **_options) ⇒ ::MISP::Event

  Create a Hive alert.

• #initialize(*args, **kwargs) ⇒ TheHive constructor

  A new instance of TheHive.

• #normalized_api_version ⇒ String^?

  Normalize API version for API client.

• #valid? ⇒ Boolean

Methods inherited from Base

inherited, #run

Methods included from Mixins::Retriable

#retry_on_error

Methods included from Mixins::Configurable

#configuration_values, #configured?

Constructor Details

#initialize(*args, **kwargs) ⇒ TheHive

Returns a new instance of TheHive.

# File 'lib/mihari/emitters/the_hive.rb', line 17

def initialize(*args, **kwargs)
  super(*args, **kwargs)

  @url = kwargs[:url] || Mihari.config.thehive_url
  @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
  @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
end

Instance Attribute Details

#api_key ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 12

def api_key
  @api_key
end

#api_version ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 15

def api_version
  @api_version
end

#url ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 9

def url
  @url
end

Instance Method Details

#emit(rule:, artifacts:, **_options) ⇒ ::MISP::Event

Create a Hive alert

Parameters:

• artifacts (Arra<Mihari::Artifact>)
• rule (Mihari::Structs::Rule)

Returns:

• (::MISP::Event)

# File 'lib/mihari/emitters/the_hive.rb', line 49

def emit(rule:, artifacts:, **_options)
  return if artifacts.empty?

  payload = payload(rule: rule, artifacts: artifacts)
  api.alert.create(**payload)
end

#normalized_api_version ⇒ String^?

Normalize API version for API client

Parameters:

• version (String)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 63

def normalized_api_version
  @normalized_api_version ||= [].tap do |out|
    # v4 does not have version prefix in path (/api/)
    # v5 has version prefix in path (/api/v1/)
    table = {
      "" => nil,
      "v4" => nil,
      "v5" => "v1"
    }
    out << table[api_version.to_s.downcase]
  end.first
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/emitters/the_hive.rb', line 26

def valid?
  unless url? && api_key?
    Mihari.logger.info("TheHive URL is not set") unless url?
    Mihari.logger.info("TheHive API key is not set") unless api_key?
    return false
  end

  unless ping?
    Mihari.logger.info("TheHive URL (#{url}) is not reachable")
    return false
  end

  true
end