Class: Mihari::Emitters::MISP

Inherits:

Base

• Object
• Base
• Mihari::Emitters::MISP

Defined in:

lib/mihari/emitters/misp.rb

Constant Summary

Constants included from Mixins::Retriable

Mixins::Retriable::DEFAULT_ON

Instance Attribute Summary

• #api_key ⇒ String^? readonly
• #artifacts ⇒ Array<Mihari::Artifact> readonly
• #rule ⇒ Mihari::Structs::Rule readonly
• #url ⇒ String^? readonly

Instance Method Summary

• #emit ⇒ ::MISP::Event

  Create a MISP event.

• #initialize(artifacts:, rule:, **options) ⇒ MISP constructor

  A new instance of MISP.

• #valid? ⇒ Boolean

Methods inherited from Base

inherited, #run

Methods included from Mixins::Retriable

#retry_on_error

Methods included from Mixins::Configurable

#configuration_keys?, #configuration_values, #configured?

Constructor Details

#initialize(artifacts:, rule:, **options) ⇒ MISP

Returns a new instance of MISP.

Parameters:

• artifacts (Array<Mihari::Artifact>)
• rule (Mihari::Structs::Rule)
• **options (Hash)

# File 'lib/mihari/emitters/misp.rb', line 23

def initialize(artifacts:, rule:, **options)
  super(artifacts: artifacts, rule: rule, **options)

  @url = options[:url] || Mihari.config.misp_url
  @api_key = options[:api_key] || Mihari.config.misp_api_key
end

Instance Attribute Details

#api_key ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/misp.rb', line 10

def api_key
  @api_key
end

#artifacts ⇒ Array<Mihari::Artifact> (readonly)

Returns:

• (Array<Mihari::Artifact>)

# File 'lib/mihari/emitters/misp.rb', line 13

def artifacts
  @artifacts
end

#rule ⇒ Mihari::Structs::Rule (readonly)

Returns:

• (Mihari::Structs::Rule)

# File 'lib/mihari/emitters/misp.rb', line 16

def rule
  @rule
end

#url ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/misp.rb', line 7

def url
  @url
end

Instance Method Details

#emit ⇒ ::MISP::Event

Create a MISP event

Parameters:

• artifacts (Arra<Mihari::Artifact>)
• rule (Mihari::Structs::Rule)

Returns:

• (::MISP::Event)

# File 'lib/mihari/emitters/misp.rb', line 54

def emit
  return if artifacts.empty?

  client.create_event({
    Event: {
      info: rule.title,
      Attribute: artifacts.map { |artifact| build_attribute(artifact) },
      Tag: rule.tags.map { |tag| { name: tag } }
    }
  })
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/emitters/misp.rb', line 31

def valid?
  unless url? && api_key?
    Mihari.logger.info("MISP URL is not set") unless url?
    Mihari.logger.info("MISP API key is not set") unless api_key?
    return false
  end

  unless ping?
    Mihari.logger.info("MISP URL (#{url}) is not reachable")
    return false
  end

  true
end