Module: Mihari::Schemas
- Defined in:
- lib/mihari/schemas/rule.rb,
lib/mihari/schemas/emitter.rb,
lib/mihari/schemas/analyzer.rb,
lib/mihari/schemas/enricher.rb
Defined Under Namespace
Classes: RuleContract
Constant Summary collapse
- Rule =
Dry::Schema.Params do required(:id).value(:string) required(:title).value(:string) required(:description).value(:string) optional(:tags).value(array[:string]).default([]) optional(:author).value(:string) optional(:references).value(array[:string]) optional(:related).value(array[:string]) optional(:status).value(:string) optional(:created_on).value(:date) optional(:updated_on).value(:date) required(:queries).value(:array).each do AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed end optional(:emitters).value(:array).each { Database | MISP | TheHive | Slack | Webhook }.default(DEFAULT_EMITTERS) optional(:enrichers).value(:array).each(Enricher).default(DEFAULT_ENRICHERS) optional(:data_types).value(array[Types::DataTypes]).default(DEFAULT_DATA_TYPES) optional(:falsepositives).value(array[:string]).default([]) optional(:artifact_lifetime).value(:integer) optional(:artifact_ttl).value(:integer) end
- Database =
Dry::Schema.Params do required(:emitter).value(Types::String.enum("database")) end
- MISP =
Dry::Schema.Params do required(:emitter).value(Types::String.enum("misp")) optional(:url).value(:string) optional(:api_key).value(:string) end
- TheHive =
Dry::Schema.Params do required(:emitter).value(Types::String.enum("the_hive")) optional(:url).value(:string) optional(:api_key).value(:string) optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4") end
- Slack =
Dry::Schema.Params do required(:emitter).value(Types::String.enum("slack")) optional(:webhook_url).value(:string) optional(:channel).value(:string) end
- Webhook =
Dry::Schema.Params do required(:emitter).value(Types::String.enum("webhook")) required(:url).value(:string) optional(:method).value(Types::HTTPRequestMethods).default("POST") optional(:headers).value(:hash).default({}) optional(:template).value(:string) end
- AnalyzerOptions =
Dry::Schema.Params do optional(:interval).value(:integer) end
- AnalyzerWithoutAPIKey =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("crtsh", "dnpedia", "dnstwister")) required(:query).value(:string) optional(:options).hash(AnalyzerOptions) end
- AnalyzerWithAPIKey =
Dry::Schema.Params do required(:analyzer).value( Types::String.enum( "binaryedge", "greynoise", "onyphe", "otx", "pulsedive", "securitytrails", "shodan", "st", "virustotal_intelligence", "virustotal", "vt_intel", "vt" ) ) required(:query).value(:string) optional(:api_key).value(:string) optional(:options).hash(AnalyzerOptions) end
- Censys =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("censys")) required(:query).value(:string) optional(:id).value(:string) optional(:secret).value(:string) optional(:options).hash(AnalyzerOptions) end
- CIRCL =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("circl")) required(:query).value(:string) optional(:username).value(:string) optional(:password).value(:string) optional(:options).hash(AnalyzerOptions) end
- PassiveTotal =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("passivetotal", "pt")) required(:query).value(:string) optional(:username).value(:string) optional(:api_key).value(:string) optional(:options).hash(AnalyzerOptions) end
- ZoomEye =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("zoomeye")) required(:query).value(:string) required(:type).value(Types::String.enum("host", "web")) optional(:options).hash(AnalyzerOptions) end
- Crtsh =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("crtsh")) required(:query).value(:string) optional(:exclude_expired).value(:bool).default(true) optional(:options).hash(AnalyzerOptions) end
- Urlscan =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("urlscan")) required(:query).value(:string) optional(:options).hash(AnalyzerOptions) end
- Feed =
Dry::Schema.Params do required(:analyzer).value(Types::String.enum("feed")) required(:query).value(:string) required(:selector).value(:string) optional(:method).value(Types::HTTPRequestMethods).default("GET") optional(:headers).value(:hash).default({}) optional(:params).value(:hash) optional(:data).value(:hash) optional(:json).value(:hash) optional(:options).hash(AnalyzerOptions) end
- Enricher =
Dry::Schema.Params do required(:enricher).value(Types::EnricherTypes) end