Module: Mihari::Schemas
- Defined in:
- lib/mihari/schemas/rule.rb,
lib/mihari/schemas/alert.rb,
lib/mihari/schemas/emitter.rb,
lib/mihari/schemas/options.rb,
lib/mihari/schemas/analyzer.rb,
lib/mihari/schemas/enricher.rb,
lib/mihari/schemas/concerns/orrable.rb
Defined Under Namespace
Modules: Analyzers, Concerns, Emitters, Enrichers Classes: AlertContract, RuleContract
Constant Summary collapse
- Rule =
Dry::Schema.Params do required(:id).filled(:string) required(:title).filled(:string) required(:description).filled(:string) optional(:author).filled(:string) optional(:status).filled(:string) optional(:tags).array { filled(:string) }.default([]) optional(:references).array { filled(:string) } optional(:related).array { filled(:string) } optional(:created_on).value(:date) optional(:updated_on).value(:date) required(:queries).array { Analyzer } optional(:emitters).array { Emitter }.default(DEFAULT_EMITTERS) optional(:enrichers).array { Enricher }.default(DEFAULT_ENRICHERS) optional(:data_types).filled(array[Types::DataTypes]).default(Mihari::Types::DataTypes.values) optional(:falsepositives).array { filled(:string) }.default([]) optional(:artifact_ttl).value(:integer) end
- Alert =
Dry::Schema.Params do required(:rule_id).filled(:string) required(:artifacts).array { filled(:string) } optional(:source).filled(:string) end
- Emitter =
Schemas::Emitters.compose_by_or
- Options =
Dry::Schema.Params do optional(:retry_times).value(:integer) optional(:retry_interval).value(:integer) optional(:retry_exponential_backoff).value(:bool) optional(:timeout).value(:integer) end
- ParallelOptions =
Dry::Schema.Params do optional(:parallel).value(:bool) end
- IgnoreErrorOptions =
Dry::Schema.Params do optional(:ignore_error).value(:bool) end
- PaginationOptions =
Dry::Schema.Params do optional(:pagination_interval).value(:integer) optional(:pagination_limit).value(:integer) end
- AnalyzerOptions =
Options & IgnoreErrorOptions & ParallelOptions
- AnalyzerPaginationOptions =
AnalyzerOptions & PaginationOptions
- EmitterOptions =
Options & ParallelOptions
- Analyzer =
Schemas::Analyzers.compose_by_or
- Enricher =
Schemas::Enrichers.compose_by_or