Class: Mihari::Emitters::MISP

Inherits:

Base

• Object
• Actor
• Base
• Mihari::Emitters::MISP

Defined in:

lib/mihari/emitters/misp.rb

Overview

MISP emitter

Constant Summary

Constants included from Concerns::Retriable

Concerns::Retriable::DEFAULT_CONDITION, Concerns::Retriable::RETRIABLE_ERRORS

Instance Attribute Summary

• #api_key ⇒ String^? readonly
• #artifacts ⇒ Array<Mihari::Models::Artifact>
• #attribute_tags ⇒ Array<String> readonly
• #rule ⇒ Mihari::Rule readonly
• #url ⇒ String^? readonly

Attributes inherited from Actor

#options

Instance Method Summary

• #call(artifacts) ⇒ Object

  Create a MISP event.

• #configured? ⇒ Boolean
• #initialize(rule:, options: nil, **params) ⇒ MISP constructor

  A new instance of MISP.

• #target ⇒ String

Methods inherited from Base

#get_result, inherited, #parallel?

Methods inherited from Actor

configuration_keys, #get_result, key, key_aliases, keys, #retry_exponential_backoff, #retry_interval, #retry_times, #timeout, type, #validate_configuration!

Methods included from Concerns::Retriable

#retry_on_error

Methods included from Concerns::Configurable

#configuration_keys?

Constructor Details

#initialize(rule:, options: nil, **params) ⇒ MISP

Returns a new instance of MISP.

Parameters:

• rule (Mihari::Rule)
• options (Hash, nil) (defaults to: nil)
• params (Hash, nil)

# File 'lib/mihari/emitters/misp.rb', line 29

def initialize(rule:, options: nil, **params)
  super(rule:, options:)

  @url = params[:url] || Mihari.config.misp_url
  @api_key = params[:api_key] || Mihari.config.misp_api_key
  @attribute_tags = params[:attribute_tags] || []

  @artifacts = []
end

Instance Attribute Details

#api_key ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/misp.rb', line 13

def api_key
  @api_key
end

#artifacts ⇒ Array<Mihari::Models::Artifact>

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/emitters/misp.rb', line 22

def artifacts
  @artifacts
end

#attribute_tags ⇒ Array<String> (readonly)

Returns:

• (Array<String>)

# File 'lib/mihari/emitters/misp.rb', line 16

def attribute_tags
  @attribute_tags
end

#rule ⇒ Mihari::Rule (readonly)

Returns:

• (Mihari::Rule)

# File 'lib/mihari/emitters/misp.rb', line 19

def rule
  @rule
end

#url ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/misp.rb', line 10

def url
  @url
end

Instance Method Details

#call(artifacts) ⇒ Object

Create a MISP event

Parameters:

• artifacts (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/emitters/misp.rb', line 51

def call(artifacts)
  return if artifacts.empty?

  client.create_event({
    Event: {
      info: rule.title,
      Attribute: artifacts.map { |artifact| build_attribute(artifact) },
      Tag: rule.tags.map { |tag| {name: tag.name} }
    }
  })
end

#configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/emitters/misp.rb', line 42

def configured?
  api_key? && url?
end

#target ⇒ String

Returns:

• (String)

# File 'lib/mihari/emitters/misp.rb', line 66

def target
  URI(url).host || "N/A"
end