Class: Mihari::Emitters::TheHive

Inherits:

Base

• Object
• Actor
• Base
• Mihari::Emitters::TheHive

Defined in:

lib/mihari/emitters/the_hive.rb

Constant Summary

Constants included from Concerns::Retriable

Concerns::Retriable::DEFAULT_CONDITION, Concerns::Retriable::RETRIABLE_ERRORS

Instance Attribute Summary

• #api_key ⇒ String^? readonly
• #artifacts ⇒ Array<Mihari::Models::Artifact>
• #observable_tags ⇒ Array<String> readonly
• #url ⇒ String^? readonly

Attributes inherited from Base

#rule

Attributes inherited from Actor

#options

Instance Method Summary

• #call(artifacts) ⇒ Object

  Create a Hive alert.

• #configured? ⇒ Boolean
• #initialize(rule:, options: nil, **params) ⇒ TheHive constructor

  A new instance of TheHive.

• #target ⇒ String

Methods inherited from Base

inherited, #parallel?, #result

Methods inherited from Actor

configuration_keys, key, key_aliases, keys, #result, #retry_exponential_backoff, #retry_interval, #retry_times, #timeout, type, #validate_configuration!

Methods included from Concerns::Retriable

#retry_on_error

Methods included from Concerns::Configurable

#configuration_keys?

Constructor Details

#initialize(rule:, options: nil, **params) ⇒ TheHive

Returns a new instance of TheHive.

Parameters:

• rule (Mihari::Rule)
• options (Hash, nil) (defaults to: nil)
• params (Hash)

# File 'lib/mihari/emitters/the_hive.rb', line 23

def initialize(rule:, options: nil, **params)
  super(rule:, options:)

  @url = params[:url] || Mihari.config.thehive_url
  @api_key = params[:api_key] || Mihari.config.thehive_api_key
  @observable_tags = params[:observable_tags] || []

  @artifacts = []
end

Instance Attribute Details

#api_key ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 10

def api_key
  @api_key
end

#artifacts ⇒ Array<Mihari::Models::Artifact>

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/emitters/the_hive.rb', line 16

def artifacts
  @artifacts
end

#observable_tags ⇒ Array<String> (readonly)

Returns:

• (Array<String>)

# File 'lib/mihari/emitters/the_hive.rb', line 13

def observable_tags
  @observable_tags
end

#url ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/emitters/the_hive.rb', line 7

def url
  @url
end

Instance Method Details

#call(artifacts) ⇒ Object

Create a Hive alert

Parameters:

• artifacts (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/emitters/the_hive.rb', line 52

def call(artifacts)
  return if artifacts.empty?

  @artifacts = artifacts

  client.alert payload
end

#configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/emitters/the_hive.rb', line 36

def configured?
  api_key? && url?
end

#target ⇒ String

Returns:

• (String)

# File 'lib/mihari/emitters/the_hive.rb', line 43

def target
  URI(url).host || "N/A"
end