Skip to content
This repository has been archived by the owner on Oct 18, 2023. It is now read-only.

Commit

Permalink
Merge a3cc011 into 7e0d1ec
Browse files Browse the repository at this point in the history
  • Loading branch information
@ninoseki
ninoseki committed May 27, 2019
2 parents 7e0d1ec + a3cc011 commit 4621784
Show file tree
Hide file tree
Showing 9 changed files with 123 additions and 61 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ See `samples` for more.
| HTTP Method | URI | Action | API method |
|-------------|-----------------------------------|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| GET | /api/alert | List alerts | `#api.alert.list` |
| POST | /api/alert/_search | Find alerts | N/A |
| POST | /api/alert/_search | Find alerts | `#api.alert.search(attributes:, range: "all")` |
| PATCH | /api/alert/_bulk | Update alerts in bulk | N/A |
| POST | /api/alert/_stats | Compute stats on alerts | N/A |
| POST | /api/alert | Create an alert | `#api.alert.create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil, status: nil, type:, source:, source_ref: nil, artifacts: nil, follow: nil)` |
Expand All @@ -56,7 +56,7 @@ See `samples` for more.

| HTTP Method | URI | Action | API method |
|-------------|----------------------------------------|---------------------------------|---------------------------------------------------------------------------------------|
| POST | /api/case/artifact/_search | Find observables | `#api.artifact.search(data:, date_type:)` |
| POST | /api/case/artifact/_search | Find observables | `#api.artifact.search(attributes, range: "all")` |
| POST | /api/case/artifact/_stats | Compute stats on observables | N/A |
| POST | /api/case/:caseId/artifact | Create an observable | `#api.artifact.create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)` |
| GET | /api/case/artifact/:artifactId | Get an observable | `#api.artifact.get_by_id(id)` |
Expand All @@ -70,7 +70,7 @@ See `samples` for more.
| HTTP Method | URI | Action | API method |
|-------------|------------------------------------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| GET | /api/case | List cases | `#api.case.list` |
| POST | /api/case/_search | Find cases | `#api.case.search(query)` |
| POST | /api/case/_search | Find cases | `#api.case.search(attributes, range: "all")` |
| PATCH | /api/case/_bulk | Update cases in bulk | N/A |
| POST | /api/case/_stats | Compute stats on cases | N/A |
| POST | /api/case | Create a case | `#api.case.create(title:, description:, severity: nil, start_date: nil, owner: nil, flag: nil, tlp: nil, tags: nil)` |
Expand Down
6 changes: 5 additions & 1 deletion lib/hachi/clients/alert.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,14 @@ def create(title:, description:, severity: nil, date: nil, tags: nil, tlp: nil,
source: source,
source_ref: source_ref,
artifacts: artifacts,
follow: follow
follow: follow,
)
post("/api/alert", alert.payload) { |json| json }
end

def search(attributes:, range: "all")
_search("/api/alert/_search", attributes: attributes, range: range) { |json| json }
end
end
end
end
25 changes: 3 additions & 22 deletions lib/hachi/clients/artifact.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ def create(case_id, data:, data_type:, message: nil, tlp: nil, tags: nil)
data_type: data_type,
message: message,
tlp: tlp,
tags: tags
tags: tags,
)

post("/api/case/#{case_id}/artifact", artifact.payload) { |json| json }
Expand All @@ -23,27 +23,8 @@ def delete_by_id(id)
delete("/api/case/artifact/#{id}") { |json| json }
end

def search(data:, data_type:, range: "all")
validate_range range

artifact = Models::Artifact.new(data: data, data_type: data_type)
payload = {
query: {
_and:
[
{ _field: "data", _value: artifact.data },
{ _field: "dataType", _value: artifact.data_type },
{ _and:
[
{ _not: { status: "Deleted" } },
{ _not:
{ _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
] }
]
}
}

post("/api/case/artifact/_search?range=#{range}", payload) { |json| json }
def search(attributes, range: "all")
_search("/api/case/artifact/_search", attributes: attributes, range: range) { |json| json }
end
end
end
Expand Down
25 changes: 23 additions & 2 deletions lib/hachi/clients/base.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def https_options
proxy_address: uri.hostname,
proxy_port: uri.port,
proxy_from_env: false,
use_ssl: true
use_ssl: true,
}
else
{ use_ssl: true }
Expand Down Expand Up @@ -64,7 +64,7 @@ def request(req)
response = http.request(req)
json = parse_body(response.body)

raise(Error, "Unsupported response code returned: #{response.code} (#{json&.dig('message')})" ) unless response.code.start_with? "20"
raise(Error, "Unsupported response code returned: #{response.code} (#{json&.dig("message")})") unless response.code.start_with? "20"

yield json
end
Expand Down Expand Up @@ -109,6 +109,27 @@ def validate_range(range)

raise ArgumentError, "from should be smaller than to"
end

def _search(path, attributes:, range: "all")
validate_range range

conditions = attributes.map do |key, value|
{ _string: "#{key}:#{value}" }
end

default_conditions = {
_and: [
{ _not: { status: "Deleted" } },
{ _not: { _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } },
],
}

query = {
_and: [conditions, default_conditions].flatten,
}

post("#{path}?range=#{range}", query: query) { |json| json }
end
end
end
end
23 changes: 3 additions & 20 deletions lib/hachi/clients/case.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,31 +24,14 @@ def create(title:, description:, severity: nil, start_date: nil, owner: nil, fla
owner: owner,
flag: flag,
tlp: tlp,
tags: tags
tags: tags,
)

post("/api/case", kase.payload) { |json| json }
end

def search(query, range: "all")
validate_range range

payload = {
query: {
_and:
[
{ string: query },
{ _and:
[
{ _not: { status: "Deleted" } },
{ _not:
{ _in: { _field: "_type", _values: ["dashboard", "data", "user", "analyzer", "caseTemplate", "reportTemplate", "action"] } } }
] }
]
}
}

post("/api/case/_search?range=#{range}", payload) { |json| json }
def search(attributes, range: "all")
_search("/api/case/_search", attributes: attributes, range: range) { |json| json }
end
end
end
Expand Down
29 changes: 22 additions & 7 deletions spec/clients/alert_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,16 @@

RSpec.describe Hachi::Clients::Alert, :vcr do
let(:api) { Hachi::API.new }
let(:title) { "Test Alert" }
let(:description) { "test" }
let(:type) { "test" }
let(:source) { "test" }
let(:artifacts) {
[
{ data: "1.1.1.1", data_type: "ip", message: "test" },
{ data: "github.com", data_type: "domain", tags: ["test"] },
]
}

describe "#list" do
it "retuns an array" do
Expand All @@ -19,28 +29,33 @@

describe "#create" do
it "returns a hash" do
res = api.alert.create( title: "Test Alert", description: "test", type: "test", source: "test")
res = api.alert.create(title: title, description: description, type: type, source: source)
expect(res).to be_an(Hash)
end

context "create an alert with artifacts" do
it "returns a hash" do
artifacts = [
{ data: "1.1.1.1", data_type: "ip", message: "test" },
{ data: "github.com", data_type: "domain", tags: ["test"] }
]
res = api.alert.create( title: "Test Alert", description: "test", type: "test", source: "test", artifacts: artifacts)
res = api.alert.create(title: title, description: description, type: type, source: source, artifacts: artifacts)
expect(res).to be_an(Hash)
end
end
end

describe "#delete_by_id" do
let(:id) { api.alert.create( title: "Test Alert", description: "test", type: "test", source: "test")&.dig("_id") }
let(:id) { api.alert.create(title: title, description: description, type: type, source: source)&.dig("_id") }

it "retuns an empty string" do
res = api.alert.delete_by_id(id)
expect(res.empty?).to be true
end
end

describe "#search" do
let(:attributes) { { title: title } }

it do
res = api.alert.search(attributes: attributes)
expect(res).to be_an(Array)
end
end
end
2 changes: 1 addition & 1 deletion spec/clients/case_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@

describe "#search" do
it "returns an array" do
res = api.case.search("test")
res = api.case.search(title: "test")
expect(res).to be_an(Array)
end
end
Expand Down

0 comments on commit 4621784

Please sign in to comment.