Sha256: 1e57d819785807b5a7fdfe5b5968332f29f8edb3a516780f2d909a90faea85f7
Contents?: true
Size: 1.84 KB
Versions: 1
Compression:
Stored size: 1.84 KB
Contents
# frozen_string_literal: true
module Mihari
module Analyzers
class BinaryEdge < Base
param :query
option :interval, default: proc { 0 }
# @return [String, nil]
attr_reader :api_key
def initialize(*args, **kwargs)
super(*args, **kwargs)
@api_key = kwargs[:api_key] || Mihari.config.binaryedge_api_key
end
def artifacts
results = search
return [] unless results || results.empty?
results.map do |result|
events = result["events"] || []
events.filter_map do |event|
data = event.dig("target", "ip")
data.nil? ? nil : Artifact.new(data: data, source: source, metadata: event)
end
end.flatten
end
private
PAGE_SIZE = 20
#
# Search with pagination
#
# @param [String] query
# @param [Integer] page
#
# @return [Hash]
#
def search_with_page(query, page: 1)
client.search(query, page: page)
rescue UnsuccessfulStatusCodeError => e
raise RetryableError, e if e.message.include?("Request time limit exceeded")
raise e
end
#
# Search
#
# @return [Array<Hash>]
#
def search
responses = []
(1..500).each do |page|
res = search_with_page(query, page: page)
total = res["total"].to_i
responses << res
break if total <= page * PAGE_SIZE
# sleep #{interval} seconds to avoid the rate limitation (if it is set)
sleep interval
end
responses
end
def configuration_keys
%w[binaryedge_api_key]
end
#
#
# @return [Mihari::Clients::BinaryEdge]
#
def client
@client ||= Clients::BinaryEdge.new(api_key: api_key)
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-5.1.1 | lib/mihari/analyzers/binaryedge.rb |