Sha256: 345e4e466f6b4e0a9f6b99f2cbafed0c3194fd7c9885e3bc39ebe3302e63ed9a
Contents?: true
Size: 1.27 KB
Versions: 6
Compression:
Stored size: 1.27 KB
Contents
# frozen_string_literal: true
require "greynoise"
module Mihari
module Analyzers
class GreyNoise < Base
param :query
def artifacts
res = Structs::GreyNoise::Response.from_dynamic!(search)
res.data.map do |datum|
build_artifact datum
end
end
private
PAGE_SIZE = 10_000
def configuration_keys
%w[greynoise_api_key]
end
def api
@api ||= ::GreyNoise::API.new(key: Mihari.config.greynoise_api_key)
end
#
# Search
#
# @return [Hash]
#
def search
api.experimental.gnql(query, size: PAGE_SIZE)
end
#
# Build an artifact from a GreyNoise search API response
#
# @param [Structs::GreyNoise::Datum] datum
#
# @return [Artifact]
#
def build_artifact(datum)
as = AutonomousSystem.new(asn: normalize_asn(datum.metadata.asn))
geolocation = Geolocation.new(
country: datum.metadata.country,
country_code: datum.metadata.country_code
)
Artifact.new(
data: datum.ip,
source: source,
metadata: datum.metadata_,
autonomous_system: as,
geolocation: geolocation
)
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems