Contents

# frozen_string_literal: true

module Mihari
  class AlertViewer
    attr_reader :limit
    attr_reader :the_hive

    ALERT_KEYS = %w(title description artifacts tags createdAt status).freeze

    def initialize(limit: 5)
      @limit = limit
      validate_limit

      @the_hive = TheHive.new
      raise Error, "Cannot connect to the TheHive instance" unless the_hive.valid?
    end

    def list
      range = limit == "all" ? "all" : "0-#{limit}"
      alerts = the_hive.alert.list(range: range)
      alerts.map { |alert| convert alert }
    end

    private

    def validate_limit
      return true if limit == "all"

      raise ArgumentError, "limit should be bigger than zero" unless limit.to_i.positive?
    end

    def convert(alert)
      attributes = alert.select { |k, _v| ALERT_KEYS.include? k }
      attributes["createdAt"] = Time.at(attributes["createdAt"] / 1000).to_s
      attributes["artifacts"] = (attributes.dig("artifacts") || []).map do |artifact|
        artifact.dig("data")
      end.sort
      attributes
    end
  end
end

Version data entries

25 entries across 25 versions & 1 rubygems

Version	Path
mihari-0.17.5	lib/mihari/alert_viewer.rb
mihari-0.17.4	lib/mihari/alert_viewer.rb
mihari-0.17.3	lib/mihari/alert_viewer.rb
mihari-0.17.2	lib/mihari/alert_viewer.rb
mihari-0.17.1	lib/mihari/alert_viewer.rb
mihari-0.17.0	lib/mihari/alert_viewer.rb
mihari-0.16.0	lib/mihari/alert_viewer.rb
mihari-0.15.0	lib/mihari/alert_viewer.rb
mihari-0.14.0	lib/mihari/alert_viewer.rb
mihari-0.13.2	lib/mihari/alert_viewer.rb
mihari-0.13.1	lib/mihari/alert_viewer.rb
mihari-0.13.0	lib/mihari/alert_viewer.rb
mihari-0.12.0	lib/mihari/alert_viewer.rb
mihari-0.11.0	lib/mihari/alert_viewer.rb
mihari-0.10.0	lib/mihari/alert_viewer.rb
mihari-0.9.1	lib/mihari/alert_viewer.rb
mihari-0.9.0	lib/mihari/alert_viewer.rb
mihari-0.8.2	lib/mihari/alert_viewer.rb
mihari-0.8.1	lib/mihari/alert_viewer.rb
mihari-0.8.0	lib/mihari/alert_viewer.rb