RubygemsResearch

Sha256: 78b3a8a6f247fa466a5f95577b913f95dabf8faa17365bf03227b58014bfa357

Contents?: true

Size: 1.53 KB

Versions: 11

Compression:

Stored size: 1.53 KB

# frozen_string_literal: true

require "binaryedge"

module Mihari
  module Analyzers
    class BinaryEdge < Base
      param :query
      option :title, default: proc { "BinaryEdge search" }
      option :description, default: proc { "query = #{query}" }
      option :tags, default: proc { [] }

      def artifacts
        results = search
        return [] unless results || results.empty?

        results.map do |result|
          events = result["events"] || []
          events.filter_map do |event|
            event.dig "target", "ip"
          end
        end.flatten.compact.uniq
      end

      private

      PAGE_SIZE = 20

      #
      # Search with pagination
      #
      # @param [String] query
      # @param [Integer] page
      #
      # @return [Hash]
      #
      def search_with_page(query, page: 1)
        api.host.search(query, page: page)
      rescue ::BinaryEdge::Error => e
        raise RetryableError, e if e.message.include?("Request time limit exceeded")

        raise e
      end

      #
      # Search
      #
      # @return [Array<Hash>]
      #
      def search
        responses = []
        (1..Float::INFINITY).each do |page|
          res = search_with_page(query, page: page)
          total = res["total"].to_i

          responses << res
          break if total <= page * PAGE_SIZE
        end
        responses
      end

      def configuration_keys
        %w[binaryedge_api_key]
      end

      def api
        @api ||= ::BinaryEdge::API.new(Mihari.config.binaryedge_api_key)
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
mihari-3.10.1	lib/mihari/analyzers/binaryedge.rb
mihari-3.10.0	lib/mihari/analyzers/binaryedge.rb
mihari-3.9.2	lib/mihari/analyzers/binaryedge.rb
mihari-3.9.1	lib/mihari/analyzers/binaryedge.rb
mihari-3.9.0	lib/mihari/analyzers/binaryedge.rb
mihari-3.8.1	lib/mihari/analyzers/binaryedge.rb
mihari-3.8.0	lib/mihari/analyzers/binaryedge.rb
mihari-3.7.2	lib/mihari/analyzers/binaryedge.rb
mihari-3.7.1	lib/mihari/analyzers/binaryedge.rb
mihari-3.7.0	lib/mihari/analyzers/binaryedge.rb
mihari-3.6.1	lib/mihari/analyzers/binaryedge.rb