[Feature Request] Support infrastructure-tracking-schema about mihari HOT 6 CLOSED

Hey @ninoseki! I'm open for any feedback regarding the tracking schema. Was an idea in order to have a well documented rule set, but unfortunately I haven't found time to implement it into my own software projects. 😇

from mihari.

@ssnkhan I'm thinking about making the following changes:

• Deprecate all search comands (mihari shodan, mihari censys, etc.)
• Add a "search" command which accepts the schema as an input
  • The old search commands should be replaced by this command

What do you think?

from mihari.

I think being able to store all that extra metadata will be very very helpful! However, will this also affect the structure of the mihari.db? Will the --ignore-old-artifacts, and --ignore-threshold be configured within the rule.yml file, or will they be part of CLI usage as they are currently? Thanks :)

from mihari.

Because there's always stuff which is tool related and changes from rule to rule, the schema allows adding the custom key (see the example rule.yml). Maybe that would be useful for mihari, too?

from mihari.

Thank you for comments.
Yes, I'm thinking about using custom properties to keep the backward compatibility.

from mihari.

I implemented a DSL to write a rule which is inspired by infrastructure-tracking-schema.
It's not totally followed the original schema. I customized it to fit with this app to not to make a breaking change.
The schemas for Mihari is defined in here.

from mihari.