Skip to content

Commit

Permalink
#66 use build_taxonomy() for summary() in analyzers
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Jun 27, 2017
1 parent e1655ba commit 04942fe
Show file tree
Hide file tree
Showing 29 changed files with 325 additions and 397 deletions.
20 changes: 7 additions & 13 deletions analyzers/CERTatPassiveDNS/certat_passivedns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,20 @@ def run(self):
self.report({'results': query(self.getData(), int(self.limit))})

def summary(self, raw):
results = raw.get('results')
return {'hits': len(results)}

def summary(self, raw):
taxonomy = {"level":"info", "namespace": "CERT.at", "predicate": "PassiveDNS", "value":0}
taxonomies = []
level = "info"
namespace = "CERT.at"
predicate = "PassiveDNS"

results = raw.get('results')
r = len(results)

if r == 0 or r == 1:
taxonomy["value"] = "\"{} hit\"".format(r)
value = "\"{} hit\"".format(r)
else:
taxonomy["value"] = "\"{} hits\"".format(r)

taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}

return result
value = "\"{} hits\"".format(r)

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}

if __name__ == '__main__':
CERTatPassiveDNSAnalyzer().run()
15 changes: 8 additions & 7 deletions analyzers/CIRCLPassiveDNS/circl_passivedns.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,21 +37,22 @@ def query(self, domain):
return clean_result

def summary(self, raw):

taxonomy = {"level": "info", "namespace": "CIRCL", "predicate": "PassiveDNS", "value": 0}
taxonomies = []
level = "info"
namespace = "CIRCL"
predicate = "PassiveDNS"

if ("results" in raw):
r = len(raw.get('results'))

if r == 0 or r == 1:
taxonomy["value"] = "\"{} hit\"".format(r)
value = "\"{} hit\"".format(r)
else:
taxonomy["value"] = "\"{} hits\"".format(r)
value = "\"{} hits\"".format(r)

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}

taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}
return result



Expand Down
14 changes: 8 additions & 6 deletions analyzers/CIRCLPassiveSSL/circl_passivessl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,22 +68,24 @@ def query_certificate(self, cert_hash):


def summary(self, raw):
taxonomy = {"level": "info", "namespace": "CIRCL", "predicate": "PassiveSSL", "value": 0}
taxonomies = []
level = "info"
namespace = "CIRCL"
predicate = "PassiveSSL"

if (self.data_type == 'hash') and ("query" in raw):
r = raw.get('query', 0).get('hits', 0)
if (self.data_type == 'ip') and ("certificates" in raw):
r = len(raw['certificates'])

if r == 0 or r == 1:
taxonomy["value"] = "\"{} hit\"".format(r)
value = "\"{} hit\"".format(r)
else:
taxonomy["value"] = "\"{} hits\"".format(r)
taxonomies.append(taxonomy)
value = "\"{} hits\"".format(r)
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

return {"taxonomies": taxonomies}

result = {"taxonomies": taxonomies}
return result


def run(self):
Expand Down
15 changes: 9 additions & 6 deletions analyzers/DNSDB/dnsdb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,21 +40,24 @@ def update_date(self, field, row):
return row

def summary(self, raw):
taxonomy = {"level": "info", "namespace": "Farsight", "predicate": "DNSDB", "value": 0}
# taxonomy = {"level": "info", "namespace": "Farsight", "predicate": "DNSDB", "value": 0}
taxonomies = []
level = "info"
namespace = "Farsight"
predicate = "DNSDB"

if ("records" in raw):
r = len(raw["records"])

if r == 0 or r == 1:
taxonomy["value"] = "\"{} record\"".format(r)
value = "\"{} record\"".format(r)
else:
taxonomy["value"] = "\"{} records\"".format(r)
value = "\"{} records\"".format(r)

taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy(level, namespace,predicate,value))

return {'taxonomies': taxonomies}

result = {'taxonomies': taxonomies}
return result

def run(self):
try:
Expand Down
30 changes: 9 additions & 21 deletions analyzers/DomainTools/domaintools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,6 @@ def summary(self, raw):
"dataType": self.data_type
}

taxonomy = {"level": "info", "namespace": "DT", "predicate": "Info", "value": 0}
taxonomies = []

if("ip_addresses" in raw):
r["ip"] = {
"address": raw["ip_addresses"]["ip_address"],
Expand All @@ -54,35 +51,26 @@ def summary(self, raw):
r["name_server"] = raw["name_server"]["hostname"]
r["domain_count"] = raw["name_server"]["total"]


taxonomies = []

# Prepare predicate and value for each service
if r["service"] == "reverse-ip":
report["predicate"] = "Reverse_IP"
taxonomy["value"] = "\"{}, {} domains\"".format(r["ip"]["address"], r["ip"]["domain_count"])
taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_IP","\"{}, {} domains\"".format(r["ip"]["address"], r["ip"]["domain_count"])))

if r["service"] == "name-server-domains":
taxonomy["predicate"] = "Reverse_Name_Server"
taxonomy["value"] = "\"{}, {} domains\"".format(r["name_server"], r["domain_count"])
taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_Name_Server","\"{}, {} domains\"".format(r["name_server"], r["domain_count"])))

if r["service"] == "reverse-whois":
taxonomy["predicate"] = "Reverse_Whois"
taxonomy["value"] = "\"curr:{} / hist:{} domains\"".format(r["domain_count"]["current"], r["domain_count"]["historic"])
taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy("info", "DT", "Reverse_Whois","\"curr:{} / hist:{} domains\"".format(r["domain_count"]["current"], r["domain_count"]["historic"])))

if r["service"] == "whois/history":
taxonomy["predicate"] = "Whois_History"
taxonomy["value"] = "\"{}, {} domains \"".format(r["name_server"], r["domain_count"])
taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy("info", "DT", "Whois_History","\"{}, {} domains \"".format(r["name_server"], r["domain_count"])))

if (r["service"] == "whois/parsed") or (r['service'] == "whois"):
taxonomy["predicate"] = "Whois"
taxonomy["value"] = "\"REGISTRAR:{}\"".format(r["registrar"])
taxonomies.append(taxonomy)
taxonomy["value"] = "\"REGISTRANT:{}\"".format(r["registrant"])
taxonomies.append(taxonomy)
if r["registrar"]:
taxonomies.append(self.build_taxonomy("info", "DT", "Whois", "\"REGISTRAR:{}\"".format(r["registrar"])))
if r["registrant"]:
taxonomies.append(self.build_taxonomy("info", "DT", "Whois", "\"REGISTRANT:{}\"".format(r["registrant"])))

result = {'taxonomies': taxonomies}
return result
Expand Down
26 changes: 14 additions & 12 deletions analyzers/File_Info/fileinfo_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,31 +138,33 @@ def MSOffice_Summary(self,report):

# SUMMARY
def summary(self, fullReport):

taxonomy = {"level": "info", "namespace": "FileInfo", "predicate": "Filetype", "value": 0}
taxonomies = []
level = "info"
namespace = "FileInfo"
predicate = "Filetype"


if fullReport['Mimetype'] in ['application/x-dosexec']:
pereport = self.PE_Summary(fullReport)
taxonomy["value"] = pereport['filetype']
taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy(level, namespace, predicate, pereport['filetype']))
elif fullReport['Mimetype'] in ['application/pdf']:
pdfreport = self.PDF_Summary(fullReport)
taxonomy['value'] = pdfreport['filetype']
value = pdfreport['filetype']
if pdfreport['suspicious']:
taxonomy['level'] = 'warning'
taxonomies.append(taxonomy)
level = 'suspicious'
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
elif (fullReport['filetype'] in ['DOC','DOCM','DOCX',
'XLS', 'XLSM', 'XLSX',
'PPT', "PPTM", 'PPTX']):
msreport = self.MSOffice_Summary(fullReport)
taxonomy['value'] = msreport['filetype']
value = msreport['filetype']
if msreport['suspicious']:
taxonomy['level'] = 'warning'
taxonomies.append(taxonomy)
level = 'suspicious'
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
else:
taxonomy['value'] = fullReport['filetype']
taxonomies.append(taxonomy)
value = fullReport['filetype']
level = 'info'
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

result = {'taxonomies': taxonomies}
return result
Expand Down
20 changes: 10 additions & 10 deletions analyzers/FireHOLBlocklists/firehol_blocklists.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,26 +112,26 @@ def _check_ip(self, ip):
return hits

def summary(self, raw):
taxonomy = {"level": "info", "namespace": "Filehol", "predicate": "Blocklists", "value": 0}
taxonomies = []
level = "info"
namespace = "Filehol"
predicate = "Blocklists"
value = "\"0 hit\""

if 'count' in raw:
r = raw.get('count', 0)

if r == 0 or r == 1:
taxonomy["value"] = "\"{} hit\"".format(r)
value = "\"{} hit\"".format(r)
else:
taxonomy["value"] = "\"{} hits\"".format(r)
value = "\"{} hits\"".format(r)

if r > 0:
taxonomy["level"] = "suspicious"
level = "suspicious"
else:
taxonomy["level"] = "safe"

taxonomies.append(taxonomy)

result = {"taxonomies": taxonomies}
return result
level = "safe"
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}

def run(self):
ip = self.getData()
Expand Down
17 changes: 11 additions & 6 deletions analyzers/Fortiguard/urlcategory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,22 @@
class URLCategoryAnalyzer(Analyzer):

def summary(self, raw):
taxonomy = {"level": "info", "namespace": "Fortiguard", "predicate": "URLCat", "value": 0}

taxonomies = []

if 'category' in raw:
r = raw.get('category')
taxonomy["value"] = "\"{}\"".format(r)
value = "\"{}\"".format(r)
if r == "Malicious Websites":
taxonomy['level'] = "malicious"
if r == "Suspicious Websites":
taxonomy['level'] = 'suspicious'
taxonomies.append(taxonomy)
level = "malicious"
elif r == "Suspicious Websites":
level = "suspicious"
elif r == "Not Rated":
level = "info"
else:
level = "safe"

taxonomies.append(self.build_taxonomy(level, "Fortiguard", "URLCat", value))

result = {"taxonomies": taxonomies}
return result
Expand Down
19 changes: 12 additions & 7 deletions analyzers/GoogleSafebrowsing/safebrowsing_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,25 +21,30 @@ def __init__(self):

def summary(self, raw):

taxonomy = {"level":"info", "namespace": "Google", "predicate": "Safebrowsing", "value":0}
# taxonomy = {"level":"info", "namespace": "Google", "predicate": "Safebrowsing", "value":0}
taxonomies = []
level = "info"
namespace = "Google"
predicate = "Safebrowsing"
value = "\"0 match\""

if ("results" in raw):
r = len(raw['results'])

if r == 0 or r == 1:
taxonomy["value"] = "\"{} match\"".format(r)
value = "\"{} match\"".format(r)
else:
taxonomy["value"] = "\"{} matches\"".format(r)
value = "\"{} matches\"".format(r)

if r > 0:
taxonomy["level"] = "malicious"
level = "malicious"
else:
level = "safe"
# level : info, safe, suspicious, malicious

taxonomies.append(taxonomy)
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

result = {"taxonomies": taxonomies}
return result
return {"taxonomies": taxonomies}

def run(self):
report = []
Expand Down
17 changes: 10 additions & 7 deletions analyzers/Hippocampe/hippo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,23 +36,26 @@ def scoreSummary(self, raw):
def summary(self, raw):
taxonomy = {"level": "safe", "namespace": "Hippocampe", "predicate": "Score", "value": 0}
taxonomies = []
level = "safe"
namespace = "Hippocampe"
predicate = "Score"
value = "\"0 record\""


if (self.service == 'hipposcore'):
r = self.scoreSummary(raw).get("data", 0)
taxonomy["value"] = r
value = r
if r > 0:
taxonomy["level"] = "malicious"
level = "malicious"
taxonomies.append(taxonomy)
elif (self.service == 'more'):
r = self.moreSummary(raw).get("data", 0)
taxonomy["value"] = "\"{} record(s)\"".format(r)
value = "\"{} record(s)\"".format(r)
if r > 0:
taxonomy["level"] = "malicious"
taxonomies.append(taxonomy)
level = "malicious"
taxonomies.append(self.buid_taxonomy(level, namespace, predicate, value))

result = {"taxonomies": taxonomies}
return result
return {"taxonomies": taxonomies}

def run(self):
data = self.getData()
Expand Down
Loading

0 comments on commit 04942fe

Please sign in to comment.