fix snort alerts (#163)

analyzers/CuckooSandbox/cuckoosandbox_analyzer.py

@@ -13,7 +13,7 @@ def __init__(self):
         Analyzer.__init__(self)
         self.service = self.getParam('config.service', None, 'CuckooSandbox service is missing')
         self.url = self.getParam('config.url', None, 'CuckooSandbox url is missing')
-	self.url = self.url + "/" if not self.url.endswith("/") else self.url
+        self.url = self.url + "/" if not self.url.endswith("/") else self.url
         #self.analysistimeout = self.getParam('config.analysistimeout', 30*60, None)
         #self.networktimeout = self.getParam('config.networktimeout', 30, None)
 
@@ -83,19 +83,23 @@ def run(self):
             resp_json = response.json()
             list_description = [x['description'] for x in resp_json['signatures']]
             if 'suricata' in resp_json.keys() and 'alerts' in resp_json['suricata'].keys():
-				if 'dstport' in resp_json['suricata']['alerts'].keys():
-					suri_alerts = [(x['signature'],x['dstip'],x['dstport'],x['severity']) for x in resp_json['suricata']['alerts']]
-				elif 'dst_port' in resp_json['suricata']['alerts'].keys():
-					suri_alerts = [(x['signature'],x['dst_ip'],x['dst_port'],x['severity']) for x in resp_json['suricata']['alerts']]
+                if any('dstport' in x for x in resp_json['suricata']['alerts']):
+                    suri_alerts = [(x['signature'],x['dstip'],x['dstport'],x['severity']) for x in resp_json['suricata']['alerts'] if 'dstport' in x.keys()]
+                elif any('dst_port' in x for x in resp_json['suricata']['alerts']):
+                    suri_alerts = [(x['signature'],x['dst_ip'],x['dst_port'],x['severity']) for x in resp_json['suricata']['alerts']]
+                else:
+                    suri_alerts = []
             else:
                 suri_alerts = []
             if 'snort' in resp_json.keys() and 'alerts' in resp_json['snort'].keys():
-				if 'dstport' in resp_json['snort']['alerts'].keys():
-					snort_alerts = [(x['message'],x['dstip'],x['dstport'],x['priority']) for x in resp_json['snort']['alerts']]
-				elif 'dst_port' in resp_json['snort']['alerts'].keys():
-					snort_alerts = [(x['message'],x['dst_ip'],x['dst_port'],x['priority']) for x in resp_json['snort']['alerts']]
+                if any('dstport' in x for x in resp_json['snort']['alerts']):
+                    snort_alerts = [(x['message'],x['dstip'],x['dstport'],x['priority']) for x in resp_json['snort']['alerts']]
+                elif any('dst_port' in x for x in resp_json['snort']['alerts']):
+                    snort_alerts = [(x['message'],x['dst_ip'],x['dst_port'],x['priority']) for x in resp_json['snort']['alerts']]
+                else:
+                    snort_alerts = []
             else:
-                snort_alerts = []				
+                snort_alerts = []               
             try:
                 hosts = [(x['ip'],x['hostname'],x['country_name']) for x in resp_json['network']['hosts']] if 'hosts' in resp_json['network'].keys() else None
             except TypeError as e:
@@ -105,7 +109,7 @@ def run(self):
                 self.report({
                     'signatures': list_description,
                     'suricata_alerts': suri_alerts,
-					'snort_alerts': snort_alerts,
+                    'snort_alerts': snort_alerts,
                     'hosts': hosts,
                     'uri': uri,
                     'malscore': resp_json['malscore'] if 'malscore' in resp_json.keys() else resp_json['info'].get('score', None),
@@ -117,7 +121,7 @@ def run(self):
                 self.report({
                     'signatures': list_description,
                     'suricata_alerts': suri_alerts,
-					'snort_alerts': snort_alerts,					
+                    'snort_alerts': snort_alerts,                   
                     'hosts': hosts,
                     'uri': uri,
                     'malscore': resp_json['malscore'] if 'malscore' in resp_json.keys() else resp_json['info'].get('score', None),