Skip to content

Commit

Permalink
Merge pull request #1331 from TheHive-Project/testinganalyzer
Browse files Browse the repository at this point in the history 
Add Test analyzer
  • Loading branch information
@nusantara-self
nusantara-self authored Mar 3, 2025
2 parents 8de9d67 + b4db5ac commit 281894c
Show file tree
Hide file tree
Showing 6 changed files with 301 additions and 1 deletion.
53 changes: 53 additions & 0 deletions analyzers/TestAnalyzer/TestAnalyzer.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"name": "TestAnalyzer",
"version": "1.0",
"author": "Fabien Bloume, StrangeBee",
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Just a simple test analyzer! No real-world use-case covered by this one, for testing, reference, dev and any other purpose only!",
"dataTypeList": ["ip", "domain", "url", "fqdn", "mail", "hash", "filename", "uri_path", "user-agent", "mail-subject"],
"baseConfig": "TestAnalyzer",
"command": "TestAnalyzer/testing.py",
"config": {
"service": "testing"
},
"configurationItems": [
{
"name": "some_string",
"description": "placeholder string",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "some string.."
},
{
"name": "some_list",
"description": "placeholder list",
"type": "string",
"multi": true,
"required": false,
"defaultValue": ["item1", "item2", "item3"]

},
{
"name": "some_number",
"description": "placeholder number",
"type": "number",
"multi": false,
"required": false,
"defaultValue": 1
},
{
"name": "throw_error",
"description": "throw an error!",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
}
],
"registration_required": false,
"subscription_required": false,
"free_subscription": false,
"serviceHomepage": "None"
}
1 change: 1 addition & 0 deletions analyzers/TestAnalyzer/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cortexutils
86 changes: 86 additions & 0 deletions analyzers/TestAnalyzer/testing.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
#!/usr/bin/env python3
# encoding: utf-8

from cortexutils.analyzer import Analyzer

class TestAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.some_string = self.get_param(
"config.some_string", None, "some_string parameter is missing"
)
self.some_list = self.get_param(
"config.some_list", ["item1", "item2", "item3"], "some_list parameter is missing"
)
self.some_number = self.get_param(
"config.some_number", 1, "some_number parameter is missing"
)
self.throw_error = self.get_param(
"config.throw_error", False, "throw_error parameter is missing"
)

def run(self):
if self.throw_error:
error_message = "this is an error string: throw_error boolean is set to True in Cortex"
self.error(error_message)
data = self.get_data()
#data = self.get_param("data", None, "Data is missing")
datatype = self.data_type

result = {"data": data, "dataType": datatype, "arrayExample": ["A", "B", "C"], "tableExample": {"colA": "row A value", "colB": "row B value", "colC": "row C value",}}

self.report(result)

def summary(self, raw):
taxonomies = []
namespace = "testing"
predicate = self.data_type
value = "None"

# safe, info, suspicious, malicious
for level in ["info", "safe", "suspicious", "malicious"]:
taxonomies.append(
self.build_taxonomy(
level, namespace, predicate, value)
)

return {"taxonomies": taxonomies}

def operations(self, raw):
operations = []
operations.append(self.build_operation('AddTagToArtifact', tag="test"))
## For reference only
# case class AddTagToCase(tag: String) extends ActionOperation
# case class AddTagToArtifact(tag: String) extends ActionOperation
# case class CreateTask(title: String, description: String) extends ActionOperation
# case class AddCustomFields(name: String, tpe: String, value: JsValue) extends ActionOperation
# case class CloseTask() extends ActionOperation
# case class MarkAlertAsRead() extends ActionOperation
# case class AddLogToTask(content: String, owner: Option[String]) extends ActionOperation
# case class AddTagToAlert(tag: String) extends ActionOperation
# case class AddArtifactToCase(
# data: String,
# dataType: String,
# message: String,
# tlp: Option[Int],
# ioc: Option[Boolean],
# sighted: Option[Boolean],
# ignoreSimilarity: Option[Boolean],
# tags: Option[Seq[String]]
# ) extends ActionOperation
# case class AssignCase(owner: String) extends ActionOperation
return operations

def artifacts(self, raw):
artifacts = []
data_type = "ip"
value = "8.8.8.8"
extra_args = {
"tags": ["test"]
}
artifacts.append(self.build_artifact(data_type, value, **extra_args))
return artifacts


if __name__ == "__main__":
TestAnalyzer().run()
2 changes: 1 addition & 1 deletion responders/Test/test.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "test",
"dataTypeList": ["thehive:case", "thehive:alert", "thehive:case_task"],
"dataTypeList": ["thehive:case", "thehive:alert", "thehive:case_artifact", "thehive:case_task", "thehive:case_task_log"],
"command": "Test/test.py",
"baseConfig": "Test",
"configurationItems": [
Expand Down
4 changes: 4 additions & 0 deletions responders/Test/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ def run(self):
Responder.run(self)

def operations(self, raw):
# AddTagToArtifact ({ "type": "AddTagToArtifact", "tag": "tag to add" }): add a tag to the artifact related to the object
# AddTagToCase ({ "type": "AddTagToCase", "tag": "tag to add" }): add a tag to the case related to the object
# MarkAlertAsRead: mark the alert related to the object as read
# AddCustomFields ({"name": "key", "value": "value", "tpe": "type"): add a custom field to the case related to the object
return [self.build_operation("AddTagToCase", tag="test")]


Expand Down
156 changes: 156 additions & 0 deletions thehive-templates/TestAnalyzer_1_0/long.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
<!-- Success -->
<div class="panel panel-success" ng-if="success">
<div class="panel-heading">
TestAnalyzer Report
</div>
<div class="panel-body">
<!-- Display content dataType and data -->
<h3>Content Overview</h3>
<p><strong>Data Type:</strong> {{ content.dataType }}</p>
<p><strong>Data:</strong> {{ content.data }}</p>

<!-- Displaying an array -->
<h4>Array Example</h4>
<ul>
<li ng-repeat="item in content.arrayExample">
{{ item }}
</li>
</ul>

<!-- Displaying a table (object) -->
<h4>Table Example</h4>
<table class="table table-bordered">
<thead>
<tr>
<th>Column A</th>
<th>Column B</th>
<th>Column C</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{ content.tableExample.colA }}</td>
<td>{{ content.tableExample.colB }}</td>
<td>{{ content.tableExample.colC }}</td>
</tr>
</tbody>
</table>

<!-- Tabbed content -->
<h4>Tabbed Content Example</h4>
<ul class="nav nav-tabs">
<li class="active"><a href="#tab1" data-toggle="tab">Tab 1</a></li>
<li><a href="#tab2" data-toggle="tab">Tab 2</a></li>
<li><a href="#tab3" data-toggle="tab">Tab 3</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="tab1">
<p>Placeholder tab 1 content</p>
</div>
<div class="tab-pane" id="tab2">
<p>Placeholder tab 2 content</p>
</div>
<div class="tab-pane" id="tab3">
<p>Placeholder tab 3 content</p>
</div>
</div>

<!-- Collapsible section -->
<h4 class="panel-default">Collapsible Section</h4>
<div class="panel-group" id="accordion">
<div class="panel panel-default">
<div class="panel-heading">
<h5 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#collapseOne">
Show More Details
</a>
</h5>
</div>
<div id="collapseOne" class="panel-collapse collapse">
<div class="panel-body">
<p>Some collapsible details</p>
</div>
</div>
</div>
</div>
</div>
</div>

<!-- Plain HTML Examples -->

<div ng-if="success">
<h4>Plain HTML Examples - No Class - For Testing Only</h4>
</div>

<div ng-if="success">
<h4>Array List Example</h4>
<ul>
<li ng-repeat="item in content.arrayExample">
{{ item }}
</li>
</ul>
</div>

<div ng-if="success">
<h4>Table Example Without Classes</h4>
<table border="1" cellspacing="0" cellpadding="5">
<thead>
<tr>
<th>Header 1</th>
<th>Header 2</th>
<th>Header 3</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{ content.tableExample.colA }}</td>
<td>{{ content.tableExample.colB }}</td>
<td>{{ content.tableExample.colC }}</td>
</tr>
</tbody>
</table>
</div>

<div ng-if="success">
<h4>Tabbed Content Without Classes</h4>
<div>
<!-- Simple buttons to set the active tab -->
<button ng-click="activeTab = 'tab1'">Tab 1</button>
<button ng-click="activeTab = 'tab2'">Tab 2</button>
<button ng-click="activeTab = 'tab3'">Tab 3</button>
</div>
<div>
<div ng-if="activeTab === 'tab1'">
<p>Content for Tab 1</p>
</div>
<div ng-if="activeTab === 'tab2'">
<p>Content for Tab 2</p>
</div>
<div ng-if="activeTab === 'tab3'">
<p>Content for Tab 3</p>
</div>
</div>
</div>

<div ng-if="success">
<h4>Collapsible Section Example</h4>
<button ng-click="collapsed = !collapsed">
{{ collapsed ? 'Show Details' : 'Hide Details' }}
</button>
<div ng-if="!collapsed">
<p>Additional details: some more details</p>
</div>
</div>

<!-- General error -->
<div class="panel panel-danger" ng-if="!success">
<div class="panel-heading">
<strong>{{ (artifact.data || artifact.attachment.name) | fang }}</strong>
</div>
<div class="panel-body">
<dl class="dl-horizontal" ng-if="content.errorMessage">
<dt><i class="fa fa-warning"></i> ANALYZERNAME:</dt>
<dd class="wrap">{{ content.errorMessage }}</dd>
</dl>
</div>
</div>

0 comments on commit 281894c

Please sign in to comment.