From a7aeefdb11cac9b8207c59810d5ab8cef8a63214 Mon Sep 17 00:00:00 2001
From: nusantara-self <15647296+nusantara-self@users.noreply.github.com>
Date: Mon, 3 Mar 2025 18:53:41 +0800
Subject: [PATCH 1/4] Add TestAnalyzer

---
 analyzers/TestAnalyzer/TestAnalyzer.json | 53 +++++++++++++++
 analyzers/TestAnalyzer/requirements.txt  |  1 +
 analyzers/TestAnalyzer/testing.py        | 86 ++++++++++++++++++++++++
 3 files changed, 140 insertions(+)
 create mode 100644 analyzers/TestAnalyzer/TestAnalyzer.json
 create mode 100644 analyzers/TestAnalyzer/requirements.txt
 create mode 100755 analyzers/TestAnalyzer/testing.py

diff --git a/analyzers/TestAnalyzer/TestAnalyzer.json b/analyzers/TestAnalyzer/TestAnalyzer.json
new file mode 100644
index 000000000..aaebff5c5
--- /dev/null
+++ b/analyzers/TestAnalyzer/TestAnalyzer.json
@@ -0,0 +1,53 @@
+{
+  "name": "TestAnalyzer",
+  "version": "1.0",
+  "author": "Fabien Bloume, StrangeBee",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Just a simple test analyzer! No real-world use-case covered by this one, for testing, reference, dev and any other purpose only!",
+  "dataTypeList": ["ip", "domain", "url", "fqdn", "mail", "hash", "filename", "uri_path", "user-agent", "mail-subject"],
+  "baseConfig": "TestAnalyzer",
+  "command": "TestAnalyzer/testing.py",
+  "config": {
+    "service": "testing"
+  },
+  "configurationItems": [
+    {
+    "name": "some_string",
+    "description": "placeholder string",
+    "type": "string",
+    "multi": false,
+    "required": false,
+    "defaultValue": "some string.."
+  },
+  {
+    "name": "some_list",
+    "description": "placeholder list",
+    "type": "string",
+    "multi": true,
+    "required": false,
+    "defaultValue": ["item1", "item2", "item3"]
+
+  },
+  {
+    "name": "some_number",
+    "description": "placeholder number",
+    "type": "number",
+    "multi": false,
+    "required": false,
+    "defaultValue": 1
+  },
+  {
+    "name": "throw_error",
+    "description": "throw an error!",
+    "type": "boolean",
+    "multi": false,
+    "required": true,
+    "defaultValue": false
+  }
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "serviceHomepage": "None"
+}
diff --git a/analyzers/TestAnalyzer/requirements.txt b/analyzers/TestAnalyzer/requirements.txt
new file mode 100644
index 000000000..37dfee161
--- /dev/null
+++ b/analyzers/TestAnalyzer/requirements.txt
@@ -0,0 +1 @@
+cortexutils
\ No newline at end of file
diff --git a/analyzers/TestAnalyzer/testing.py b/analyzers/TestAnalyzer/testing.py
new file mode 100755
index 000000000..a3de1384a
--- /dev/null
+++ b/analyzers/TestAnalyzer/testing.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+# encoding: utf-8
+
+from cortexutils.analyzer import Analyzer
+
+class TestAnalyzer(Analyzer):
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.some_string = self.get_param(
+            "config.some_string", None, "some_string parameter is missing"
+        )
+        self.some_list = self.get_param(
+            "config.some_list", ["item1", "item2", "item3"], "some_list parameter is missing"
+        )
+        self.some_number = self.get_param(
+            "config.some_number", 1, "some_number parameter is missing"
+        )
+        self.throw_error = self.get_param(
+            "config.throw_error", False, "throw_error parameter is missing"
+        )
+        
+    def run(self):
+        if self.throw_error:
+            error_message = "this is an error string: throw_error boolean is set to True in Cortex"
+            self.error(error_message)
+        data = self.get_data()
+        #data = self.get_param("data", None, "Data is missing")
+        datatype = self.data_type
+
+        result = {"data": data, "dataType": datatype, "arrayExample": ["A", "B", "C"], "tableExample": {"colA": "row A value", "colB": "row B value", "colC": "row C value",}}
+
+        self.report(result)
+        
+    def summary(self, raw):
+        taxonomies = []
+        namespace = "testing"
+        predicate = self.data_type
+        value = "None"
+        
+        # safe, info, suspicious, malicious
+        for level in ["info", "safe", "suspicious", "malicious"]:
+            taxonomies.append(
+                self.build_taxonomy(
+                    level, namespace, predicate, value)
+            )
+        
+        return {"taxonomies": taxonomies}
+
+    def operations(self, raw):
+        operations = []
+        operations.append(self.build_operation('AddTagToArtifact', tag="test"))
+        ## For reference only
+        # case class AddTagToCase(tag: String)                                  extends ActionOperation
+        # case class AddTagToArtifact(tag: String)                              extends ActionOperation
+        # case class CreateTask(title: String, description: String)             extends ActionOperation
+        # case class AddCustomFields(name: String, tpe: String, value: JsValue) extends ActionOperation
+        # case class CloseTask()                                                extends ActionOperation
+        # case class MarkAlertAsRead()                                          extends ActionOperation
+        # case class AddLogToTask(content: String, owner: Option[String])       extends ActionOperation
+        # case class AddTagToAlert(tag: String)                                 extends ActionOperation
+        # case class AddArtifactToCase(
+        #     data: String,
+        #     dataType: String,
+        #     message: String,
+        #     tlp: Option[Int],
+        #     ioc: Option[Boolean],
+        #     sighted: Option[Boolean],
+        #     ignoreSimilarity: Option[Boolean],
+        #     tags: Option[Seq[String]]
+        # )                                    extends ActionOperation
+        # case class AssignCase(owner: String) extends ActionOperation
+        return operations
+
+    def artifacts(self, raw):
+        artifacts = []
+        data_type = "ip"
+        value = "8.8.8.8"
+        extra_args = {
+            "tags": ["test"]
+        }
+        artifacts.append(self.build_artifact(data_type, value, **extra_args))
+        return artifacts
+
+
+if __name__ == "__main__":
+    TestAnalyzer().run()

From ac75ce09f58bc50df94c5a1dc26b5253be7fbaa7 Mon Sep 17 00:00:00 2001
From: nusantara-self <15647296+nusantara-self@users.noreply.github.com>
Date: Mon, 3 Mar 2025 18:53:59 +0800
Subject: [PATCH 2/4] Add TestAnalyzer long report

---
 thehive-templates/TestAnalyzer_1_0/long.html | 156 +++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100644 thehive-templates/TestAnalyzer_1_0/long.html

diff --git a/thehive-templates/TestAnalyzer_1_0/long.html b/thehive-templates/TestAnalyzer_1_0/long.html
new file mode 100644
index 000000000..e58e65c71
--- /dev/null
+++ b/thehive-templates/TestAnalyzer_1_0/long.html
@@ -0,0 +1,156 @@
+<!-- Success -->
+<div class="panel panel-success" ng-if="success">
+    <div class="panel-heading">
+        TestAnalyzer Report
+    </div>
+    <div class="panel-body">
+        <!-- Display content dataType and data -->
+        <h3>Content Overview</h3>
+        <p><strong>Data Type:</strong> {{ content.dataType }}</p>
+        <p><strong>Data:</strong> {{ content.data }}</p>
+        
+        <!-- Displaying an array -->
+        <h4>Array Example</h4>
+        <ul>
+            <li ng-repeat="item in content.arrayExample">
+                {{ item }}
+            </li>
+        </ul>
+        
+        <!-- Displaying a table (object) -->
+        <h4>Table Example</h4>
+        <table class="table table-bordered">
+            <thead>
+                <tr>
+                    <th>Column A</th>
+                    <th>Column B</th>
+                    <th>Column C</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr>
+                    <td>{{ content.tableExample.colA }}</td>
+                    <td>{{ content.tableExample.colB }}</td>
+                    <td>{{ content.tableExample.colC }}</td>
+                </tr>
+            </tbody>
+        </table>
+        
+        <!-- Tabbed content -->
+        <h4>Tabbed Content Example</h4>
+        <ul class="nav nav-tabs">
+            <li class="active"><a href="#tab1" data-toggle="tab">Tab 1</a></li>
+            <li><a href="#tab2" data-toggle="tab">Tab 2</a></li>
+            <li><a href="#tab3" data-toggle="tab">Tab 3</a></li>
+        </ul>
+        <div class="tab-content">
+            <div class="tab-pane active" id="tab1">
+                <p>Placeholder tab 1 content</p>
+            </div>
+            <div class="tab-pane" id="tab2">
+                <p>Placeholder tab 2 content</p>
+            </div>
+            <div class="tab-pane" id="tab3">
+                <p>Placeholder tab 3 content</p>
+            </div>
+        </div>
+        
+        <!-- Collapsible section -->
+        <h4 class="panel-default">Collapsible Section</h4>
+        <div class="panel-group" id="accordion">
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <h5 class="panel-title">
+                        <a data-toggle="collapse" data-parent="#accordion" href="#collapseOne">
+                            Show More Details
+                        </a>
+                    </h5>
+                </div>
+                <div id="collapseOne" class="panel-collapse collapse">
+                    <div class="panel-body">
+                        <p>Some collapsible details</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Plain HTML Examples -->
+
+<div ng-if="success">
+    <h4>Plain HTML Examples - No Class - For Testing Only</h4>
+</div>
+
+<div ng-if="success">
+    <h4>Array List Example</h4>
+    <ul>
+        <li ng-repeat="item in content.arrayExample">
+            {{ item }}
+        </li>
+    </ul>
+</div>
+
+<div ng-if="success">
+    <h4>Table Example Without Classes</h4>
+    <table border="1" cellspacing="0" cellpadding="5">
+        <thead>
+            <tr>
+                <th>Header 1</th>
+                <th>Header 2</th>
+                <th>Header 3</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td>{{ content.tableExample.colA }}</td>
+                <td>{{ content.tableExample.colB }}</td>
+                <td>{{ content.tableExample.colC }}</td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+
+<div ng-if="success">
+    <h4>Tabbed Content Without Classes</h4>
+    <div>
+        <!-- Simple buttons to set the active tab -->
+        <button ng-click="activeTab = 'tab1'">Tab 1</button>
+        <button ng-click="activeTab = 'tab2'">Tab 2</button>
+        <button ng-click="activeTab = 'tab3'">Tab 3</button>
+    </div>
+    <div>
+        <div ng-if="activeTab === 'tab1'">
+            <p>Content for Tab 1</p>
+        </div>
+        <div ng-if="activeTab === 'tab2'">
+            <p>Content for Tab 2</p>
+        </div>
+        <div ng-if="activeTab === 'tab3'">
+            <p>Content for Tab 3</p>
+        </div>
+    </div>
+</div>
+
+<div ng-if="success">
+    <h4>Collapsible Section Example</h4>
+    <button ng-click="collapsed = !collapsed">
+        {{ collapsed ? 'Show Details' : 'Hide Details' }}
+    </button>
+    <div ng-if="!collapsed">
+        <p>Additional details: some more details</p>
+    </div>
+</div>
+
+<!-- General error -->
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{ (artifact.data || artifact.attachment.name) | fang }}</strong>
+    </div>
+    <div class="panel-body">
+        <dl class="dl-horizontal" ng-if="content.errorMessage">
+            <dt><i class="fa fa-warning"></i> ANALYZERNAME:</dt>
+            <dd class="wrap">{{ content.errorMessage }}</dd>
+        </dl>
+    </div>
+</div>

From 7c04220082c42ea2c3aac25972012e1393eb4743 Mon Sep 17 00:00:00 2001
From: nusantara-self <15647296+nusantara-self@users.noreply.github.com>
Date: Mon, 3 Mar 2025 19:09:47 +0800
Subject: [PATCH 3/4] Update test.json

---
 responders/Test/test.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/responders/Test/test.json b/responders/Test/test.json
index 39b3d1402..24c53f040 100644
--- a/responders/Test/test.json
+++ b/responders/Test/test.json
@@ -5,7 +5,7 @@
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "test",
-  "dataTypeList": ["thehive:case", "thehive:alert", "thehive:case_task"],
+  "dataTypeList": ["thehive:case", "thehive:alert", "thehive:case_artifact", "thehive:case_task", "thehive:case_task_log"],
   "command": "Test/test.py",
   "baseConfig": "Test",
   "configurationItems": [

From b4db5ac5b79b5260b9f626f4a08313fb734a4e73 Mon Sep 17 00:00:00 2001
From: nusantara-self <15647296+nusantara-self@users.noreply.github.com>
Date: Mon, 3 Mar 2025 19:12:35 +0800
Subject: [PATCH 4/4] Update test.py

---
 responders/Test/test.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/responders/Test/test.py b/responders/Test/test.py
index 6ff6575a2..d494c5d4f 100755
--- a/responders/Test/test.py
+++ b/responders/Test/test.py
@@ -11,6 +11,10 @@ def run(self):
         Responder.run(self)
 
     def operations(self, raw):
+        # AddTagToArtifact ({ "type": "AddTagToArtifact", "tag": "tag to add" }): add a tag to the artifact related to the object
+        # AddTagToCase ({ "type": "AddTagToCase", "tag": "tag to add" }): add a tag to the case related to the object
+        # MarkAlertAsRead: mark the alert related to the object as read
+        # AddCustomFields ({"name": "key", "value": "value", "tpe": "type"): add a custom field to the case related to the object
         return [self.build_operation("AddTagToCase", tag="test")]