#56 Yara summary() and short reports + bump version

TheHive-Project · Jun 20, 2017 · 2b8f0eb · 2b8f0eb
1 parent 7bc29d1
commit 2b8f0eb
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 4 deletions.
diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json
@@ -3,7 +3,7 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "Yara",
     "config": {},
     "description": "Check files against YARA rules",

diff --git a/analyzers/Yara/yara_analyzer.py b/analyzers/Yara/yara_analyzer.py
@@ -45,6 +45,17 @@ def check(self, file):
         return result
 
     def summary(self, raw):
+
+        taxonomy = {"level": "info", "namespace": "Yara", "predicate": "Match", "value": 0}
+        taxonomies = []
+        taxonomy["value"] = "\"{} rules\"".format(len(raw["results"]))
+        if len(raw["results"]) == 0:
+            taxonomy["level"] = "safe"
+        else:
+            taxonomy["level"] = "malicious"
+
+        taxonomies.append(taxonomy)
+        result = {"taxomonies": taxonomies}
         return {"matches":len(raw["results"])}
 
     def run(self):

diff --git a/thehive-templates/Yara_1_0/short.html b/thehive-templates/Yara_1_0/short.html
diff --git a/thehive-templates/Yara_1_0/long.html → thehive-templates/Yara_2_0/long.html b/thehive-templates/Yara_1_0/long.html → thehive-templates/Yara_2_0/long.html
diff --git a/thehive-templates/Yara_2_0/short.html b/thehive-templates/Yara_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;