diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json
index 73e90a5b0..8c6531ace 100644
--- a/analyzers/Yara/Yara.json
+++ b/analyzers/Yara/Yara.json
@@ -3,7 +3,7 @@
"author": "Nils Kuhnert, CERT-Bund",
"license": "AGPL-V3",
"url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
- "version": "1.0",
+ "version": "2.0",
"baseConfig": "Yara",
"config": {},
"description": "Check files against YARA rules",
diff --git a/analyzers/Yara/yara_analyzer.py b/analyzers/Yara/yara_analyzer.py
index 13a759855..5c9ca68f3 100755
--- a/analyzers/Yara/yara_analyzer.py
+++ b/analyzers/Yara/yara_analyzer.py
@@ -45,6 +45,17 @@ def check(self, file):
return result
def summary(self, raw):
+
+ taxonomy = {"level": "info", "namespace": "Yara", "predicate": "Match", "value": 0}
+ taxonomies = []
+ taxonomy["value"] = "\"{} rules\"".format(len(raw["results"]))
+ if len(raw["results"]) == 0:
+ taxonomy["level"] = "safe"
+ else:
+ taxonomy["level"] = "malicious"
+
+ taxonomies.append(taxonomy)
+ result = {"taxomonies": taxonomies}
return {"matches":len(raw["results"])}
def run(self):
diff --git a/thehive-templates/Yara_1_0/short.html b/thehive-templates/Yara_1_0/short.html
deleted file mode 100644
index 52c2f3090..000000000
--- a/thehive-templates/Yara_1_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-Yara={{content.matches}} match
-Yara={{content.matches}} match
-Yara={{content.matches}} matches
diff --git a/thehive-templates/Yara_1_0/long.html b/thehive-templates/Yara_2_0/long.html
similarity index 100%
rename from thehive-templates/Yara_1_0/long.html
rename to thehive-templates/Yara_2_0/long.html
diff --git a/thehive-templates/Yara_2_0/short.html b/thehive-templates/Yara_2_0/short.html
new file mode 100644
index 000000000..563ca58f3
--- /dev/null
+++ b/thehive-templates/Yara_2_0/short.html
@@ -0,0 +1,3 @@
+
+ {{t.namespace}}:{{t.predicate}}={{t.value}}
+