From 2b8f0eb81873aed64a60832cb00037ad43eeab47 Mon Sep 17 00:00:00 2001
From: Jerome Leonard <jerome@upbeat.fr>
Date: Tue, 20 Jun 2017 19:26:45 +0200
Subject: [PATCH] #56 Yara summary() and short reports  + bump version

---
 analyzers/Yara/Yara.json                           |  2 +-
 analyzers/Yara/yara_analyzer.py                    | 11 +++++++++++
 thehive-templates/Yara_1_0/short.html              |  3 ---
 thehive-templates/{Yara_1_0 => Yara_2_0}/long.html |  0
 thehive-templates/Yara_2_0/short.html              |  3 +++
 5 files changed, 15 insertions(+), 4 deletions(-)
 delete mode 100644 thehive-templates/Yara_1_0/short.html
 rename thehive-templates/{Yara_1_0 => Yara_2_0}/long.html (100%)
 create mode 100644 thehive-templates/Yara_2_0/short.html

diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json
index 73e90a5b0..8c6531ace 100644
--- a/analyzers/Yara/Yara.json
+++ b/analyzers/Yara/Yara.json
@@ -3,7 +3,7 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "Yara",
     "config": {},
     "description": "Check files against YARA rules",
diff --git a/analyzers/Yara/yara_analyzer.py b/analyzers/Yara/yara_analyzer.py
index 13a759855..5c9ca68f3 100755
--- a/analyzers/Yara/yara_analyzer.py
+++ b/analyzers/Yara/yara_analyzer.py
@@ -45,6 +45,17 @@ def check(self, file):
         return result
 
     def summary(self, raw):
+
+        taxonomy = {"level": "info", "namespace": "Yara", "predicate": "Match", "value": 0}
+        taxonomies = []
+        taxonomy["value"] = "\"{} rules\"".format(len(raw["results"]))
+        if len(raw["results"]) == 0:
+            taxonomy["level"] = "safe"
+        else:
+            taxonomy["level"] = "malicious"
+
+        taxonomies.append(taxonomy)
+        result = {"taxomonies": taxonomies}
         return {"matches":len(raw["results"])}
 
     def run(self):
diff --git a/thehive-templates/Yara_1_0/short.html b/thehive-templates/Yara_1_0/short.html
deleted file mode 100644
index 52c2f3090..000000000
--- a/thehive-templates/Yara_1_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<span class="label label-success" ng-if="content.matches == 0 || !content">Yara={{content.matches}} match</span>
-<span class="label label-danger" ng-if="content.matches == 1">Yara={{content.matches}} match</span>
-<span class="label label-danger" ng-if="content.matches > 1">Yara={{content.matches}} matches</span>
diff --git a/thehive-templates/Yara_1_0/long.html b/thehive-templates/Yara_2_0/long.html
similarity index 100%
rename from thehive-templates/Yara_1_0/long.html
rename to thehive-templates/Yara_2_0/long.html
diff --git a/thehive-templates/Yara_2_0/short.html b/thehive-templates/Yara_2_0/short.html
new file mode 100644
index 000000000..563ca58f3
--- /dev/null
+++ b/thehive-templates/Yara_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;