#172 remove check_tlp/max_tlp from configuration

TheHive-Project · Mar 2, 2018 · 3413d6a · 3413d6a
1 parent 0c0ab6c
commit 3413d6a
Show file tree

Hide file tree

Showing 78 changed files with 928 additions and 2,141 deletions.
diff --git a/analyzers/Abuse_Finder/Abuse_Finder.json b/analyzers/Abuse_Finder/Abuse_Finder.json
@@ -6,25 +6,5 @@
   "license": "AGPL-V3",
   "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
   "dataTypeList": ["ip", "domain", "url", "mail"],
-  "command": "Abuse_Finder/abusefinder.py",
-  "baseConfig": "Abuse_Finder",
-  "config": {},
-  "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": false
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 3
-    }
-  ]
+  "command": "Abuse_Finder/abusefinder.py"
 }
diff --git a/analyzers/Bluecoat/Bluecoat_Categorization.json b/analyzers/Bluecoat/Bluecoat_Categorization.json
@@ -10,24 +10,5 @@
     "fqdn"
   ],
   "license": "AGPL-V3",
-  "command": "Bluecoat/categorization.py",
-  "config": {},
-  "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": false
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 3
-    }
-  ]
+  "command": "Bluecoat/categorization.py"
 }
diff --git a/analyzers/C1fApp/C1fApp_osint.json b/analyzers/C1fApp/C1fApp_osint.json
@@ -7,27 +7,7 @@
     "description": "Query C1fApp OSINT Aggregator for IPs, domains and URLs",
     "dataTypeList": ["url", "domain", "ip"],
     "command": "C1fApp/cifquery.py",
-    "baseConfig": "C1fApp",
-    "config": {
-        "service": "query"
-    },
     "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 1
-    },
     {
       "name": "url",
       "description": "URL of C1fApp service",

diff --git a/analyzers/C1fApp/cifquery.py b/analyzers/C1fApp/cifquery.py
@@ -10,8 +10,6 @@ class C1fQueryAnalyzer(Analyzer):
 
     def __init__(self):
         Analyzer.__init__(self)
-        self.service = self.getParam(
-            'config.service', None, 'Service parameter is missing')
         self.cif_key = self.getParam('config.key', None, 'Missing C1fApp API key')
         self.api_url = self.getParam('config.url', None, 'Missing API URL')
 
@@ -114,19 +112,15 @@ def summary(self, raw):
         return {"taxonomies": taxonomies}
 
     def run(self):
+        if self.data_type == 'url' or self.data_type == 'domain' \
+                or self.data_type == 'ip':
+            data = self.getParam('data', None, 'Data is missing')
 
-        if self.service == 'query':
-            if self.data_type == 'url' or self.data_type == 'domain' \
-                    or self.data_type == 'ip':
-                data = self.getParam('data', None, 'Data is missing')
+            rep = self.c1f_query(data)
+            self.report(rep)
 
-                rep = self.c1f_query(data)
-                self.report(rep)
-
-            else:
-                self.error('Invalid data type')
         else:
-            self.error('Invalid service')
+            self.error('Invalid data type')
 
 
 if __name__ == '__main__':

diff --git a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json
@@ -1,38 +1,20 @@
 {
-    "name": "CERTatPassiveDNS",
-    "author": "Nils Kuhnert, CERT-Bund",
-    "license": "AGPL-V3",
-    "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "2.0",
-    "description": "Checks CERT.at Passive DNS for a given domain.",
-    "dataTypeList": ["domain", "fqdn"],
-    "command": "CERTatPassiveDNS/certat_passivedns.py",
-    "baseConfig": "CERTatPassiveDNS",
-    "config": {},
-    "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 3
-    },
+  "name": "CERTatPassiveDNS",
+  "author": "Nils Kuhnert, CERT-Bund",
+  "license": "AGPL-V3",
+  "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
+  "version": "2.0",
+  "description": "Checks CERT.at Passive DNS for a given domain.",
+  "dataTypeList": ["domain", "fqdn"],
+  "command": "CERTatPassiveDNS/certat_passivedns.py",
+  "configurationItems": [
     {
       "name": "limit",
       "description": "Define the maximum number of results per request",
       "type": "number",
       "multi": false,
       "required": true,
       "defaultValue": 100
-    },
+    }
   ]
 }
diff --git a/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json b/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json
@@ -1,31 +1,13 @@
 {
-    "name": "CIRCLPassiveDNS",
-    "author": "Nils Kuhnert, CERT-Bund",
-    "license": "AGPL-V3",
-    "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "2.0",
-    "description": "Check CIRCL's Passive DNS for a given domain or URL.",
-    "dataTypeList": ["domain", "url", "ip"],
-    "command": "CIRCLPassiveDNS/circl_passivedns.py",
-    "baseConfig": "CIRCLPassiveDNS",
-    "config": {},
-    "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 3
-    },
+  "name": "CIRCLPassiveDNS",
+  "author": "Nils Kuhnert, CERT-Bund",
+  "license": "AGPL-V3",
+  "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
+  "version": "2.0",
+  "description": "Check CIRCL's Passive DNS for a given domain or URL.",
+  "dataTypeList": ["domain", "url", "ip"],
+  "command": "CIRCLPassiveDNS/circl_passivedns.py",
+  "configurationItems": [
     {
       "name": "user",
       "description": "Username",

diff --git a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json
@@ -1,31 +1,13 @@
 {
-    "name": "CIRCLPassiveSSL",
-    "author": "Nils Kuhnert, CERT-Bund",
-    "license": "AGPL-V3",
-    "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "2.0",
-    "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.",
-    "dataTypeList": ["ip", "certificate_hash", "hash"],
-    "command": "CIRCLPassiveSSL/circl_passivessl.py",
-    "baseConfig": "CIRCLPassiveSSL",
-    "config": {},
-    "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 3
-    },
+  "name": "CIRCLPassiveSSL",
+  "author": "Nils Kuhnert, CERT-Bund",
+  "license": "AGPL-V3",
+  "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
+  "version": "2.0",
+  "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.",
+  "dataTypeList": ["ip", "certificate_hash", "hash"],
+  "command": "CIRCLPassiveSSL/circl_passivessl.py",
+  "configurationItems": [
     {
       "name": "user",
       "description": "Username",

diff --git a/analyzers/Censys/Censys.json b/analyzers/Censys/Censys.json
@@ -7,41 +7,22 @@
   "description": "Check IPs, certificate hashes or domains against censys.io.",
   "dataTypeList": ["ip", "hash", "domain"],
   "command": "Censys/censys_analyzer.py",
-  "baseConfig": "Censys",
-  "config": {},
   "configurationItems": [
-  {
-    "name": "check_tlp",
-    "description": "Define if the analyzer should check TLP of data before running",
-    "type": "boolean",
-    "multi": false,
-    "required": true,
-    "defaultValue": false
-  },
-  {
-    "name": "max_tlp",
-    "description": "Define the maximum TLP level autorized",
-    "type": "number",
-    "multi": false,
-    "required": true,
-    "defaultValue": 3
-  },
-  {
-    "name": "uuid",
-    "description": "UID for Censys",
-    "type": "string",
-    "multi": false,
-    "required": true,
-    "defaultValue": "UUID"
-  },
-  {
-    "name": "key",
-    "description": "API key",
-    "type": "string",
-    "multi": false,
-    "required": true,
-    "defaultValue": "API key"
-  }
-]
-
+    {
+      "name": "uuid",
+      "description": "UID for Censys",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "UUID"
+    },
+    {
+      "name": "key",
+      "description": "API key",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "API key"
+    }
+  ]
 }
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
@@ -1,33 +1,14 @@
 {
-    "name": "CuckooSandbox_File_Analysis_Inet",
-    "version": "1.0",
-    "author": "Andrea Garavaglia, LDO-CERT",
-    "url": "https://github.com/garanews/Cortex-Analyzers",
-    "license": "AGPL-V3",
-    "description": "Cuckoo Sandbox file analysis with Internet access.",
-    "dataTypeList": ["file"],
-    "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
-    "baseConfig": "CuckooSandbox",
-    "config": {
-        "service": "file_analysis"
-    },
-    "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 1
-    },
+  "name": "CuckooSandbox_File_Analysis_Inet",
+  "version": "1.0",
+  "author": "Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/garanews/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Cuckoo Sandbox file analysis with Internet access.",
+  "dataTypeList": ["file"],
+  "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
+  "baseConfig": "CuckooSandbox",
+  "configurationItems": [
     {
       "name": "url",
       "description": "URL",

diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
@@ -1,33 +1,14 @@
 {
-    "name": "CuckooSandbox_Url_Analysis",
-    "version": "1.0",
-    "author": "Andrea Garavaglia, LDO-CERT",
-    "url": "https://github.com/garanews/Cortex-Analyzers",
-    "license": "AGPL-V3",
-    "description": "Cuckoo Sandbox URL analysis.",
-    "dataTypeList": ["url"],
-    "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
-    "baseConfig": "CuckooSandbox",
-    "config": {
-        "service": "url_analysis"
-    },
-    "configurationItems": [
-    {
-      "name": "check_tlp",
-      "description": "Define if the analyzer should check TLP of data before running",
-      "type": "boolean",
-      "multi": false,
-      "required": true,
-      "defaultValue": true
-    },
-    {
-      "name": "max_tlp",
-      "description": "Define the maximum TLP level autorized",
-      "type": "number",
-      "multi": false,
-      "required": true,
-      "defaultValue": 1
-    },
+  "name": "CuckooSandbox_Url_Analysis",
+  "version": "1.0",
+  "author": "Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/garanews/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Cuckoo Sandbox URL analysis.",
+  "dataTypeList": ["url"],
+  "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
+  "baseConfig": "CuckooSandbox",
+  "configurationItems": [
     {
       "name": "url",
       "description": "URL",