#56 Virusshare() and short reports + bump version

TheHive-Project · Jun 20, 2017 · 355913c · 355913c
1 parent c10ac23
commit 355913c
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 63 deletions.
diff --git a/analyzers/Virusshare/Virusshare.json b/analyzers/Virusshare/Virusshare.json
@@ -3,7 +3,7 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "Virusshare",
     "config": {},
     "description": "Search for MD5 hashes in Virusshare.com hash list",

diff --git a/analyzers/Virusshare/virusshare.py b/analyzers/Virusshare/virusshare.py
@@ -21,7 +21,20 @@ def __init__(self):
         self.filelist = os.listdir(self.path)
 
     def summary(self, raw):
-        return {'isonvs': raw["isonvs"]}
+        taxonomy = {"level": "safe", "namespace": "Virusshare", "predicate": "Search", "value": 0}
+        taxonomies = []
+        if raw["isonvs"]:
+            if raw["isonvs"] == "unknown":
+                taxonomy['value'] = "\"{}\"".format("Not MD5")
+                taxonomy['level'] = "suspicious"
+            else:
+                taxonomy['value'] "\"{}\"".format("Found")
+                taxonomy['level'] = "malicious"
+        else:
+            taxonomy['value'] = "\"{}\"".format("Not found")
+
+        taxonomies.append(taxonomy)
+        return {'taxonomies': taxonomies}
 
     def run(self):
         searchhash = ''

diff --git a/thehive-templates/Virusshare_1_0/long.html b/thehive-templates/Virusshare_1_0/long.html
diff --git a/thehive-templates/Virusshare_1_0/short.html b/thehive-templates/Virusshare_1_0/short.html