Merge pull request #868 from LaZyDK/patch-1

Add fqdn to Umbrella analyzer

analyzers/Umbrella/Umbrella.py

@@ -45,8 +45,17 @@ def summary(self, raw):
 
 
     def run(self):
+        # Map The Hive observable types to Umbrella observable types
+        observable_mapping = {
+            "domain": "domain",
+            "fqdn": "domain", 
+        }
+
         if self.service == 'get':
-            if self.data_type == 'domain':
+            dataType = self.get_param("dataType")
+
+            # Validate the supplied observable type is supported
+            if dataType in observable_mapping.keys():
                 data = self.get_param('data', None, 'Data is missing')
                 r = self.umbrella_runreport(data)
                 self.report(r)

analyzers/Umbrella/Umbrella_Report.json

@@ -5,7 +5,7 @@
   "url": "https://github.com/arnydo/thehive/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "Query the Umbrella Reporting API for recent DNS queries and their status.",
-  "dataTypeList": ["domain"],
+  "dataTypeList": ["domain", "fqdn"],
   "command": "Umbrella/Umbrella.py",
   "baseConfig": "Umbrella",
   "config": {