#56 VirusTotal() and short reports + bump version

TheHive-Project · Jun 20, 2017 · 4b4e3f5 · 4b4e3f5
1 parent 4a24c01
commit 4b4e3f5
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 13 deletions.
diff --git a/analyzers/VirusTotal/VirusTotal_GetReport.json b/analyzers/VirusTotal/VirusTotal_GetReport.json
@@ -1,6 +1,6 @@
 {
     "name": "VirusTotal_GetReport",
-    "version": "2.0",
+    "version": "3.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/VirusTotal/VirusTotal_Scan.json b/analyzers/VirusTotal/VirusTotal_Scan.json
@@ -1,6 +1,6 @@
 {
     "name": "VirusTotal_Scan",
-    "version": "2.0",
+    "version": "3.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
@@ -64,6 +64,10 @@ def read_scan_response(self, response, func):
             self.error('Scan not found')
 
     def summary(self, raw):
+
+        taxonomy = {"level": "clean", "namespace": "VT", "predicate": "Score", "value": 0}
+        taxonomies = []
+
         result = {
             "has_result": True
         }
@@ -91,6 +95,16 @@ def summary(self, raw):
                 result["detected_downloaded_samples"] = len(
                     raw["detected_downloaded_samples"])
 
+        taxonomy['value'] = "{}/{}".format(result["positives"], result["total"])
+        if result["positives"] == 0:
+            taxonomy["level"] = "safe"
+        elif result["positives"] < 5 :
+            taxonomy["level"] = "suspicious"
+        else:
+            taxonomy["level"] = "malicious"
+
+        taxonomies.append(taxonomy)
+        result = {"taxonomies": taxonomies}
         return result
 
     def run(self):

diff --git a/thehive-templates/VirusTotal_GetReport_2_0/short.html b/thehive-templates/VirusTotal_GetReport_2_0/short.html
diff --git a/...plates/VirusTotal_GetReport_2_0/long.html → ...plates/VirusTotal_GetReport_3_0/long.html b/...plates/VirusTotal_GetReport_2_0/long.html → ...plates/VirusTotal_GetReport_3_0/long.html
diff --git a/thehive-templates/VirusTotal_GetReport_3_0/short.html b/thehive-templates/VirusTotal_GetReport_3_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/VirusTotal_Scan_2_0/short.html b/thehive-templates/VirusTotal_Scan_2_0/short.html
diff --git a/...e-templates/VirusTotal_Scan_2_0/long.html → ...e-templates/VirusTotal_Scan_3_0/long.html b/...e-templates/VirusTotal_Scan_2_0/long.html → ...e-templates/VirusTotal_Scan_3_0/long.html
diff --git a/thehive-templates/VirusTotal_Scan_3_0/short.html b/thehive-templates/VirusTotal_Scan_3_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;