Merge branch 'hotfix/1.4.1'

analyzers/FireHOLBlocklists/firehol_blocklists.py

@@ -21,7 +21,7 @@ def __init__(self):
 
         # Get config parameters
         self.path = self.getParam('config.blocklistpath', '/tmp/fireholblocklists')
-        self.ignoredays = self.getParam('config.ignoreolderthandays', 365)
+        self.ignoreolderthandays = self.getParam('config.ignoreolderthandays', 365)
         self.utc = pytz.UTC
         self.now = dt.datetime.now(tz=self.utc)
 
@@ -73,7 +73,7 @@ def _check_ip(self, ip):
                             datestr = re.sub('# Source File Date: ', '', l.rstrip('\n'))
                             date = parse(datestr)
                             file_date[ipsetname] = str(date)
-                            if (date - self.now).days > self.ignoredays:
+                            if (self.now - date).days > self.ignoreolderthandays:
                                 break
                         description[ipsetname] += re.sub(r'^\[.*\] \(.*\) [a-zA-Z0-9.\- ]*$', '', l.lstrip('# '))\
                             .replace('\n\n', '\n')
@@ -96,7 +96,7 @@ def _check_ip(self, ip):
                             datestr = re.sub('# Source File Date: ', '', l.rstrip('\n'))
                             date = parse(datestr)
                             file_date[ipsetname] = str(date)
-                            if (date - self.now).days > self.ignoredays:
+                            if (self.now - date).days > self.ignoreolderthandays:
                                 break
                         description[netsetname] += re.sub(r'^\[.*\] \(.*\) [a-zA-Z0-9.\- ]*$', '', l.lstrip('# '))\
                             .replace('\n\n', '\n')

analyzers/JoeSandbox/joesandbox_analyzer.py

@@ -10,11 +10,15 @@ class JoeSandboxAnalyzer(Analyzer):
 
     def __init__(self):
         Analyzer.__init__(self)
-        self.service = self.getParam('config.service', None, 'JoeSandbox service is missing')
-        self.url = self.getParam('config.url', None, 'JoeSandbox url is missing')
-        self.apikey = self.getParam('config.apikey', None, 'JoeSandbox apikey is missing')
-        self.analysistimeout = self.getParam('config.analysistimeout', 30*60, None)
-        self.networktimeout = self.getParam('config.networktimeout', 30, None)
+        self.service = self.get_param('config.service', None, 'JoeSandbox service is missing')
+        self.url = self.get_param('config.url', None, 'JoeSandbox url is missing')
+        # self.apikey = self.get_param('config.key', None, 'JoeSandbox apikey is missing')
+        if self.get_param('config.key'):
+            self.apikey = self.get_param('config.key')
+        else:
+            self.apikey = self.get_param('config.apikey', None, 'MISP key for API is missing')
+        self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None)
+        self.networktimeout = self.get_param('config.networktimeout', 30, None)
 
     def summary(self, raw):
         result = {
@@ -40,14 +44,14 @@ def run(self):
 
             # file analysis with internet access
             if self.service == 'file_analysis_inet':
-                filepath = self.getParam('file', None, 'File is missing')
+                filepath = self.get_param('file', None, 'File is missing')
                 files['sample'] = open(filepath, 'rb')
                 data['type'] = 'file'
                 data['inet'] = 1
 
             # file analysis without internet access
             elif self.service == 'file_analysis_noinet':
-                filepath = self.getParam('file', None, 'File is missing')
+                filepath = self.get_param('file', None, 'File is missing')
                 files['sample'] = open(filepath, 'rb')
                 data['type'] = 'file'
                 data['inet'] = 0

analyzers/MISP/MISP_Search.json

@@ -1,6 +1,6 @@
 {
     "name": "MISP_Search",
-    "version": "1.0",
+    "version": "1.1",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

analyzers/MISP/misp_analyzer.py

@@ -11,8 +11,10 @@ def __init__(self):
         Analyzer.__init__(self)
         self.service = self.getParam('config.service', None, 'MISP service is missing')
         self.url = self.getParam('config.url', None, 'MISP url is missing')
-        self.api_key = self.getParam('config.api_key', None, 'MISP api_key is missing')
-
+        if self.get_param('config.key'):
+            self.api_key = self.get_param('config.key')
+        else:
+            self.api_key = self.get_param('config.api_key', None, 'MISP key for API is missing')
     def summary(self, raw):
         result = {
             'service': self.service,
@@ -80,7 +82,7 @@ def run(self):
 
                             events.append(event)
 
-                self.report(events)
+                self.report({"events": events})
             else:
                 self.error('Unknown MISP service')
 

thehive-templates/MISP_Search_1_0/long.html → thehive-templates/MISP_Search_1_1/long.html

@@ -3,11 +3,11 @@
         <strong>Detailed Information</strong>
     </div>
     <div class="panel-body">
-        <div ng-if="content.length === 0">
+        <div ng-if="content.events.length === 0">
             No records found
         </div>
-        <div ng-if="content.length > 0">
-            <div ng-repeat="event in content" class="mb-s">
+        <div ng-if="content.events.length > 0">
+            <div ng-repeat="event in content.events" class="mb-s">
                 <h4 class="text-primary">{{event.info || 'Event #'+event.id}}</h4>
                 <dl class="dl-horizontal">
                     <dt>Event ID</dt>