#214 add risk Score and Risk Evidence Score serivces

TheHive-Project · Jun 8, 2018 · 5f4fa3d · 5f4fa3d
1 parent a31de57
commit 5f4fa3d
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/analyzers/DomainTools/DomainTools_RiskEvidenceScore.json b/analyzers/DomainTools/DomainTools_RiskEvidenceScore.json
@@ -0,0 +1,30 @@
+{
+    "name": "DomainTools_RiskEvidenceScore",
+    "version": "2.0",
+    "author": "CERT-BDF",
+    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+    "license": "AGPL-V3",
+    "description": "Use DomainTools to get a list of domain names sharing the same IP address.",
+    "dataTypeList": ["domain"],
+    "command": "DomainTools/domaintools_analyzer.py",
+    "baseConfig": "DomainTools",
+    "config": {
+        "service": "risk_evidence_score"
+    },
+    "configurationItems": [
+    {
+      "name": "username",
+      "description": "DomainTools API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "DomainTools API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/DomainTools/DomainTools_RiskScore.json b/analyzers/DomainTools/DomainTools_RiskScore.json
@@ -0,0 +1,30 @@
+{
+    "name": "DomainTools_RiskScore",
+    "version": "2.0",
+    "author": "CERT-BDF",
+    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+    "license": "AGPL-V3",
+    "description": "Use DomainTools to get a list of domain names sharing the same IP address.",
+    "dataTypeList": ["domain"],
+    "command": "DomainTools/domaintools_analyzer.py",
+    "baseConfig": "DomainTools",
+    "config": {
+        "service": "risk_score"
+    },
+    "configurationItems": [
+    {
+      "name": "username",
+      "description": "DomainTools API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "DomainTools API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/DomainTools/domaintools_analyzer.py b/analyzers/DomainTools/domaintools_analyzer.py
@@ -45,6 +45,12 @@ def domaintools(self, data):
         elif self.service == 'whois/parsed' and self.data_type == 'domain':
             response = api.parsed_whois(data).response()
 
+        elif self.service == 'risk_score' and self.data_type == 'domain':
+            response = api.risk(data).response()
+
+        elif self.service == 'risk_evidence_score' and self.data_type == 'domain':
+            response = api.risk_evidence(data).response()
+
         elif self.service == 'reverse-whois':
             response = api.reverse_whois(data, mode='purchase').response()