#56 PassiveTotal summary() and short reports + bump version

TheHive-Project · Jun 18, 2017 · 6a2d0dc · 6a2d0dc
1 parent 381c581
commit 6a2d0dc
Show file tree

Hide file tree

Showing 31 changed files with 53 additions and 51 deletions.
diff --git a/analyzers/PassiveTotal/PassiveTotal_Enrichment.json b/analyzers/PassiveTotal/PassiveTotal_Enrichment.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Enrichment",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Malware.json b/analyzers/PassiveTotal/PassiveTotal_Malware.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Malware",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Osint.json b/analyzers/PassiveTotal/PassiveTotal_Osint.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Osint",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json b/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Passive_Dns",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Ssl_Certificate_Details",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Ssl_Certificate_History",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json b/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Unique_Resolutions",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json b/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json
@@ -1,6 +1,6 @@
 {
     "name": "PassiveTotal_Whois_Details",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

diff --git a/analyzers/PassiveTotal/passivetotal_analyzer.py b/analyzers/PassiveTotal/passivetotal_analyzer.py
@@ -55,35 +55,52 @@ def summary(self, raw):
                 result['total'] = raw['totalRecords']
 
             if result['total'] < 2:
+                taxonomy["value"] = "\"{} record\"".format(result['total'])
+            else:
+                taxonomy["value"] = "\"{} records\"".format(result['total'])
+            taxonomies.append(taxonomy)
+
 
-        # ssl certificate details service
+                # ssl certificate details service
         elif self.service == 'ssl_certificate_details':
+            taxonomy["predicate"] = "SSL"
             if 'sha1' in raw:
                 result['ssl'] = True
-
+            else:
+                result['ssl'] = False
+            taxonomy["value"] = "\"{}\"".format(result['ssl'])
+            taxonomies.append(taxonomy)
 
         # ssl certificate history service
         elif self.service == 'ssl_certificate_history':
+            taxonomy["predicate"] = "SSLCertHistory"
             if 'results' in raw and raw['results']:
                 result['ssl'] = True
                 result['total'] = len(raw['results'])
-
+                taxonomy["value"] = "\"{} record(s)\"".format(result['total'])
+                taxonomies.append(taxonomy)
         # unique resolutions service
         elif self.service == 'unique_resolutions':
+            taxonomy['predicate'] = "UniqueResolution"
             if 'total' in raw:
                 result['total'] = raw['total']
-
+                taxonomy['value'] = "\"{} record(s)\"".format(result['total'])
+                taxonomies.append(taxonomy)
         # whois details service
         elif self.service == 'whois_details':
+            taxonomy['predicate'] = "Whois"
             if 'registrant' in raw and 'organization' in raw['registrant'] and raw['registrant']['organization']:
                 result['registrant'] = raw['registrant']['organization']
+                taxonomy['value'] = "\"REGISTRANT: {}\"".format(result['registrant'])
+                taxonomies.append(taxonomy)
             elif 'registrant' in raw and 'name' in raw['registrant'] and raw['registrant']['name']:
                 result['registrant'] = raw['registrant']['name']
-
+                taxonomy['value'] = "\"REGISTRANT: {}\"".format(result['registrant'])
+                taxonomies.append(taxonomy)
             if 'registrar' in raw and raw['registrar']:
                 result['registrar'] = raw['registrar']
-
-
+                taxonomy['value'] = "\"REGISTRAR: {}\"".format(result['registrar'])
+                taxonomies.append(taxonomy)
 
         result.update({"taxonomies":taxonomies})
         return result

diff --git a/...tes/PassiveTotal_Enrichment_1_0/long.html → ...tes/PassiveTotal_Enrichment_2_0/long.html b/...tes/PassiveTotal_Enrichment_1_0/long.html → ...tes/PassiveTotal_Enrichment_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Malware_1_0/short.html b/thehive-templates/PassiveTotal_Malware_1_0/short.html
diff --git a/...plates/PassiveTotal_Malware_1_0/long.html → ...plates/PassiveTotal_Malware_2_0/long.html b/...plates/PassiveTotal_Malware_1_0/long.html → ...plates/PassiveTotal_Malware_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Malware_2_0/short.html b/thehive-templates/PassiveTotal_Malware_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Osint_1_0/short.html b/thehive-templates/PassiveTotal_Osint_1_0/short.html
diff --git a/...emplates/PassiveTotal_Osint_1_0/long.html → ...emplates/PassiveTotal_Osint_2_0/long.html b/...emplates/PassiveTotal_Osint_1_0/long.html → ...emplates/PassiveTotal_Osint_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Osint_2_0/short.html b/thehive-templates/PassiveTotal_Osint_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Passive_Dns_1_0/short.html b/thehive-templates/PassiveTotal_Passive_Dns_1_0/short.html
diff --git a/...es/PassiveTotal_Passive_Dns_1_0/long.html → ...es/PassiveTotal_Passive_Dns_2_0/long.html b/...es/PassiveTotal_Passive_Dns_1_0/long.html → ...es/PassiveTotal_Passive_Dns_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html b/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_Details_1_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_Details_1_0/short.html
diff --git a/...tal_Ssl_Certificate_Details_1_0/long.html → ...tal_Ssl_Certificate_Details_2_0/long.html b/...tal_Ssl_Certificate_Details_1_0/long.html → ...tal_Ssl_Certificate_Details_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_History_1_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_History_1_0/short.html
diff --git a/...tal_Ssl_Certificate_History_1_0/long.html → ...tal_Ssl_Certificate_History_2_0/long.html b/...tal_Ssl_Certificate_History_1_0/long.html → ...tal_Ssl_Certificate_History_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Unique_Resolutions_1_0/short.html b/thehive-templates/PassiveTotal_Unique_Resolutions_1_0/short.html
diff --git a/...iveTotal_Unique_Resolutions_1_0/long.html → ...iveTotal_Unique_Resolutions_2_0/long.html b/...iveTotal_Unique_Resolutions_1_0/long.html → ...iveTotal_Unique_Resolutions_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html b/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/PassiveTotal_Whois_Details_1_0/short.html b/thehive-templates/PassiveTotal_Whois_Details_1_0/short.html
diff --git a/.../PassiveTotal_Whois_Details_1_0/long.html → .../PassiveTotal_Whois_Details_2_0/long.html b/.../PassiveTotal_Whois_Details_1_0/long.html → .../PassiveTotal_Whois_Details_2_0/long.html
diff --git a/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html b/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;