#56 PhinshingInitiative() and short reports + bump version

analyzers/PhishingInitiative/PhishingInitiative_Lookup.json

@@ -1,6 +1,6 @@
 {
     "name": "PhishingInitiative_Lookup",
-    "version": "1.0",
+    "version": "2.0",
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",

analyzers/PhishingInitiative/phishinginitiative_lookup.py

@@ -12,9 +12,15 @@ def __init__(self):
                                     'Missing PhishingInitiative API key')
 
     def summary(self,raw):
-        return {
-            "status": raw["tag_label"]
-        }
+        taxonomy = {"level": "safe", "namespace": "PhishingInitiative", "predicate": "Status", "value": "Clean"}
+        taxonomies = []
+
+        if raw["tag_label"] == "phishing":
+            taxonomy['level'] = "malicious"
+            taxonomy['value'] = raw["tag_label"]
+        taxonomies.append(taxonomy)
+        result = {"taxonomies": taxonomies}
+        return result
 
     def run(self):
         Analyzer.run(self)

thehive-templates/PhishingInitiative_Lookup_2_0/short.html

@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;