Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/dadokkio/Cortex-Analyzers
Browse files Browse the repository at this point in the history 
…into dadokkio-master
  • Loading branch information
@jeromeleonard
jeromeleonard committed Nov 3, 2017
2 parents 5aef17a + db7f8ce commit 7aff6ca
Show file tree
Hide file tree
Showing 3 changed files with 498 additions and 2 deletions.
4 changes: 2 additions & 2 deletions analyzers/EmergingThreats/emergingthreats_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def summary(self, raw):
namespace = "ET"
predicate = self.service

if predicate in ['domain-info', 'ip-info'] and raw['reputation'] != "-":
if predicate in ['domain-info', 'ip-info'] and raw['reputation'] not in ["-", "Error"]:
for x in raw["reputation"]:
value = "%s=%d" % (x['category'], x['score'])
if x['category'] in RED_CATEGORIES and x['score'] >= 70:
Expand All @@ -50,7 +50,7 @@ def summary(self, raw):
else:
level = "safe"
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
elif predicate == 'malware-info' and raw['events'] != "-":
elif predicate == 'malware-info' and raw['events'] not in ["-", "Error"]:
value = str(len(raw['events'])) + " signatures"
taxonomies.append(self.build_taxonomy("malicious", namespace, predicate, value))

Expand Down
248 changes: 248 additions & 0 deletions thehive-templates/DomainTools_WhoisLookup_2_0/EmergingThreats_DomainInfo_1_0/long.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,248 @@
<link rel="stylesheet" href="https://unpkg.com/[email protected]/dist/leaflet.css"/>
<script src="https://unpkg.com/[email protected]/dist/leaflet.js"></script>
<style>
#mapid { width: 800px;height: 600px; }
</style>


<div class="report-EmergingThreats" ng-if="success">

<div class="panel panel-info" ng-if="content.reputation != '-' && content.reputation != 'Error'">
<div class="panel-heading">
<strong>Reputation</strong>
</div>
<div class="panel-body">
<dl class="dl-horizontal" ng-repeat="reputation in content.reputation track by $index">
<dt>{{ reputation.category }}</dt>
<dd class="wrap">{{ reputation.score }}</dd>
</dl>
</div>
</div>

<div class="panel panel-info" ng-if="content.events != '-' && content.events != 'Error'">
<div class="panel-heading">
<strong>Events</strong>
</div>
<div class="panel-body">
<table class="table table-hover">
<tr>
<th>Count</th>
<th>Date</th>
<th>Domain</th>
<th>Sid</th>
<th>Signature</th>
<th>Source</th>
</tr>
<tr ng-repeat="events in content.events track by $index">
<td>{{ events.count }}</td>
<td>{{ events.date }}</td>
<td>{{ events.domain }}</td>
<td>{{ events.sid }}</td>
<td>{{ events.signature }}</td>
<td>{{ events.source }}</td>
</tr>
</table>
</div>
</div>

<div class="panel panel-info" ng-if="content.geoloc != '-' && content.geoloc != 'Error'">
<div class="panel-heading">
<strong>Geoloc</strong>
</div>

<div class="panel-body">
<div ng-repeat="geo in content.geoloc track by $index">
<dl class="dl-horizontal">
<dt>City</dt>
<dd class="wrap">{{ geo.city }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>country</dt>
<dd class="wrap">{{ geo.country }} [{{ geo.country_code }}]</dd>
</dl>
<dl class="dl-horizontal">
<dt>IP</dt>
<dd class="wrap">{{ geo.ip }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Coordinates<dt>
<dd class="wrap"><span class="geo_lat">{{ geo.latitude }}</span> / <span class="geo_lon">{{ geo.longitude }}</span></dd>
</dl>
</div>

<div id="mapid"></div>

<script>

$(document).ready(function(){
setTimeout(function(){

var lat = $(".geo_lat").map(function(){return parseInt($(this).text());}).get();
var lon = $(".geo_lon").map(function(){return parseInt($(this).text());}).get();
var mymap = L.map('mapid').setView([0, 0], 3);
L.tileLayer('https://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
maxZoom: 18,
id: 'mapbox.streets'
}).addTo(mymap);

$.each( lon, function( index, value ){
L.marker([lat[index] , lon[index]]).addTo(mymap);
});

var mark_list = $.map( lon, function( index, value ){
return L.marker([lat[index] , lon[index]]);
});

var group = new L.featureGroup(mark_list);
mymap.fitBounds(group.getBounds(),{maxZoom: 3});

}, 3000);
});


</script>
</div>
</div>
</div>

<div class="panel panel-info" ng-if="content.ips && content.ips != '-' && content.ips != 'Error'">
<div class="panel-heading">
<strong>IPs</strong>
</div>
<div class="panel-body">
<table class="table table-hover">
<tr>
<th>First seen</th>
<th>IP</th>
<th>Last seen</th>
</tr>
<tr ng-repeat="ip in content.ips track by $index">
<td>{{ ip.first_seen }}</td>
<td>{{ ip.ip }}</td>
<td>{{ ip.last_seen }}</td>
</tr>
</table>
</div>
</div>

<div class="panel panel-info" ng-if="content.domains && content.domains != '-' && content.domains != 'Error'">
<div class="panel-heading">
<strong>Domains</strong>
</div>
<div class="panel-body">
<table class="table table-hover">
<tr>
<th>First seen</th>
<th>Name</th>
<th>Last seen</th>
</tr>
<tr ng-repeat="domain in content.domains track by $index">
<td>{{ domain.first_seen }}</td>
<td>{{ domain.domain }}</td>
<td>{{ domain.last_seen }}</td>
</tr>
</table>
</div>
</div>

<div class="panel panel-info" ng-if="content.samples != '-' && content.samples != 'Error'">
<div class="panel-heading">
<strong>Samples</strong>
</div>
<div class="panel-body">
<table class="table table-hover">
<tr>
<th>First seen</th>
<th>Last seen</th>
<th>Source</th>
</tr>
<tr ng-repeat="sample in content.samples track by $index">
<td>{{ sample.first_seen }}</td>
<td>{{ sample.last_seen }}</td>
<td>{{ sample.source }}</td>
</tr>
</table>
</div>
</div>

<div class="panel panel-info" ng-if="content.nameservers && content.nameservers != '-' && content.nameservers != 'Error'">
<div class="panel-heading">
<strong>Nameservers</strong>
</div>
<div class="panel-body">
<table class="table table-hover">
<tr>
<th>First seen</th>
<th>Last seen</th>
<th>Server</th>
</tr>
<tr ng-repeat="nameserver in content.nameservers track by $index">
<td>{{ nameserver.first_seen }}</td>
<td>{{ nameserver.last_seen }}</td>
<td>{{ nameserver.server }}</td>
</tr>
</table>
</div>
</div>

<div class="panel panel-info" ng-if="content.reputation != '-' && content.reputation != 'Error'">
<div class="panel-heading">
<strong>Urls</strong>
</div>
<div class="panel-body">
<dl class="dl-horizontal" ng-repeat="url in content.urls track by $index">
<dd class="wrap">{{ url }}</dd>
</dl>
</div>
</div>

<div class="panel panel-info" ng-if="content.whois && content.whois != '-' && content.whois != 'Error'">
<div class="panel-heading">
<strong>Whois</strong>
</div>
<div class="panel-body">
<h4>Domain</h4>
<dl class="dl-horizontal">
<dd class="wrap">{{ content.whois.domain }}</dd>
</dl>
<h4>Registrant</h4>
<dl class="dl-horizontal">
<dt>Created</dt>
<dd class="wrap">{{ content.whois.registrant.created }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Expires</dt>
<dd class="wrap">{{ content.whois.registrant.expires }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Updated</dt>
<dd class="wrap">{{ content.whois.registrant.updated }}</dd>
</dl>
<h4>Registrar</h4>
<dl class="dl-horizontal">
<dt>Country</dt>
<dd class="wrap">{{ content.whois.registrar.country }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Name</dt>
<dd class="wrap">{{ content.whois.registrar.name }}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Website</dt>
<dd class="wrap">{{ content.whois.registrar.website }}</dd>
</dl>
</div>
</div>

</div>


<!-- General error -->
<div class="panel panel-danger" ng-if="!success">
<div class="panel-heading">
<strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
</div>
<div class="panel-body">
{{content.errorMessage}}
</div>
</div>
Loading

0 comments on commit 7aff6ca

Please sign in to comment.