#56 VMRay summary() and short reports + bump version

TheHive-Project · Jun 20, 2017 · 7bc29d1 · 7bc29d1
1 parent 4b4e3f5
commit 7bc29d1
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 19 deletions.
diff --git a/analyzers/VMRay/VMRay.json b/analyzers/VMRay/VMRay.json
@@ -3,7 +3,7 @@
     "license": "AGPL-V3", 
     "author": "Nils Kuhnert, CERT-Bund",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "VMRay",
     "config": {
         "cert": false,

diff --git a/analyzers/VMRay/vmray.py b/analyzers/VMRay/vmray.py
@@ -42,18 +42,45 @@ def run(self):
             self.error('Data type currently not supported')
 
     def summary(self, raw):
-        result = {
+
+        taxonomy = {"level": "info", "namespace": "VMRay", "predicate": "Scan", "value": 0}
+        taxonomies = []
+
+        r = {
             'reports': []
         }
 
         if raw.get('scanreport', None) and len(raw.get('scanreport').get('data')) > 0:
             for scan in raw.get('scanreport').get('data'):
-                result['reports'].append({
+                r['reports'].append({
                     'score': scan.get('sample_score'),
                     'sample_severity': scan.get('sample_severity'),
                     'sample_last_reputation_severity': scan.get('sample_last_reputation_severity'),
                     'url': scan.get('sample_webif_url')
                 })
+
+        if len(r["reports"]) == 0:
+            taxonomy["value"] = "No Scan"
+            taxonomy["level"] = "info"
+            taxonomies.append(taxonomy)
+        else:
+            for s in r["reports"]:
+                i = 1
+                if s["sample_severity"] == "not_suspicious":
+                    taxonomy["level"] = "safe"
+                elif s["sample_severity"] == "malicious" :
+                    taxonomy["level"] = "suspicious"
+                else:
+                    taxonomy["level"] = "safe"
+
+                if r["reports"] > 1:
+                    taxonomy["value"] = "\"{}( from scan {})\"".format(s["score"], i)
+                else:
+                    taxonomy["value"] = "{}".format(s["score"])
+                taxonomies.append(taxonomy)
+                i += 1
+
+        result = {"taxonomies": taxonomies}
         return result
 
 if __name__ == '__main__':

diff --git a/thehive-templates/VMRay_1_0/short.html b/thehive-templates/VMRay_1_0/short.html
diff --git a/thehive-templates/VMRay_1_0/long.html → thehive-templates/VMRay_2_0/long.html b/thehive-templates/VMRay_1_0/long.html → thehive-templates/VMRay_2_0/long.html
diff --git a/thehive-templates/VMRay_2_0/short.html b/thehive-templates/VMRay_2_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;