Skip to content

Commit

Permalink
Fix configuration items
Browse files Browse the repository at this point in the history
  • Loading branch information
@nadouani
nadouani committed Jan 19, 2018
1 parent 6495339 commit 7ec5fb3
Show file tree
Hide file tree
Showing 7 changed files with 226 additions and 273 deletions.
63 changes: 27 additions & 36 deletions analyzers/Abuse_Finder/Abuse_Finder.json
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,30 @@
{
"name": "Abuse_Finder",
"version": "2.0",
"author": "CERT-BDF",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"baseConfig": "Abuse_Finder",
"description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
"dataTypeList": ["ip", "domain", "url", "mail"],
"command": "Abuse_Finder/abusefinder.py",
"config": {
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "abuse_finder"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "bool",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
"name": "Abuse_Finder",
"version": "2.0",
"author": "CERT-BDF",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"baseConfig": "Abuse_Finder",
"description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
"dataTypeList": ["ip", "domain", "url", "mail"],
"command": "Abuse_Finder/abusefinder.py",
"config": {},
"configurationItems": [
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
}
48 changes: 19 additions & 29 deletions analyzers/Bluecoat/Bluecoat_Categorization.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,33 +11,23 @@
],
"license": "AGPL-V3",
"command": "Bluecoat/categorization.py",
"config": {
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "bluecoat_cat"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "bool",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
}
"config": {},
"configurationItems": [
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
}

101 changes: 51 additions & 50 deletions analyzers/MISP/MISP.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,57 +6,58 @@
"version": "2.0",
"baseConfig": "MISP",
"config": {
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "misp"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "bool",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
},
{
"name": "url",
"description": "URL of MISP servers",
"type": "string",
"multi": true,
"required": true,
"defaultValue": [ "Server1", "Server2"]
},
{
"name": "key",
"description": "API key for each server",
"type": "string",
"multi": true,
"required": true,
"defaultValue": [ "API key for Server1", "API key for Server2"]
},
{
"name": "cert_path",
"description": "Verify server certificate or path to the CA on the system",
"type": "string",
"multi": true,
"required": false,
"defaultValue": [ True, True]
}
]
"service": "misp"
},
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": false,
"defaultValue": "misp"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
},
{
"name": "url",
"description": "URL of MISP servers",
"type": "string",
"multi": true,
"required": true,
"defaultValue": [ "Server1", "Server2"]
},
{
"name": "key",
"description": "API key for each server",
"type": "string",
"multi": true,
"required": true,
"defaultValue": [ "API key for Server1", "API key for Server2"]
},
{
"name": "cert_path",
"description": "Verify server certificate or path to the CA on the system",
"type": "boolean",
"multi": true,
"required": false,
"defaultValue": [ true, true]
}
],
"description": "Query multiple MISP instances for events containing an observable.",
"dataTypeList": ["domain", "ip", "url", "fqdn", "uri_path","user-agent", "hash", "email", "mail", "mail_subject" , "registry", "regexp", "other", "filename"],
"command": "MISP/misp.py"
Expand Down
65 changes: 29 additions & 36 deletions analyzers/Robtex/Robtex_IP_Query.json
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,32 @@
{
"name": "Robtex_IP_Query",
"version": "1.0",
"author": "Nils Kuhnert",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Check IPs using the Robtex IP API",
"dataTypeList": ["ip"],
"baseConfig": "Robtex",
"command": "Robtex/robtex.py",
"config": {
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": true,
"defaultValue": "ipquery"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "bool",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
"name": "Robtex_IP_Query",
"version": "1.0",
"author": "Nils Kuhnert",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Check IPs using the Robtex IP API",
"dataTypeList": ["ip"],
"baseConfig": "Robtex",
"command": "Robtex/robtex.py",
"config": {
"service": "ipquery"
},
"configurationItems": [
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
}
66 changes: 29 additions & 37 deletions analyzers/Robtex/Robtex_Reverse_PDNS_Query.json
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,32 @@
{
"name": "Robtex_Reverse_PDNS_Query",
"version": "1.0",
"author": "Nils Kuhnert",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Check IPs using the Robtex reverse passive dns API",
"dataTypeList": ["ip"],
"baseConfig": "Robtex",
"command": "Robtex/robtex.py",
"config": {
"configurationItems": [
{
"name": "service",
"description": "Service Name",
"type": "string",
"multi": false,
"required": true,
"defaultValue": "rpdnsquery"
},
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "bool",
"multi": false,
"required": true,
"defaultValue": false
},
{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
"name": "Robtex_Reverse_PDNS_Query",
"version": "1.0",
"author": "Nils Kuhnert",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Check IPs using the Robtex reverse passive dns API",
"dataTypeList": ["ip"],
"baseConfig": "Robtex",
"command": "Robtex/robtex.py",
"config": {
"service": "rpdnsquery"
},
"configurationItems": [
{
"name": "check_tlp",
"description": "Define if the analyzer should check TLP of data before running",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": false
},

{
"name": "max_tlp",
"description": "Define the maximum TLP level autorized",
"type": "number",
"multi": false,
"required": true,
"defaultValue": 3
}
]
}
Loading

0 comments on commit 7ec5fb3

Please sign in to comment.