diff --git a/analyzers/Fortiguard/urlcategory.py b/analyzers/Fortiguard/urlcategory.py
index 14fb38be8..2512666d8 100755
--- a/analyzers/Fortiguard/urlcategory.py
+++ b/analyzers/Fortiguard/urlcategory.py
@@ -15,7 +15,11 @@ def summary(self, raw):
if 'category' in raw:
r = raw.get('category')
- taxonomy["value"] = r
+ taxonomy["value"] = "\"{}\"".format(r)
+ if r == "Malicious Websites":
+ taxonomy['level'] = "malicious"
+ if r == "Suspicious Websites":
+ taxonomy['level'] = 'suspicious'
taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}
diff --git a/analyzers/MISP/misp.py b/analyzers/MISP/misp.py
index 007da2c81..e00049380 100755
--- a/analyzers/MISP/misp.py
+++ b/analyzers/MISP/misp.py
@@ -21,7 +21,7 @@ def summary(self, raw):
for r in raw['results']:
for res in r['result']:
if 'uuid' in res:
- data.append(res['uuis'])
+ data.append(res['uuid'])
# return number of unique events
if data == []:
@@ -29,6 +29,7 @@ def summary(self, raw):
taxonomies.append(taxonomy)
else:
taxonomy["value"] = "\"{} event(s)\"".format(len(list(set(data))))
+ taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}
return result
diff --git a/analyzers/OTXQuery/otxquery.py b/analyzers/OTXQuery/otxquery.py
index f98f43fc4..5e6919a57 100755
--- a/analyzers/OTXQuery/otxquery.py
+++ b/analyzers/OTXQuery/otxquery.py
@@ -156,7 +156,7 @@ def OTX_Query_URL(self, data):
def summary(self, raw):
taxonomy = {"level": "info", "namespace": "OTX", "predicate": "Pulses", "value": 0}
taxonomies = []
- taxonomy["value"] = raw["pulse_count"]
+ taxonomy["value"] = "\"{}\"".format(raw["pulse_count"])
taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}
diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
index 48cc341eb..44e4648d8 100755
--- a/analyzers/VirusTotal/virustotal.py
+++ b/analyzers/VirusTotal/virustotal.py
@@ -65,7 +65,7 @@ def read_scan_response(self, response, func):
def summary(self, raw):
- taxonomy = {"level": "clean", "namespace": "VT", "predicate": "Score", "value": 0}
+ taxonomy = {"level": "info", "namespace": "VT", "predicate": "Score", "value": 0}
taxonomies = []
result = {
@@ -84,24 +84,38 @@ def summary(self, raw):
if self.service == "get":
if("scans" in raw):
result["scans"] = len(raw["scans"])
+ taxonomy['value'] = "{}/{}".format(result["positives"], result["total"])
+ if result["positives"] == 0:
+ taxonomy["level"] = "safe"
+ elif result["positives"] < 5:
+ taxonomy["level"] = "suspicious"
+ else:
+ taxonomy["level"] = "malicious"
if("resolutions" in raw):
result["resolutions"] = len(raw["resolutions"])
-
+ taxonomy['value'] = "{} resolution(s)".format(result["resolutions"])
+ if result["resolutions"] == 0:
+ taxonomy["level"] = "safe"
+ elif result["resolutions"] < 5:
+ taxonomy["level"] = "suspicious"
+ else:
+ taxonomy["level"] = "malicious"
if("detected_urls" in raw):
result["detected_urls"] = len(raw["detected_urls"])
+ taxonomy['value'] = "{} detected_url(s)".format(result["detected_urls"])
+ if result["detected_urls"] == 0:
+ taxonomy["level"] = "safe"
+ elif result["detected_urls"] < 5:
+ taxonomy["level"] = "suspicious"
+ else:
+ taxonomy["level"] = "malicious"
if("detected_downloaded_samples" in raw):
result["detected_downloaded_samples"] = len(
raw["detected_downloaded_samples"])
- taxonomy['value'] = "{}/{}".format(result["positives"], result["total"])
- if result["positives"] == 0:
- taxonomy["level"] = "safe"
- elif result["positives"] < 5 :
- taxonomy["level"] = "suspicious"
- else:
- taxonomy["level"] = "malicious"
+
taxonomies.append(taxonomy)
result = {"taxonomies": taxonomies}
diff --git a/thehive-templates/CERTatPassiveDNS_2_0/short.html b/thehive-templates/CERTatPassiveDNS_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/CERTatPassiveDNS_2_0/short.html
+++ b/thehive-templates/CERTatPassiveDNS_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/CIRCLPassiveDNS_2_0/short.html b/thehive-templates/CIRCLPassiveDNS_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/CIRCLPassiveDNS_2_0/short.html
+++ b/thehive-templates/CIRCLPassiveDNS_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/CIRCLPassiveSSL_2_0/short.html b/thehive-templates/CIRCLPassiveSSL_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/CIRCLPassiveSSL_2_0/short.html
+++ b/thehive-templates/CIRCLPassiveSSL_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DNSDB_DomainName_2_0/short.html b/thehive-templates/DNSDB_DomainName_2_0/short.html
index e5c6fb5fd..563ca58f3 100644
--- a/thehive-templates/DNSDB_DomainName_2_0/short.html
+++ b/thehive-templates/DNSDB_DomainName_2_0/short.html
@@ -1,3 +1,3 @@
-
+
{{t.namespace}}:{{t.predicate}}={{t.value}}
diff --git a/thehive-templates/DNSDB_IPHistory_2_0/short.html b/thehive-templates/DNSDB_IPHistory_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DNSDB_IPHistory_2_0/short.html
+++ b/thehive-templates/DNSDB_IPHistory_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DNSDB_NameHistory_2_0/short.html b/thehive-templates/DNSDB_NameHistory_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DNSDB_NameHistory_2_0/short.html
+++ b/thehive-templates/DNSDB_NameHistory_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_ReverseIP_2_0/short.html b/thehive-templates/DomainTools_ReverseIP_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_ReverseIP_2_0/short.html
+++ b/thehive-templates/DomainTools_ReverseIP_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_ReverseNameServer_2_0/short.html b/thehive-templates/DomainTools_ReverseNameServer_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_ReverseNameServer_2_0/short.html
+++ b/thehive-templates/DomainTools_ReverseNameServer_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_ReverseWhois_2_0/short.html b/thehive-templates/DomainTools_ReverseWhois_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_ReverseWhois_2_0/short.html
+++ b/thehive-templates/DomainTools_ReverseWhois_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_WhoisHistory_2_0/short.html b/thehive-templates/DomainTools_WhoisHistory_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_WhoisHistory_2_0/short.html
+++ b/thehive-templates/DomainTools_WhoisHistory_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_WhoisLookup_2_0/short.html b/thehive-templates/DomainTools_WhoisLookup_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_WhoisLookup_2_0/short.html
+++ b/thehive-templates/DomainTools_WhoisLookup_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/DomainTools_WhoisLookup_IP_2_0/short.html b/thehive-templates/DomainTools_WhoisLookup_IP_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/DomainTools_WhoisLookup_IP_2_0/short.html
+++ b/thehive-templates/DomainTools_WhoisLookup_IP_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/File_Info_2_0/short.html b/thehive-templates/File_Info_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/File_Info_2_0/short.html
+++ b/thehive-templates/File_Info_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/FireHOLBlocklists_2_0/short.html b/thehive-templates/FireHOLBlocklists_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/FireHOLBlocklists_2_0/short.html
+++ b/thehive-templates/FireHOLBlocklists_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Fortiguard_URLCategory_2_0/short.html b/thehive-templates/Fortiguard_URLCategory_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Fortiguard_URLCategory_2_0/short.html
+++ b/thehive-templates/Fortiguard_URLCategory_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/GoogleSafebrowsing_2_0/short.html b/thehive-templates/GoogleSafebrowsing_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/GoogleSafebrowsing_2_0/short.html
+++ b/thehive-templates/GoogleSafebrowsing_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/HippoMore_2_0/short.html b/thehive-templates/HippoMore_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/HippoMore_2_0/short.html
+++ b/thehive-templates/HippoMore_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Hipposcore_2_0/short.html b/thehive-templates/Hipposcore_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Hipposcore_2_0/short.html
+++ b/thehive-templates/Hipposcore_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/JoeSandbox_File_Analysis_Inet_2_0/short.html b/thehive-templates/JoeSandbox_File_Analysis_Inet_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/JoeSandbox_File_Analysis_Inet_2_0/short.html
+++ b/thehive-templates/JoeSandbox_File_Analysis_Inet_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/JoeSandbox_File_Analysis_Noinet_2_0/short.html b/thehive-templates/JoeSandbox_File_Analysis_Noinet_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/JoeSandbox_File_Analysis_Noinet_2_0/short.html
+++ b/thehive-templates/JoeSandbox_File_Analysis_Noinet_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/JoeSandbox_Url_Analysis_2_0/short.html b/thehive-templates/JoeSandbox_Url_Analysis_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/JoeSandbox_Url_Analysis_2_0/short.html
+++ b/thehive-templates/JoeSandbox_Url_Analysis_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/MISP_2_0/short.html b/thehive-templates/MISP_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/MISP_2_0/short.html
+++ b/thehive-templates/MISP_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/MaxMind_GeoIP_3_0/short.html b/thehive-templates/MaxMind_GeoIP_3_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/MaxMind_GeoIP_3_0/short.html
+++ b/thehive-templates/MaxMind_GeoIP_3_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Msg_Parser_2_0/short.html b/thehive-templates/Msg_Parser_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Msg_Parser_2_0/short.html
+++ b/thehive-templates/Msg_Parser_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Nessus_1_0/short.html b/thehive-templates/Nessus_1_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Nessus_1_0/short.html
+++ b/thehive-templates/Nessus_1_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/OTXQuery_2_0/short.html b/thehive-templates/OTXQuery_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/OTXQuery_2_0/short.html
+++ b/thehive-templates/OTXQuery_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Malware_2_0/short.html b/thehive-templates/PassiveTotal_Malware_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Malware_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Malware_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Osint_2_0/short.html b/thehive-templates/PassiveTotal_Osint_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Osint_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Osint_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html b/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Passive_Dns_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Ssl_Certificate_Details_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html b/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Ssl_Certificate_History_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html b/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Unique_Resolutions_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html b/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html
+++ b/thehive-templates/PassiveTotal_Whois_Details_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PhishTank_CheckURL_2_0/short.html b/thehive-templates/PhishTank_CheckURL_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PhishTank_CheckURL_2_0/short.html
+++ b/thehive-templates/PhishTank_CheckURL_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/PhishingInitiative_Lookup_2_0/short.html b/thehive-templates/PhishingInitiative_Lookup_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/PhishingInitiative_Lookup_2_0/short.html
+++ b/thehive-templates/PhishingInitiative_Lookup_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/VMRay_2_0/short.html b/thehive-templates/VMRay_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/VMRay_2_0/short.html
+++ b/thehive-templates/VMRay_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/VirusTotal_GetReport_3_0/short.html b/thehive-templates/VirusTotal_GetReport_3_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/VirusTotal_GetReport_3_0/short.html
+++ b/thehive-templates/VirusTotal_GetReport_3_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/VirusTotal_Scan_3_0/short.html b/thehive-templates/VirusTotal_Scan_3_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/VirusTotal_Scan_3_0/short.html
+++ b/thehive-templates/VirusTotal_Scan_3_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Virusshare_2_0/short.html b/thehive-templates/Virusshare_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Virusshare_2_0/short.html
+++ b/thehive-templates/Virusshare_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+
diff --git a/thehive-templates/Yara_2_0/short.html b/thehive-templates/Yara_2_0/short.html
index 563ca58f3..57f9d29cf 100644
--- a/thehive-templates/Yara_2_0/short.html
+++ b/thehive-templates/Yara_2_0/short.html
@@ -1,3 +1,3 @@
{{t.namespace}}:{{t.predicate}}={{t.value}}
-
+