From 817735750b71698a05877330720f4d3f960384a8 Mon Sep 17 00:00:00 2001 From: To-om Date: Tue, 27 Feb 2018 17:23:55 +0100 Subject: [PATCH] #172 add base configs --- analyzers/Abuse_Finder/Abuse_Finder.json | 1 + analyzers/Bluecoat/Bluecoat_Categorization.json | 1 + analyzers/C1fApp/C1fApp_osint.json | 1 + analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json | 1 + analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json | 1 + analyzers/Censys/Censys.json | 1 + analyzers/File_Info/File_Info.json | 1 + analyzers/FireHOLBlocklists/FireHOLBlocklists.json | 1 + analyzers/Fortiguard/Fortiguard_URLCategory.json | 1 + analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json | 1 + analyzers/MISP/MISP.json | 1 + analyzers/MISPWarningLists/MISPWarningLists.json | 1 + analyzers/Malpedia/Malpedia.json | 1 + analyzers/MaxMind/MaxMind_GeoIP.json | 1 + analyzers/MsgParser/Msg_Parser.json | 1 + analyzers/Nessus/Nessus.json | 1 + analyzers/OTXQuery/OTXQuery.json | 1 + analyzers/PhishTank/PhishTank_CheckURL.json | 1 + analyzers/PhishingInitiative/PhishingInitiative_Lookup.json | 1 + analyzers/Robtex/Robtex_Forward_PDNS_Query.json | 1 + analyzers/Robtex/Robtex_IP_Query.json | 1 + analyzers/Robtex/Robtex_Reverse_PDNS_Query.json | 1 + analyzers/SinkDB/SinkDB.json | 1 + analyzers/TorBlutmagie/TorBlutmagie.json | 1 + analyzers/TorProject/TorProject.json | 1 + analyzers/VMRay/VMRay.json | 1 + analyzers/Virusshare/Virusshare.json | 1 + analyzers/Yara/Yara.json | 1 + analyzers/Yeti/Yeti.json | 1 + 29 files changed, 29 insertions(+) diff --git a/analyzers/Abuse_Finder/Abuse_Finder.json b/analyzers/Abuse_Finder/Abuse_Finder.json index dc18d32de..1c7b1b9d6 100644 --- a/analyzers/Abuse_Finder/Abuse_Finder.json +++ b/analyzers/Abuse_Finder/Abuse_Finder.json @@ -6,5 +6,6 @@ "license": "AGPL-V3", "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.", "dataTypeList": ["ip", "domain", "url", "mail"], + "baseConfig": "Abuse_Finder", "command": "Abuse_Finder/abusefinder.py" } diff --git a/analyzers/Bluecoat/Bluecoat_Categorization.json b/analyzers/Bluecoat/Bluecoat_Categorization.json index ce8a189f0..654c295df 100644 --- a/analyzers/Bluecoat/Bluecoat_Categorization.json +++ b/analyzers/Bluecoat/Bluecoat_Categorization.json @@ -10,5 +10,6 @@ "fqdn" ], "license": "AGPL-V3", + "baseConfig": "Bluecoat", "command": "Bluecoat/categorization.py" } diff --git a/analyzers/C1fApp/C1fApp_osint.json b/analyzers/C1fApp/C1fApp_osint.json index 6642ea659..491cabdd3 100644 --- a/analyzers/C1fApp/C1fApp_osint.json +++ b/analyzers/C1fApp/C1fApp_osint.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Query C1fApp OSINT Aggregator for IPs, domains and URLs", "dataTypeList": ["url", "domain", "ip"], + "baseConfig": "C1fApp", "command": "C1fApp/cifquery.py", "configurationItems": [ { diff --git a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json index 9b7b92e04..46a7779b5 100644 --- a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json +++ b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json @@ -6,6 +6,7 @@ "version": "2.0", "description": "Checks CERT.at Passive DNS for a given domain.", "dataTypeList": ["domain", "fqdn"], + "baseConfig": "CERTatPassiveDNS", "command": "CERTatPassiveDNS/certat_passivedns.py", "configurationItems": [ { diff --git a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json index af7e7e9ec..09043ac24 100644 --- a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json +++ b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json @@ -6,6 +6,7 @@ "version": "2.0", "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.", "dataTypeList": ["ip", "certificate_hash", "hash"], + "baseConfig": "CIRCLPassiveSSL", "command": "CIRCLPassiveSSL/circl_passivessl.py", "configurationItems": [ { diff --git a/analyzers/Censys/Censys.json b/analyzers/Censys/Censys.json index e815505dc..c5ee1b957 100644 --- a/analyzers/Censys/Censys.json +++ b/analyzers/Censys/Censys.json @@ -6,6 +6,7 @@ "version": "1.0", "description": "Check IPs, certificate hashes or domains against censys.io.", "dataTypeList": ["ip", "hash", "domain"], + "baseConfig": "Censys", "command": "Censys/censys_analyzer.py", "configurationItems": [ { diff --git a/analyzers/File_Info/File_Info.json b/analyzers/File_Info/File_Info.json index 1017ef1ef..1591f7131 100644 --- a/analyzers/File_Info/File_Info.json +++ b/analyzers/File_Info/File_Info.json @@ -6,5 +6,6 @@ "license": "AGPL-V3", "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...", "dataTypeList": ["file"], + "baseConfig": "File_Info", "command": "File_Info/fileinfo_analyzer.py" } diff --git a/analyzers/FireHOLBlocklists/FireHOLBlocklists.json b/analyzers/FireHOLBlocklists/FireHOLBlocklists.json index 40a16b66d..b1d561f11 100644 --- a/analyzers/FireHOLBlocklists/FireHOLBlocklists.json +++ b/analyzers/FireHOLBlocklists/FireHOLBlocklists.json @@ -6,6 +6,7 @@ "version": "2.0", "description": "Check IP addresses against the FireHOL blocklists", "dataTypeList": ["ip"], + "baseConfig": "FireHOLBlocklists", "command": "FireHOLBlocklists/firehol_blocklists.py", "configurationItems": [ { diff --git a/analyzers/Fortiguard/Fortiguard_URLCategory.json b/analyzers/Fortiguard/Fortiguard_URLCategory.json index 0f9c3321c..18758b97f 100644 --- a/analyzers/Fortiguard/Fortiguard_URLCategory.json +++ b/analyzers/Fortiguard/Fortiguard_URLCategory.json @@ -6,5 +6,6 @@ "license": "AGPL-V3", "dataTypeList": ["domain", "url"], "description": "Check the Fortiguard category of a URL or a domain.", + "baseConfig": "Fortiguard", "command": "Fortiguard/urlcategory.py" } diff --git a/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json b/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json index 8cf67fe83..1958ff83e 100644 --- a/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json +++ b/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json @@ -6,6 +6,7 @@ "version": "2.0", "description": "Use Google Safebrowing to check URLs and domain names.", "dataTypeList": ["url", "domain"], + "baseConfig": "GoogleSafebrowsing", "command": "GoogleSafebrowsing/safebrowsing_analyzer.py", "configurationItems": [ { diff --git a/analyzers/MISP/MISP.json b/analyzers/MISP/MISP.json index 31bc7333b..1506b4309 100644 --- a/analyzers/MISP/MISP.json +++ b/analyzers/MISP/MISP.json @@ -6,6 +6,7 @@ "version": "2.0", "description": "Query multiple MISP instances for events containing an observable.", "dataTypeList": ["domain", "ip", "url", "fqdn", "uri_path","user-agent", "hash", "email", "mail", "mail_subject" , "registry", "regexp", "other", "filename"], + "baseConfig": "MISP", "command": "MISP/misp.py", "configurationItems": [ { diff --git a/analyzers/MISPWarningLists/MISPWarningLists.json b/analyzers/MISPWarningLists/MISPWarningLists.json index e813c3ff7..211d59534 100644 --- a/analyzers/MISPWarningLists/MISPWarningLists.json +++ b/analyzers/MISPWarningLists/MISPWarningLists.json @@ -6,6 +6,7 @@ "version": "1.0", "description": "Check IoCs/Observables against MISP Warninglists to filter false positives.", "dataTypeList": ["ip", "hash", "domain", "fqdn", "url"], + "baseConfig": "MISPWarningLists", "command": "MISPWarningLists/mispwarninglists.py", "configurationItems": [ { diff --git a/analyzers/Malpedia/Malpedia.json b/analyzers/Malpedia/Malpedia.json index 28ebd177c..97e2c11ce 100644 --- a/analyzers/Malpedia/Malpedia.json +++ b/analyzers/Malpedia/Malpedia.json @@ -6,6 +6,7 @@ "version": "1.0", "description": "Check files against Malpedia YARA rules.", "dataTypeList": ["file"], + "baseConfig": "Malpedia", "command": "Malpedia/malpedia_analyzer.py", "configurationItems": [ { diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json index c7c6f36fb..da1fbc1fb 100644 --- a/analyzers/MaxMind/MaxMind_GeoIP.json +++ b/analyzers/MaxMind/MaxMind_GeoIP.json @@ -6,5 +6,6 @@ "license": "AGPL-V3", "description": "Use MaxMind to geolocate an IP address.", "dataTypeList": ["ip"], + "baseConfig": "MaxMind", "command": "MaxMind/geo.py" } diff --git a/analyzers/MsgParser/Msg_Parser.json b/analyzers/MsgParser/Msg_Parser.json index 8ce364255..2be92e71a 100644 --- a/analyzers/MsgParser/Msg_Parser.json +++ b/analyzers/MsgParser/Msg_Parser.json @@ -6,5 +6,6 @@ "license": "AGPL-V3", "description": "Parse Outlook MSG files and extract the main artifacts.", "dataTypeList": ["file"], + "baseConfig": "MsgParser", "command": "MsgParser/parse.py" } diff --git a/analyzers/Nessus/Nessus.json b/analyzers/Nessus/Nessus.json index d089006bc..7de20593b 100644 --- a/analyzers/Nessus/Nessus.json +++ b/analyzers/Nessus/Nessus.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Use Nessus Professional to scan hosts.", "dataTypeList": ["ip", "fqdn"], + "baseConfig": "Nessus", "command": "Nessus/nessus.py", "configurationItems": [ { diff --git a/analyzers/OTXQuery/OTXQuery.json b/analyzers/OTXQuery/OTXQuery.json index 61472029f..72360bd71 100644 --- a/analyzers/OTXQuery/OTXQuery.json +++ b/analyzers/OTXQuery/OTXQuery.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Query AlienVault OTX for IPs, domains, URLs, or file hashes.", "dataTypeList": ["url", "domain", "file", "hash", "ip"], + "baseConfig": "OTXQuery", "command": "OTXQuery/otxquery.py", "configurationItems": [ { diff --git a/analyzers/PhishTank/PhishTank_CheckURL.json b/analyzers/PhishTank/PhishTank_CheckURL.json index 13e9cfea1..f9714865f 100644 --- a/analyzers/PhishTank/PhishTank_CheckURL.json +++ b/analyzers/PhishTank/PhishTank_CheckURL.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Use PhishTank to check if a URL is a verified phishing site.", "dataTypeList": ["url"], + "baseConfig": "PhishTank", "command": "PhishTank/phishtank_checkurl.py", "configurationItems": [ { diff --git a/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json b/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json index 7511bc541..97646faab 100644 --- a/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json +++ b/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Use Phishing Initiative to check if a URL is a verified phishing site.", "dataTypeList": ["url"], + "baseConfig": "PhishingInitiative", "command": "PhishingInitiative/phishinginitiative_lookup.py", "configurationItems": [ { diff --git a/analyzers/Robtex/Robtex_Forward_PDNS_Query.json b/analyzers/Robtex/Robtex_Forward_PDNS_Query.json index aca9a6b02..dfc50aae8 100644 --- a/analyzers/Robtex/Robtex_Forward_PDNS_Query.json +++ b/analyzers/Robtex/Robtex_Forward_PDNS_Query.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Check domains/fqdns using the Robtex passive dns API", "dataTypeList": ["domain", "fqdn"], + "baseConfig": "Robtex", "command": "Robtex/robtex.py", "config": { "service": "fpdnsquery" diff --git a/analyzers/Robtex/Robtex_IP_Query.json b/analyzers/Robtex/Robtex_IP_Query.json index 8e3617460..cb73b91c0 100644 --- a/analyzers/Robtex/Robtex_IP_Query.json +++ b/analyzers/Robtex/Robtex_IP_Query.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Check IPs using the Robtex IP API", "dataTypeList": ["ip"], + "baseConfig": "Robtex", "command": "Robtex/robtex.py", "config": { "service": "ipquery" diff --git a/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json b/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json index 1025984f1..252a77812 100644 --- a/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json +++ b/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json @@ -6,6 +6,7 @@ "license": "AGPL-V3", "description": "Check IPs using the Robtex reverse passive dns API", "dataTypeList": ["ip"], + "baseConfig": "Robtex", "command": "Robtex/robtex.py", "config": { "service": "rpdnsquery" diff --git a/analyzers/SinkDB/SinkDB.json b/analyzers/SinkDB/SinkDB.json index f2ae9ee66..1f547007e 100644 --- a/analyzers/SinkDB/SinkDB.json +++ b/analyzers/SinkDB/SinkDB.json @@ -7,6 +7,7 @@ "description": "Check if ip is sinkholed via sinkdb.abuse.ch", "dataTypeList": ["ip"], "command": "SinkDB/sinkdb.py", + "baseConfig": "SinkDB", "configurationItems": [ { "name": "key", diff --git a/analyzers/TorBlutmagie/TorBlutmagie.json b/analyzers/TorBlutmagie/TorBlutmagie.json index 10edc9694..3a9c3a145 100644 --- a/analyzers/TorBlutmagie/TorBlutmagie.json +++ b/analyzers/TorBlutmagie/TorBlutmagie.json @@ -7,6 +7,7 @@ "description": "Query http://torstatus.blutmagie.de/query_export.php/Tor_query_EXPORT.csv for TOR exit nodes IP addresses or names.", "dataTypeList": ["ip", "domain", "fqdn"], "command": "TorBlutmagie/tor_blutmagie_analyzer.py", + "baseConfig": "TorBlutmagie", "configurationItems": [ { "name": "cache.duration", diff --git a/analyzers/TorProject/TorProject.json b/analyzers/TorProject/TorProject.json index 1ce7aa327..4ea989757 100644 --- a/analyzers/TorProject/TorProject.json +++ b/analyzers/TorProject/TorProject.json @@ -7,6 +7,7 @@ "description": "Query https://check.torproject.org/exit-addresses for TOR exit nodes IP addresses.", "dataTypeList": ["ip"], "command": "TorProject/tor_project_analyzer.py", + "baseConfig": "TorProject", "configurationItems": [ { "name": "ttl", diff --git a/analyzers/VMRay/VMRay.json b/analyzers/VMRay/VMRay.json index 4eca81e42..1d6098fdb 100644 --- a/analyzers/VMRay/VMRay.json +++ b/analyzers/VMRay/VMRay.json @@ -7,6 +7,7 @@ "description": "VMRay Sandbox file analysis.", "dataTypeList": ["hash", "file"], "command": "VMRay/vmray.py", + "baseConfig": "VMRay", "configurationItems": [ { "name": "url", diff --git a/analyzers/Virusshare/Virusshare.json b/analyzers/Virusshare/Virusshare.json index 89cfdfbe3..123d7d368 100644 --- a/analyzers/Virusshare/Virusshare.json +++ b/analyzers/Virusshare/Virusshare.json @@ -7,6 +7,7 @@ "description": "Search for MD5 hashes in Virusshare.com hash list", "dataTypeList": ["hash", "file"], "command": "Virusshare/virusshare.py", + "baseConfig": "Virusshare", "configurationItems": [ { "name": "path", diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json index 8e2c3b3cb..975fac17d 100644 --- a/analyzers/Yara/Yara.json +++ b/analyzers/Yara/Yara.json @@ -7,6 +7,7 @@ "description": "Check files against YARA rules.", "dataTypeList": ["file"], "command": "Yara/yara_analyzer.py", + "baseConfig": "Yara", "configurationItems": [ { "name": "rules", diff --git a/analyzers/Yeti/Yeti.json b/analyzers/Yeti/Yeti.json index d510a6147..42abdeec7 100644 --- a/analyzers/Yeti/Yeti.json +++ b/analyzers/Yeti/Yeti.json @@ -7,6 +7,7 @@ "description": "Fetch observable details from a YETI instance.", "dataTypeList": ["domain", "fqdn", "ip", "url", "hash"], "command": "Yeti/yeti.py", + "baseConfig": "Yeti", "configurationItems": [ { "name": "url",