From 00ef8497e163390a34bc00a24902e38ed59c711c Mon Sep 17 00:00:00 2001
From: siisar <49953844+siisar@users.noreply.github.com>
Date: Fri, 26 Apr 2019 14:29:24 +0200
Subject: [PATCH 01/19] query_limit: error if no data provided

query_limit gets error if no data provided. The default value 20 must be the second parameter, not the third (currently the default is None, and the str(None) is cracking)
---
 analyzers/Umbrella/Umbrella.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/analyzers/Umbrella/Umbrella.py b/analyzers/Umbrella/Umbrella.py
index 8294b94af..b0b7c10e1 100644
--- a/analyzers/Umbrella/Umbrella.py
+++ b/analyzers/Umbrella/Umbrella.py
@@ -11,7 +11,7 @@ def __init__(self):
         self.api_key = self.get_param('config.api_key', None, 'api_key is missing')
         self.api_secret = self.get_param('config.api_secret', None, 'api_secret is missing')
         self.organization_id = self.get_param('config.organization_id', None, 'organization_id is missing')
-        self.query_limit = str(self.get_param('config.query_limit', None, 20))
+        self.query_limit = str(self.get_param('config.query_limit', 20))
 
     def umbrella_runreport(self, destination):
         base_url = "https://reports.api.umbrella.com/v1/organizations"

From f1bc2f4c649dcf30d78ea6266610a3452590e798 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Wed, 29 May 2019 12:25:52 +0200
Subject: [PATCH 02/19] fix when hash not found

fix when hash not found
---
 analyzers/URLhaus/URLhaus_analyzer.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/analyzers/URLhaus/URLhaus_analyzer.py b/analyzers/URLhaus/URLhaus_analyzer.py
index e39e380c8..ce8d1ad04 100755
--- a/analyzers/URLhaus/URLhaus_analyzer.py
+++ b/analyzers/URLhaus/URLhaus_analyzer.py
@@ -34,7 +34,8 @@ def summary(self, raw):
         taxonomies = []
         namespace = "URLhaus"
 
-        if raw['query_status'] == 'no_results':
+        if raw['query_status'] == 'no_results' \
+        or raw['query_status'] == 'ok' and raw['md5_hash'] == None and raw['sha256_hash'] == None:
             taxonomies.append(self.build_taxonomy(
                 'info',
                 namespace,

From 20ad33c0712744c47efc2d97d740971c1c5457b6 Mon Sep 17 00:00:00 2001
From: srilumpa <marcandre.doll@gmail.com>
Date: Tue, 4 Jun 2019 12:36:14 +0200
Subject: [PATCH 03/19] Fix category parsing forom Fortiguard URLCategory

---
 analyzers/Fortiguard/urlcategory.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/analyzers/Fortiguard/urlcategory.py b/analyzers/Fortiguard/urlcategory.py
index 10b51fafc..3f145801e 100755
--- a/analyzers/Fortiguard/urlcategory.py
+++ b/analyzers/Fortiguard/urlcategory.py
@@ -35,7 +35,7 @@ def run(self):
 
         if self.data_type == 'domain' or self.data_type == 'url' or self.data_type == 'fqdn':
             try:
-                pattern = re.compile("(?:Category: )([\w\s]+)")
+                pattern = re.compile("(?:Category: )([-\w\s]+)")
                 baseurl = 'https://www.fortiguard.com/webfilter?q='
                 url = baseurl + self.get_data()
                 req = requests.get(url)

From 9a12fb9eef1a167ac67480f7f2a3c90eb957e86d Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Mon, 8 Jul 2019 10:32:37 +0200
Subject: [PATCH 04/19] added Metadefender analyzer

added Metadefender analyzer

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
---
 .../MetaDefenderCloud_GetReport.json          |  30 ++++
 .../MetaDefenderCloud_Reputation.json         |  30 ++++
 .../MetaDefender/MetaDefenderCloud_Scan.json  |  38 +++++
 .../MetaDefenderCore_GetReport.json           |  30 ++++
 .../MetaDefender/MetaDefenderCore_Scan.json   |  38 +++++
 analyzers/MetaDefender/metadefender_lookup.py | 151 ++++++++++++++++++
 analyzers/MetaDefender/requirements.txt       |   3 +
 .../MetaDefenderCloud_GetReport_1_0/long.html | 113 +++++++++++++
 .../short.html                                |   3 +
 .../long.html                                 |  59 +++++++
 .../short.html                                |   3 +
 .../MetaDefenderCloud_Scan_1_0/long.html      | 113 +++++++++++++
 .../MetaDefenderCloud_Scan_1_0/short.html     |   3 +
 .../MetaDefenderCore_GetReport_1_0/long.html  | 113 +++++++++++++
 .../MetaDefenderCore_GetReport_1_0/short.html |   3 +
 .../MetaDefenderCore_Scan_1_0/long.html       | 113 +++++++++++++
 .../MetaDefenderCore_Scan_1_0/short.html      |   3 +
 17 files changed, 846 insertions(+)
 create mode 100644 analyzers/MetaDefender/MetaDefenderCloud_GetReport.json
 create mode 100644 analyzers/MetaDefender/MetaDefenderCloud_Reputation.json
 create mode 100644 analyzers/MetaDefender/MetaDefenderCloud_Scan.json
 create mode 100644 analyzers/MetaDefender/MetaDefenderCore_GetReport.json
 create mode 100644 analyzers/MetaDefender/MetaDefenderCore_Scan.json
 create mode 100644 analyzers/MetaDefender/metadefender_lookup.py
 create mode 100644 analyzers/MetaDefender/requirements.txt
 create mode 100644 thehive-templates/MetaDefenderCloud_GetReport_1_0/long.html
 create mode 100644 thehive-templates/MetaDefenderCloud_GetReport_1_0/short.html
 create mode 100644 thehive-templates/MetaDefenderCloud_Reputation_1_0/long.html
 create mode 100644 thehive-templates/MetaDefenderCloud_Reputation_1_0/short.html
 create mode 100644 thehive-templates/MetaDefenderCloud_Scan_1_0/long.html
 create mode 100644 thehive-templates/MetaDefenderCloud_Scan_1_0/short.html
 create mode 100644 thehive-templates/MetaDefenderCore_GetReport_1_0/long.html
 create mode 100644 thehive-templates/MetaDefenderCore_GetReport_1_0/short.html
 create mode 100644 thehive-templates/MetaDefenderCore_Scan_1_0/long.html
 create mode 100644 thehive-templates/MetaDefenderCore_Scan_1_0/short.html

diff --git a/analyzers/MetaDefender/MetaDefenderCloud_GetReport.json b/analyzers/MetaDefender/MetaDefenderCloud_GetReport.json
new file mode 100644
index 000000000..12371c12a
--- /dev/null
+++ b/analyzers/MetaDefender/MetaDefenderCloud_GetReport.json
@@ -0,0 +1,30 @@
+{
+  "name": "MetaDefenderCloud_GetReport",
+  "version": "1.0",
+  "author": "Davide Arcuri and Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Get the latest MetaDefender Cloud report for hash.",
+  "dataTypeList": ["hash"],
+  "command": "MetaDefender/metadefender_lookup.py",
+  "baseConfig": "MetaDefender",
+  "config": {
+    "service": "query_cloud"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API key for MetaDefender",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "url",
+      "description": "url address for MetaDefender server",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/MetaDefender/MetaDefenderCloud_Reputation.json b/analyzers/MetaDefender/MetaDefenderCloud_Reputation.json
new file mode 100644
index 000000000..c17a3c871
--- /dev/null
+++ b/analyzers/MetaDefender/MetaDefenderCloud_Reputation.json
@@ -0,0 +1,30 @@
+{
+  "name": "MetaDefenderCloud_Reputation",
+  "version": "1.0",
+  "author": "Davide Arcuri and Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Get the latest MetaDefender Cloud reputation report .",
+  "dataTypeList": ["ip", "url", "domain"],
+  "command": "MetaDefender/metadefender_lookup.py",
+  "baseConfig": "MetaDefender",
+  "config": {
+    "service": "reputation_cloud"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API key for MetaDefender",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "url",
+      "description": "url address for MetaDefender server",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/MetaDefender/MetaDefenderCloud_Scan.json b/analyzers/MetaDefender/MetaDefenderCloud_Scan.json
new file mode 100644
index 000000000..5e23be028
--- /dev/null
+++ b/analyzers/MetaDefender/MetaDefenderCloud_Scan.json
@@ -0,0 +1,38 @@
+{
+  "name": "MetaDefenderCloud_Scan",
+  "version": "1.0",
+  "author": "Davide Arcuri and Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Scan a file with MetaDefender Cloud",
+  "dataTypeList": ["file"],
+  "command": "MetaDefender/metadefender_lookup.py",
+  "baseConfig": "MetaDefender",
+  "config": {
+    "service": "scan_cloud"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API key for MetaDefender",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "url",
+      "description": "url address for MetaDefender server",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "polling",
+      "description": "Define time interval between two requests attempts for the report",
+      "type": "number",
+      "multi": false,
+      "required": false,
+      "defaultValue": 10
+    }
+  ]
+}
diff --git a/analyzers/MetaDefender/MetaDefenderCore_GetReport.json b/analyzers/MetaDefender/MetaDefenderCore_GetReport.json
new file mode 100644
index 000000000..0b8f55304
--- /dev/null
+++ b/analyzers/MetaDefender/MetaDefenderCore_GetReport.json
@@ -0,0 +1,30 @@
+{
+  "name": "MetaDefenderCore_GetReport",
+  "version": "1.0",
+  "author": "Davide Arcuri and Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Get the latest MetaDefender Core report for hash.",
+  "dataTypeList": ["hash"],
+  "command": "MetaDefender/metadefender_lookup.py",
+  "baseConfig": "MetaDefender",
+  "config": {
+    "service": "query_core"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API key for MetaDefender",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "url",
+      "description": "url address for MetaDefender server",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/MetaDefender/MetaDefenderCore_Scan.json b/analyzers/MetaDefender/MetaDefenderCore_Scan.json
new file mode 100644
index 000000000..71aef69be
--- /dev/null
+++ b/analyzers/MetaDefender/MetaDefenderCore_Scan.json
@@ -0,0 +1,38 @@
+{
+  "name": "MetaDefenderCore_Scan",
+  "version": "1.0",
+  "author": "Davide Arcuri and Andrea Garavaglia, LDO-CERT",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Scan a file with MetaDefender Core",
+  "dataTypeList": ["file"],
+  "command": "MetaDefender/metadefender_lookup.py",
+  "baseConfig": "MetaDefender",
+  "config": {
+    "service": "scan_core"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API key for MetaDefender",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "url",
+      "description": "url address for MetaDefender server",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "polling",
+      "description": "Define time interval between two requests attempts for the report",
+      "type": "number",
+      "multi": false,
+      "required": false,
+      "defaultValue": 10
+    }
+  ]
+}
diff --git a/analyzers/MetaDefender/metadefender_lookup.py b/analyzers/MetaDefender/metadefender_lookup.py
new file mode 100644
index 000000000..c26d2095f
--- /dev/null
+++ b/analyzers/MetaDefender/metadefender_lookup.py
@@ -0,0 +1,151 @@
+#!/usr/bin/env python3
+# encoding: utf-8
+import os
+import json
+import requests
+from time import sleep
+from cortexutils.analyzer import Analyzer
+import urllib.parse
+
+
+class APIRequestHandler(object):
+    def __init__(self, api_url, apikey, polling, proxies):
+        self.URL = api_url
+        if self.URL:
+            self.URL = self.URL.rstrip("/")
+        self.apikey = apikey
+        self.polling = polling
+        self.proxies = proxies
+
+    def check_file(self, filename, filepath):
+        if os.path.exists(filepath):
+            data = open(filepath, "rb")
+            r = requests.post(
+                "%s/file" % self.URL,
+                headers={
+                    "apikey": self.apikey,
+                    "filename": filename,
+                    "content-type": "application/octet-stream",
+                },
+                data=data,
+                proxies=self.proxies,
+            )
+            if r.status_code == 200:
+                data_id = json.loads(r.text).get("data_id", None)
+            else:
+                return {}
+            percentage = 0
+            while percentage != 100:
+                if percentage == -1:
+                    return {}
+                sleep(self.polling)
+                r = requests.get(
+                    "%s/file/%s" % (self.URL, data_id),
+                    headers={"apikey": self.apikey},
+                    proxies=self.proxies,
+                )
+                if r.status_code == 200:
+                    percentage = (
+                        json.loads(r.text)
+                        .get("scan_results", {})
+                        .get("progress_percentage", -1)
+                    )
+            return json.loads(r.text)
+        else:
+            return {}
+
+    def check_hash(self, hash):
+        r = requests.get(
+            "%s/hash/%s" % (self.URL, hash),
+            headers={"apikey": self.apikey},
+            proxies=self.proxies,
+        )
+        if r.status_code == 200:
+            data = json.loads(r.text)
+            if data.get(hash, None) == "Not Found":
+                return {}
+            return data
+        return {}
+
+    def check_reputation(self, data_type, data):
+        r = requests.get(
+            "%s/%s/%s" % (self.URL, data_type, urllib.parse.quote(data, safe='')),
+            headers={"apikey": self.apikey},
+            proxies=self.proxies,
+        )
+        if r.status_code == 200:
+            data = json.loads(r.text)
+            #if data.get("success", None) == False:
+            #    return {}
+            return data
+        return {}
+
+
+
+class OPSWATMetadefender(Analyzer):
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.service = self.getParam(
+            "config.service", None, "Service parameter is missing"
+        )
+        api_url = self.getParam("config.url", None, "Missing API url")
+        apikey = self.getParam("config.key", None, "Missing API key")
+        polling = self.getParam("config.polling", 10)
+        proxies = self.get_param("config.proxy", None)
+
+        self.request_handler = APIRequestHandler(api_url, apikey, polling, proxies)
+
+    def summary(self, raw):
+        taxonomies = []
+        level = "info"
+        namespace = "OPSWATMetadefender"
+        predicate = "Report"
+        if self.service in ("scan_cloud", "scan_core", "query_cloud", "query_core"):
+            score = raw.get("scan_results", {}).get("scan_all_result_a", "No Info")
+            score_no = raw.get("scan_results", {}).get("scan_all_result_i", 0)
+            if score_no == 1:
+                level = "malicious"
+            elif score_no == 2:
+                level = "suspicious"
+            elif score_no in (3, 4, 6, 7):
+                level = "info"
+            elif score_no in (0, 5):
+                level = "safe"
+        elif self.service == 'reputation_cloud':
+            score_no = raw.get("lookup_results", {}).get("detected_by", 0)
+            score_total = len(raw.get("lookup_results", {}).get("sources", []))
+            if score_no == 0:
+                level = "safe"
+            elif score_no <= 2:
+                level = "suspicious"
+            else:
+                level = "malicious"
+            score = "%d/%d" % (score_no, score_total)
+        taxonomies.append(self.build_taxonomy(level, namespace, predicate, score))
+        return {"taxonomies": taxonomies}
+
+    def run(self):
+        if self.service in ("query_cloud", "query_core"):
+            if self.data_type == "hash":
+                data = self.get_param("data", None, "Data is missing")
+                rep = self.request_handler.check_hash(data)
+                self.report(rep)
+            else:
+                self.error("Invalid data type")
+        elif self.service in ("scan_cloud", "scan_core"):
+            if self.data_type == "file":
+                filename = self.get_param("filename", "noname.ext")
+                filepath = self.get_param("file", None, "File is missing")
+                rep = self.request_handler.check_file(filename, filepath)
+                self.report(rep)
+        elif self.service == 'reputation_cloud':
+            if self.data_type in ("ip", "url", "domain"):
+                data = self.get_param("data", None, "Data is missing")
+                rep = self.request_handler.check_reputation(self.data_type, data)
+                self.report(rep)                
+        else:
+            self.error("Invalid service")
+
+
+if __name__ == "__main__":
+    OPSWATMetadefender().run()
diff --git a/analyzers/MetaDefender/requirements.txt b/analyzers/MetaDefender/requirements.txt
new file mode 100644
index 000000000..fcab33d3d
--- /dev/null
+++ b/analyzers/MetaDefender/requirements.txt
@@ -0,0 +1,3 @@
+cortexutils
+future
+requests
diff --git a/thehive-templates/MetaDefenderCloud_GetReport_1_0/long.html b/thehive-templates/MetaDefenderCloud_GetReport_1_0/long.html
new file mode 100644
index 000000000..da1a62076
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_GetReport_1_0/long.html
@@ -0,0 +1,113 @@
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
+
+<div>
+    
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>Summary</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scan Result</dt>
+                <dd class="wrap">
+                    <span ng-if="[0, 5].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-success">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 1" class="label label-danger">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 2" class="label label-warning">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="[3, 4, 6, 7].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-info">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>                
+                </dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scanning Engines</dt>
+                <dd class="wrap">
+                    <span ng-if="content.scan_results.total_detected_avs">{{content.scan_results.total_detected_avs}}/</span>{{content.scan_results.total_avs}}
+                </dd>
+            </dl>
+        </div>
+    </div>
+
+    <div class="panel panel-info" ng-if="content.file_info">
+        <div class="panel-heading">
+            <strong>File Info</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal">
+                <dt>Uploaded</dt>
+                <dd class="wrap">{{content.file_info.upload_timestamp}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Type</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_type_description}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Size</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_size}}
+                </dd>
+            </dl>    
+            <dl class="dl-horizontal">
+                <dt>sha256</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha256}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>sha1</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha1}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>md5</dt>
+                <dd class="wrap">
+                    {{content.file_info.md5}}
+                </dd>
+            </dl>                                                
+        </div>
+    </div>    
+
+    <div class="panel panel-info" ng-if="content.scan_results.scan_details">
+        <div class="panel-heading">
+            <strong>Multiscanning</strong>
+        </div>
+        <div class="panel-body">
+            <table class="table table-hover">
+                <tr>
+                    <th>Engine</th>
+                    <th>Scan Time</th>
+                    <th>Definition Date</th>
+                    <th>Result</th>
+                </tr>
+                <tr ng-repeat="(k, obj) in content.scan_results.scan_details">
+                    <td>
+                        <span class="label label-success" ng-if="obj.scan_result_i == 0"><span class="glyphicon glyphicon-ok" aria-hidden="true"></span></span>
+                        <span class="label label-danger" ng-if="obj.scan_result_i == 1"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></span>
+                        <span class="label label-warning" ng-if="obj.scan_result_i == 3"><span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span></span>
+                        {{k}}
+                    </td>
+                    <td>{{obj.scan_time}}</td>
+                    <td>{{obj.def_time}}</td>
+                    <td>{{obj.threat_found}}</td>
+                </tr>
+            </table>
+        </div>
+    </div>
+
+</div>
diff --git a/thehive-templates/MetaDefenderCloud_GetReport_1_0/short.html b/thehive-templates/MetaDefenderCloud_GetReport_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_GetReport_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>
diff --git a/thehive-templates/MetaDefenderCloud_Reputation_1_0/long.html b/thehive-templates/MetaDefenderCloud_Reputation_1_0/long.html
new file mode 100644
index 000000000..faffff4d6
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_Reputation_1_0/long.html
@@ -0,0 +1,59 @@
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
+
+<div>
+    
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>Summary</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal" ng-if="content.lookup_results">
+                <dt>Detected by</dt>
+                <dd class="wrap">{{content.lookup_results.detected_by}}</dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.address">
+                <dt>Address</dt>
+                <dd class="wrap">{{content.address}}</dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.geo_info">
+                <dt>Geo Info</dt>
+                <dd class="wrap">{{content.geo_info.country.name}} {{content.geo_info.city.name}} <span ng-if="content.geo_info.continent.name">{{content.geo_info.continent.name}}</span></dd>
+            </dl>            
+        </div>
+    </div>
+ 
+
+    <div class="panel panel-info" ng-if="content.lookup_results.sources">
+        <div class="panel-heading">
+            <strong>Sources</strong>
+        </div>
+        <div class="panel-body">
+            <table class="table table-hover">
+                <tr>
+                    <th>Provider</th>
+                    <th>Detect time</th>
+                    <th>Update time</th>
+                    <th>Assessment</th>
+                </tr>
+                <tr ng-repeat="obj in content.lookup_results.sources">
+                    <td>
+                        <span class="label label-success" ng-if="obj.status == 5"><span class="glyphicon glyphicon-ok" aria-hidden="true"></span></span>
+                        <span class="label label-danger" ng-if="obj.status == 1"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></span>
+                        {{obj.provider}}
+                    </td>
+                    <td>{{obj.detect_time}}</td>
+                    <td>{{obj.update_time}}</td>
+                    <td>{{obj.assessment}}</td>
+                </tr>
+            </table>
+        </div>
+    </div>
+
+</div>
diff --git a/thehive-templates/MetaDefenderCloud_Reputation_1_0/short.html b/thehive-templates/MetaDefenderCloud_Reputation_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_Reputation_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>
diff --git a/thehive-templates/MetaDefenderCloud_Scan_1_0/long.html b/thehive-templates/MetaDefenderCloud_Scan_1_0/long.html
new file mode 100644
index 000000000..da1a62076
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_Scan_1_0/long.html
@@ -0,0 +1,113 @@
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
+
+<div>
+    
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>Summary</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scan Result</dt>
+                <dd class="wrap">
+                    <span ng-if="[0, 5].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-success">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 1" class="label label-danger">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 2" class="label label-warning">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="[3, 4, 6, 7].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-info">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>                
+                </dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scanning Engines</dt>
+                <dd class="wrap">
+                    <span ng-if="content.scan_results.total_detected_avs">{{content.scan_results.total_detected_avs}}/</span>{{content.scan_results.total_avs}}
+                </dd>
+            </dl>
+        </div>
+    </div>
+
+    <div class="panel panel-info" ng-if="content.file_info">
+        <div class="panel-heading">
+            <strong>File Info</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal">
+                <dt>Uploaded</dt>
+                <dd class="wrap">{{content.file_info.upload_timestamp}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Type</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_type_description}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Size</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_size}}
+                </dd>
+            </dl>    
+            <dl class="dl-horizontal">
+                <dt>sha256</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha256}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>sha1</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha1}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>md5</dt>
+                <dd class="wrap">
+                    {{content.file_info.md5}}
+                </dd>
+            </dl>                                                
+        </div>
+    </div>    
+
+    <div class="panel panel-info" ng-if="content.scan_results.scan_details">
+        <div class="panel-heading">
+            <strong>Multiscanning</strong>
+        </div>
+        <div class="panel-body">
+            <table class="table table-hover">
+                <tr>
+                    <th>Engine</th>
+                    <th>Scan Time</th>
+                    <th>Definition Date</th>
+                    <th>Result</th>
+                </tr>
+                <tr ng-repeat="(k, obj) in content.scan_results.scan_details">
+                    <td>
+                        <span class="label label-success" ng-if="obj.scan_result_i == 0"><span class="glyphicon glyphicon-ok" aria-hidden="true"></span></span>
+                        <span class="label label-danger" ng-if="obj.scan_result_i == 1"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></span>
+                        <span class="label label-warning" ng-if="obj.scan_result_i == 3"><span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span></span>
+                        {{k}}
+                    </td>
+                    <td>{{obj.scan_time}}</td>
+                    <td>{{obj.def_time}}</td>
+                    <td>{{obj.threat_found}}</td>
+                </tr>
+            </table>
+        </div>
+    </div>
+
+</div>
diff --git a/thehive-templates/MetaDefenderCloud_Scan_1_0/short.html b/thehive-templates/MetaDefenderCloud_Scan_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/MetaDefenderCloud_Scan_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>
diff --git a/thehive-templates/MetaDefenderCore_GetReport_1_0/long.html b/thehive-templates/MetaDefenderCore_GetReport_1_0/long.html
new file mode 100644
index 000000000..da1a62076
--- /dev/null
+++ b/thehive-templates/MetaDefenderCore_GetReport_1_0/long.html
@@ -0,0 +1,113 @@
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
+
+<div>
+    
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>Summary</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scan Result</dt>
+                <dd class="wrap">
+                    <span ng-if="[0, 5].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-success">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 1" class="label label-danger">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 2" class="label label-warning">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="[3, 4, 6, 7].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-info">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>                
+                </dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scanning Engines</dt>
+                <dd class="wrap">
+                    <span ng-if="content.scan_results.total_detected_avs">{{content.scan_results.total_detected_avs}}/</span>{{content.scan_results.total_avs}}
+                </dd>
+            </dl>
+        </div>
+    </div>
+
+    <div class="panel panel-info" ng-if="content.file_info">
+        <div class="panel-heading">
+            <strong>File Info</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal">
+                <dt>Uploaded</dt>
+                <dd class="wrap">{{content.file_info.upload_timestamp}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Type</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_type_description}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Size</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_size}}
+                </dd>
+            </dl>    
+            <dl class="dl-horizontal">
+                <dt>sha256</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha256}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>sha1</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha1}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>md5</dt>
+                <dd class="wrap">
+                    {{content.file_info.md5}}
+                </dd>
+            </dl>                                                
+        </div>
+    </div>    
+
+    <div class="panel panel-info" ng-if="content.scan_results.scan_details">
+        <div class="panel-heading">
+            <strong>Multiscanning</strong>
+        </div>
+        <div class="panel-body">
+            <table class="table table-hover">
+                <tr>
+                    <th>Engine</th>
+                    <th>Scan Time</th>
+                    <th>Definition Date</th>
+                    <th>Result</th>
+                </tr>
+                <tr ng-repeat="(k, obj) in content.scan_results.scan_details">
+                    <td>
+                        <span class="label label-success" ng-if="obj.scan_result_i == 0"><span class="glyphicon glyphicon-ok" aria-hidden="true"></span></span>
+                        <span class="label label-danger" ng-if="obj.scan_result_i == 1"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></span>
+                        <span class="label label-warning" ng-if="obj.scan_result_i == 3"><span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span></span>
+                        {{k}}
+                    </td>
+                    <td>{{obj.scan_time}}</td>
+                    <td>{{obj.def_time}}</td>
+                    <td>{{obj.threat_found}}</td>
+                </tr>
+            </table>
+        </div>
+    </div>
+
+</div>
diff --git a/thehive-templates/MetaDefenderCore_GetReport_1_0/short.html b/thehive-templates/MetaDefenderCore_GetReport_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/MetaDefenderCore_GetReport_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>
diff --git a/thehive-templates/MetaDefenderCore_Scan_1_0/long.html b/thehive-templates/MetaDefenderCore_Scan_1_0/long.html
new file mode 100644
index 000000000..da1a62076
--- /dev/null
+++ b/thehive-templates/MetaDefenderCore_Scan_1_0/long.html
@@ -0,0 +1,113 @@
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
+
+<div>
+    
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>Summary</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scan Result</dt>
+                <dd class="wrap">
+                    <span ng-if="[0, 5].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-success">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 1" class="label label-danger">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="content.scan_results.scan_all_result_i == 2" class="label label-warning">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>
+                    <span ng-if="[3, 4, 6, 7].indexOf(content.scan_results.scan_all_result_i) !== -1" class="label label-info">
+                        {{content.scan_results.scan_all_result_a}}
+                    </span>                
+                </dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.scan_results">
+                <dt>Scanning Engines</dt>
+                <dd class="wrap">
+                    <span ng-if="content.scan_results.total_detected_avs">{{content.scan_results.total_detected_avs}}/</span>{{content.scan_results.total_avs}}
+                </dd>
+            </dl>
+        </div>
+    </div>
+
+    <div class="panel panel-info" ng-if="content.file_info">
+        <div class="panel-heading">
+            <strong>File Info</strong>
+        </div>
+        <div class="panel-body">
+            <dl class="dl-horizontal">
+                <dt>Uploaded</dt>
+                <dd class="wrap">{{content.file_info.upload_timestamp}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Type</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_type_description}}
+                </dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>File Size</dt>
+                <dd class="wrap">
+                    {{content.file_info.file_size}}
+                </dd>
+            </dl>    
+            <dl class="dl-horizontal">
+                <dt>sha256</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha256}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>sha1</dt>
+                <dd class="wrap">
+                    {{content.file_info.sha1}}
+                </dd>
+            </dl>  
+            <dl class="dl-horizontal">
+                <dt>md5</dt>
+                <dd class="wrap">
+                    {{content.file_info.md5}}
+                </dd>
+            </dl>                                                
+        </div>
+    </div>    
+
+    <div class="panel panel-info" ng-if="content.scan_results.scan_details">
+        <div class="panel-heading">
+            <strong>Multiscanning</strong>
+        </div>
+        <div class="panel-body">
+            <table class="table table-hover">
+                <tr>
+                    <th>Engine</th>
+                    <th>Scan Time</th>
+                    <th>Definition Date</th>
+                    <th>Result</th>
+                </tr>
+                <tr ng-repeat="(k, obj) in content.scan_results.scan_details">
+                    <td>
+                        <span class="label label-success" ng-if="obj.scan_result_i == 0"><span class="glyphicon glyphicon-ok" aria-hidden="true"></span></span>
+                        <span class="label label-danger" ng-if="obj.scan_result_i == 1"><span class="glyphicon glyphicon-remove" aria-hidden="true"></span></span>
+                        <span class="label label-warning" ng-if="obj.scan_result_i == 3"><span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span></span>
+                        {{k}}
+                    </td>
+                    <td>{{obj.scan_time}}</td>
+                    <td>{{obj.def_time}}</td>
+                    <td>{{obj.threat_found}}</td>
+                </tr>
+            </table>
+        </div>
+    </div>
+
+</div>
diff --git a/thehive-templates/MetaDefenderCore_Scan_1_0/short.html b/thehive-templates/MetaDefenderCore_Scan_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/MetaDefenderCore_Scan_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>

From 1a38ec843cbb04868393411f216be2935c5ed0a8 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Mon, 8 Jul 2019 10:38:25 +0200
Subject: [PATCH 05/19] Update requirements.txt

---
 analyzers/MetaDefender/requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/analyzers/MetaDefender/requirements.txt b/analyzers/MetaDefender/requirements.txt
index fcab33d3d..6aabc3cfa 100644
--- a/analyzers/MetaDefender/requirements.txt
+++ b/analyzers/MetaDefender/requirements.txt
@@ -1,3 +1,2 @@
 cortexutils
-future
 requests

From 06d48f598fd7d30c4b6ece7c9b2a745d3a7895c5 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Mon, 8 Jul 2019 10:39:43 +0200
Subject: [PATCH 06/19] Update metadefender_lookup.py

---
 analyzers/MetaDefender/metadefender_lookup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analyzers/MetaDefender/metadefender_lookup.py b/analyzers/MetaDefender/metadefender_lookup.py
index c26d2095f..af5b3a28a 100644
--- a/analyzers/MetaDefender/metadefender_lookup.py
+++ b/analyzers/MetaDefender/metadefender_lookup.py
@@ -75,8 +75,8 @@ def check_reputation(self, data_type, data):
         )
         if r.status_code == 200:
             data = json.loads(r.text)
-            #if data.get("success", None) == False:
-            #    return {}
+            if data.get("success", False) == False:
+                return {}
             return data
         return {}
 

From c9c24872d25aa316b2267c23613d54e7bc8c4d05 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Mon, 8 Jul 2019 10:51:18 +0200
Subject: [PATCH 07/19] Update metadefender_lookup.py

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
---
 analyzers/MetaDefender/metadefender_lookup.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/analyzers/MetaDefender/metadefender_lookup.py b/analyzers/MetaDefender/metadefender_lookup.py
index c26d2095f..550f7f96c 100644
--- a/analyzers/MetaDefender/metadefender_lookup.py
+++ b/analyzers/MetaDefender/metadefender_lookup.py
@@ -98,9 +98,12 @@ def __init__(self):
     def summary(self, raw):
         taxonomies = []
         level = "info"
-        namespace = "OPSWATMetadefender"
-        predicate = "Report"
+        if self.service in ("scan_cloud", "query_cloud", "reputation_cloud"): 
+            namespace = "OPSWATMetadefender-Cloud"
+        else:
+            namespace = "OPSWATMetadefender-Core"
         if self.service in ("scan_cloud", "scan_core", "query_cloud", "query_core"):
+            predicate = "Report"
             score = raw.get("scan_results", {}).get("scan_all_result_a", "No Info")
             score_no = raw.get("scan_results", {}).get("scan_all_result_i", 0)
             if score_no == 1:
@@ -112,6 +115,7 @@ def summary(self, raw):
             elif score_no in (0, 5):
                 level = "safe"
         elif self.service == 'reputation_cloud':
+            predicate = "Reputation"
             score_no = raw.get("lookup_results", {}).get("detected_by", 0)
             score_total = len(raw.get("lookup_results", {}).get("sources", []))
             if score_no == 0:

From 730816be9abd1c2b4c4df7f4aaeed49853098d5a Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Tue, 9 Jul 2019 12:03:32 +0200
Subject: [PATCH 08/19] updated joesandbox analyzer

Use official jbxapi  (https://github.com/joesecurity/jbxapi)
Support only for jbxapi v3  and  latest JoeSandbox v26 Aquamarine

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
---
 analyzers/JoeSandbox/joesandbox_analyzer.py | 209 +++++---------------
 analyzers/JoeSandbox/requirements.txt       |   1 +
 2 files changed, 52 insertions(+), 158 deletions(-)

diff --git a/analyzers/JoeSandbox/joesandbox_analyzer.py b/analyzers/JoeSandbox/joesandbox_analyzer.py
index 7efda0126..4747c8b6e 100755
--- a/analyzers/JoeSandbox/joesandbox_analyzer.py
+++ b/analyzers/JoeSandbox/joesandbox_analyzer.py
@@ -1,37 +1,38 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # encoding: utf-8
 
 from cortexutils.analyzer import Analyzer
 
-import os.path
+import io
 import requests
 import time
+import json
+from jbxapi import JoeSandbox
 
 
 class JoeSandboxAnalyzer(Analyzer):
-
     def __init__(self):
         Analyzer.__init__(self)
-        self.service = self.get_param('config.service', None, 'JoeSandbox service is missing')
-        self.url = self.get_param('config.url', None, 'JoeSandbox url is missing')
-        if self.get_param('config.key'):
-            self.apikey = self.get_param('config.key')
+        self.url = self.get_param("config.url", None, "JoeSandbox url is missing")
+        if self.get_param("config.key"):
+            apikey = self.get_param("config.key")
         else:
-            self.apikey = self.get_param('config.apikey', None, 'JoeSandbox API key is missing')
-        self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None)
-        self.networktimeout = self.get_param('config.networktimeout', 30, None)
+            apikey = self.get_param(
+                "config.apikey", None, "JoeSandbox API key is missing"
+            )
+        self.service = self.get_param(
+            "config.service", None, "JoeSandbox service is missing"
+        )
+        self.analysistimeout = self.get_param("config.analysistimeout", 30 * 60, None)
+        self.networktimeout = self.get_param("config.networktimeout", 30, None)
+        self.joe = JoeSandbox(apikey, self.url, verify_ssl=False)
 
     def summary(self, raw):
-        result = {
-            'service': self.service,
-            'dataType': self.data_type
-        }
-
         taxonomies = []
         namespace = "JSB"
         predicate = "Report"
 
-        r = raw['detection']
+        r = raw["detection"]
 
         value = "{}/{}".format(r["score"], r["maxscore"])
 
@@ -46,166 +47,58 @@ def summary(self, raw):
             value = "Unknown"
 
         taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
-        result.update({"taxonomies": taxonomies})
+        return {"taxonomies": taxonomies}
 
-        return result
-
-    def runv1(self):
-        data = {
-            'apikey': self.apikey,
-            'tandc': 1,
-            'auto': 1,
-            'comments': 'Submitted by Cortex'
-        }
-        files = {}
+    def run(self):
+        Analyzer.run(self)
 
         # file analysis with internet access
-        if self.service == 'file_analysis_inet':
-            extension = os.path.splitext(self.get_param('filename', ''))[1]
-            filepath = self.get_param('file', None, 'File is missing')
-            files['sample'] = (filepath + extension, open(filepath, 'rb'))
-            data['type'] = 'file'
-            data['inet'] = 1
-
-        # file analysis without internet access
-        elif self.service == 'file_analysis_noinet':
-            extension = os.path.splitext(self.get_param('filename', ''))[1]
-            filepath = self.get_param('file', None, 'File is missing')
-            files['sample'] = (filepath + extension, open(filepath, 'rb'))
-            data['type'] = 'file'
-            data['inet'] = 0
-
+        if self.service == "file_analysis_inet":
+            filename = self.get_param("filename", "")
+            filepath = self.get_param("file", "")
+            response = self.joe.submit_sample((filename, open(filepath, "rb")))
+        elif self.service == "file_analysis_noinet":
+            filename = self.get_param("filename", "")
+            filepath = self.get_param("file", "")
+            response = self.joe.submit_sample(
+                (filename, open(filepath, "rb")), params={"internet-access": False}
+            )
         # url analysis
-        elif self.service == 'url_analysis':
-            data['url'] = self.get_data()
-            data['type'] = 'url'
-            data['inet'] = 1
+        elif self.service == "url_analysis":
+            response = self.joe.submit_url(self.get_data())
 
         else:
-            self.error('Unknown JoeSandbox service')
+            self.error("Unknown JoeSandbox service")
 
         # Submit the file/url for analysis
-        response = requests.post(self.url + 'api/analysis', files=files, data=data, timeout=self.networktimeout)
-        webid = response.json()['webid']
+        submission_id = response["submission_id"]
 
         # Wait for the analysis to finish
-        data = {
-            'apikey': self.apikey,
-            'webid': webid
-        }
         finished = False
         tries = 0
-        while not finished and tries <= self.analysistimeout/60:
+        while not finished and tries <= self.analysistimeout / 60:
             time.sleep(60)
-            response = requests.post(self.url + 'api/analysis/check', data=data, timeout=self.networktimeout)
-            content = response.json()
-            if content['status'] == 'finished':
+            response = self.joe.submission_info(submission_id)
+            webid = response["analyses"][0]["webid"]
+            if response["status"] == "finished":
                 finished = True
             tries += 1
         if not finished:
-            self.error('JoeSandbox analysis timed out')
-
+            self.error("JoeSandbox analysis timed out")
         # Download the report
-        data = {
-            'apikey': self.apikey,
-            'webid': webid,
-            'type': 'irjsonfixed',
-            'run': 0
-        }
-        response = requests.post(self.url + 'api/analysis/download', data=data, timeout=self.networktimeout)
-        analysis = response.json()['analysis']
-        analysis['htmlreport'] = self.url + 'analysis/' + str(analysis['id']) + '/0/html'
-        analysis['pdfreport'] = self.url + 'analysis/' + str(analysis['id']) + '/0/pdf'
-        self.report(analysis)
-
-    def runv2(self):
-        data = {
-            'apikey': self.apikey,
-            'accept-tac': '1',
-            'systems': None,
-            'comments': 'Submitted by Cortex'
-        }
-        files = {}
-
-        # file analysis with internet access
-        if self.service == 'file_analysis_inet':
-            extension = os.path.splitext(self.get_param('filename', ''))[1]
-            filepath = self.get_param('file', None, 'File is missing')
-            files['sample'] = (filepath + extension, open(filepath, 'rb'))
-            data['internet-access'] = '1'
-
-        # file analysis without internet access
-        elif self.service == 'file_analysis_noinet':
-            extension = os.path.splitext(self.get_param('filename', ''))[1]
-            filepath = self.get_param('file', None, 'File is missing')
-            files['sample'] = (filepath + extension, open(filepath, 'rb'))
-            data['internet-access'] = '0'
-
-        # url analysis
-        elif self.service == 'url_analysis':
-            data['url'] = self.get_data()
-            data['internet-access'] = '1'
-
+        response = self.joe.analysis_download(webid, "irjsonfixed", run=0)
+        analysis = json.loads(response[1].decode("utf-8")).get("analysis", None)
+        if analysis:
+            analysis["htmlreport"] = (
+                self.url + "analysis/" + str(analysis["id"]) + "/0/html"
+            )
+            analysis["pdfreport"] = (
+                self.url + "analysis/" + str(analysis["id"]) + "/0/pdf"
+            )
+            self.report(analysis)
         else:
-            self.error('Unknown JoeSandbox service')
-
-        # Submit the file/url for analysis
-        response = requests.post(self.url + 'api/v2/analysis/submit',
-                                 files=files,
-                                 data=data,
-                                 timeout=self.networktimeout)
-        webid = response.json()['data']['webids'][0]
+            self.error("Invalid output")
 
-        # Wait for the analysis to finish
-        data = {
-            'apikey': self.apikey,
-            'webid': webid
-        }
-        finished = False
-        tries = 0
-        while not finished and tries <= self.analysistimeout/60:
-            time.sleep(60)
-            response = requests.post(self.url + 'api/v2/analysis/info', data=data, timeout=self.networktimeout)
-            content = response.json()
-            if content['data']['status'] == 'finished':
-                finished = True
-            tries += 1
-        if not finished:
-            self.error('JoeSandbox analysis timed out')
-
-        # Download the report
-        data = {
-            'apikey': self.apikey,
-            'webid': webid,
-            'type': 'irjsonfixed',
-            'run': 0
-        }
-        response = requests.post(self.url + 'api/v2/analysis/download', data=data, timeout=self.networktimeout)
-        analysis = response.json()['analysis']
-        analysis['htmlreport'] = self.url + 'analysis/' + str(analysis['id']) + '/0/html'
-        analysis['pdfreport'] = self.url + 'analysis/' + str(analysis['id']) + '/0/pdf'
-        self.report(analysis)
-
-    def run(self):
-        Analyzer.run(self)
 
-        try:
-            data = {
-                'apikey': self.apikey
-            }
-            # Check whether API v2 is supported or not
-            response = requests.post(self.url + 'api/v2/server/online',
-                                     data=data,
-                                     timeout=self.networktimeout,
-                                     allow_redirects=False)
-            if response.status_code == 200:
-                self.runv2()
-            else:
-                self.runv1()
-
-        except Exception as e:
-            self.unexpectedError(e)
-
-
-if __name__ == '__main__':
+if __name__ == "__main__":
     JoeSandboxAnalyzer().run()
diff --git a/analyzers/JoeSandbox/requirements.txt b/analyzers/JoeSandbox/requirements.txt
index 6aabc3cfa..e0fa1d31a 100644
--- a/analyzers/JoeSandbox/requirements.txt
+++ b/analyzers/JoeSandbox/requirements.txt
@@ -1,2 +1,3 @@
 cortexutils
 requests
+jbxapi==3.2.0

From 939ceadf27874623841764179d4ed576b6d45805 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Mon, 15 Jul 2019 16:21:30 +0200
Subject: [PATCH 09/19] Support for Cuckoo 2.0.7 and custom CA

---
 .../CuckooSandbox_File_Analysis.json          | 22 ++++++++++
 .../CuckooSandbox_Url_Analysis.json           | 22 ++++++++++
 .../CuckooSandbox/cuckoosandbox_analyzer.py   | 39 ++++++++++++----
 analyzers/catalog-devel.json                  | 44 +++++++++++++++++++
 analyzers/catalog-stable.json                 | 44 +++++++++++++++++++
 analyzers/catalog.json                        | 44 +++++++++++++++++++
 6 files changed, 207 insertions(+), 8 deletions(-)

diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
index 5a667ac99..94c6dad26 100644
--- a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
+++ b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
@@ -15,6 +15,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ]
 }
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
index 70df5aa07..bd63f8d88 100644
--- a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
+++ b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
@@ -15,6 +15,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ]
 
diff --git a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
index 131602fd5..8e6245041 100755
--- a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
+++ b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
@@ -13,6 +13,15 @@ def __init__(self):
         Analyzer.__init__(self)
         self.url = self.get_param('config.url', None, 'CuckooSandbox url is missing')
         self.url = self.url + "/" if not self.url.endswith("/") else self.url
+        self.token = self.get_param('config.token', None, None)
+        if self.get_param('config.cert_check', True):
+            ssl_path = self.get_param('config.cert_path', None)
+            if not ssl_path or ssl_path == '':
+                self.ssl = True
+            else:
+                self.ssl = ssl_path
+        else:
+            self.ssl = False
         # self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None)
         # self.networktimeout = self.get_param('config.networktimeout', 30, None)
 
@@ -46,6 +55,9 @@ def run(self):
         Analyzer.run(self)
 
         try:
+            headers = dict()
+            if self.token and self.token != "":
+                headers['Authorization'] = "Bearer {0}".format(self.token)
 
             # file analysis
             if self.data_type == 'file':
@@ -53,15 +65,26 @@ def run(self):
                 filename = self.get_param('filename', basename(filepath))
                 with open(filepath, "rb") as sample:
                     files = {"file": (filename, sample)}
-                    response = requests.post(self.url + 'tasks/create/file', files=files)
-                task_id = response.json()['task_ids'][0] if 'task_ids' in response.json().keys() \
-                    else response.json()['task_id']
+                    response = requests.post(self.url + 'tasks/create/file', files=files, headers=headers, verify=self.ssl)
+                if 'task_ids' in response.json().keys():
+                    task_id = response.json()['task_ids'][0]
+                elif 'task_id' in response.json().keys():
+                    task_id = response.json()['task_id']
+                elif response.status_code == 401:
+                    self.error("API token is required by this Cuckoo instance.")
+                else:
+                    self.error(response.json()['message'])
 
             # url analysis
             elif self.data_type == 'url':
                 data = {"url": self.get_data()}
-                response = requests.post(self.url + 'tasks/create/url', data=data)
-                task_id = response.json()['task_id']
+                response = requests.post(self.url + 'tasks/create/url', data=data, headers=headers, verify=self.ssl)
+                if 'task_id' in response.json().keys():
+                    task_id = response.json()['task_id']
+                elif response.status_code == 401:
+                    self.error("API token is required by this Cuckoo instance.")
+                else:
+                    self.error(response.json()['message'])
 
             else:
                 self.error('Invalid data type !')
@@ -70,7 +93,7 @@ def run(self):
             tries = 0
             while not finished and tries <= 15:  # wait max 15 mins
                 time.sleep(60)
-                response = requests.get(self.url + 'tasks/view/' + str(task_id))
+                response = requests.get(self.url + 'tasks/view/' + str(task_id), headers=headers, verify=self.ssl)
                 content = response.json()['task']['status']
                 if content == 'reported':
                     finished = True
@@ -79,7 +102,7 @@ def run(self):
                 self.error('CuckooSandbox analysis timed out')
 
             # Download the report
-            response = requests.get(self.url + 'tasks/report/' + str(task_id) + '/json')
+            response = requests.get(self.url + 'tasks/report/' + str(task_id) + '/json', headers=headers, verify=self.ssl)
             resp_json = response.json()
             list_description = [x['description'] for x in resp_json['signatures']]
             if 'suricata' in resp_json.keys() and 'alerts' in resp_json['suricata'].keys():
@@ -141,7 +164,7 @@ def run(self):
                 })
 
         except requests.exceptions.RequestException as e:
-            self.error(e)
+            self.error(str(e))
 
         except Exception as e:
             self.unexpectedError(e)
diff --git a/analyzers/catalog-devel.json b/analyzers/catalog-devel.json
index 2158f9a3e..bc71d756c 100644
--- a/analyzers/catalog-devel.json
+++ b/analyzers/catalog-devel.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:devel"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:devel"
diff --git a/analyzers/catalog-stable.json b/analyzers/catalog-stable.json
index 221c2002e..e4d9cfeb4 100644
--- a/analyzers/catalog-stable.json
+++ b/analyzers/catalog-stable.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1.1"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1.1"
diff --git a/analyzers/catalog.json b/analyzers/catalog.json
index c92be13ec..a8b9e4951 100644
--- a/analyzers/catalog.json
+++ b/analyzers/catalog.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1"

From 74e98576c9ff5b6d8452420367eeae4787e8c41f Mon Sep 17 00:00:00 2001
From: github-pba <github-pba@itserv.de>
Date: Fri, 26 Jul 2019 09:36:46 +0200
Subject: [PATCH 10/19] fix for issue 509

---
 responders/FalconCustomIOC/requirements.txt | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/responders/FalconCustomIOC/requirements.txt b/responders/FalconCustomIOC/requirements.txt
index f9ae8361d..f2293605c 100644
--- a/responders/FalconCustomIOC/requirements.txt
+++ b/responders/FalconCustomIOC/requirements.txt
@@ -1,4 +1 @@
-json
-re
 requests
-traceback

From 558674335a1f0586971b8fb8a9ef79291948fcf2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Wed, 9 Oct 2019 15:55:19 +0200
Subject: [PATCH 11/19] #540 cant build docker containers due to spaces in the
 name of this responder

---
 responders/QRadarAutoClose/QRadarAutoClose.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/responders/QRadarAutoClose/QRadarAutoClose.json b/responders/QRadarAutoClose/QRadarAutoClose.json
index 1a9c058e5..1af2c7d6b 100644
--- a/responders/QRadarAutoClose/QRadarAutoClose.json
+++ b/responders/QRadarAutoClose/QRadarAutoClose.json
@@ -1,5 +1,5 @@
 {
-  "name": "QRadar Auto Closing Offense",
+  "name": "QRadar_Auto_Closing_Offense",
   "version": "1.0",
   "author": "Florian Perret",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",

From 1ef46f5887484c7a5c33aef50b7b2b78f6e839a2 Mon Sep 17 00:00:00 2001
From: milkmix <julien.bachmann@gmail.com>
Date: Fri, 18 Oct 2019 19:12:12 +0200
Subject: [PATCH 12/19] changed user-agent and accept/accept-encoding to make
 Talos reverse-proxy happy

---
 analyzers/TalosReputation/TalosReputation.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/analyzers/TalosReputation/TalosReputation.py b/analyzers/TalosReputation/TalosReputation.py
index d5f43e6a7..3b95305e4 100755
--- a/analyzers/TalosReputation/TalosReputation.py
+++ b/analyzers/TalosReputation/TalosReputation.py
@@ -30,12 +30,13 @@ def run(self):
         if self.data_type == 'ip':
             try:
                 data = self.get_data()
-
+                
                 headers={
                     'Host':'talosintelligence.com',
                     'Referer':'https://talosintelligence.com/reputation_center/lookup?search={}'.format(data),
-                    'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',
-                    'Accept':'*/*'
+                    'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0',
+                    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+                    'Accept-Encoding': 'gzip, deflate'
                 }
 
                 response_details = requests.get('https://talosintelligence.com/sb_api/query_lookup',

From 0221f9c4a8e48cdfa3dffc4d51d1da850c7447f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Mon, 21 Oct 2019 23:05:47 +0200
Subject: [PATCH 13/19] #550 new encrypted document mimetype

---
 analyzers/FileInfo/submodules/submodule_oletools.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/analyzers/FileInfo/submodules/submodule_oletools.py b/analyzers/FileInfo/submodules/submodule_oletools.py
index 76e94e212..4c0f2bab1 100644
--- a/analyzers/FileInfo/submodules/submodule_oletools.py
+++ b/analyzers/FileInfo/submodules/submodule_oletools.py
@@ -30,7 +30,8 @@ def check_file(self, **kwargs):
                 'PPTX'
             ] or (kwargs.get('mimetype').startswith("application/vnd.openxmlformats-officedocument") or
                  kwargs.get('mimetype').startswith("application/encrypted") or
-                 kwargs.get('mimetype').startswith("application/vnd.ms-")
+                 kwargs.get('mimetype').startswith("application/vnd.ms-") or
+                 kwargs.get('mimetype').startswith("application/msword")
             ):
                 if kwargs.get('mimetype').startswith("application/encrypted") and not is_encrypted(kwargs.get('file')):
                     return False

From 10f66ac9f194c3dc8096f260047d3fe0882254a6 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 22 Oct 2019 11:01:48 +0200
Subject: [PATCH 14/19] #551 Add requests in phishtank requirements

---
 analyzers/PhishTank/requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/analyzers/PhishTank/requirements.txt b/analyzers/PhishTank/requirements.txt
index 8ad52a568..6aabc3cfa 100644
--- a/analyzers/PhishTank/requirements.txt
+++ b/analyzers/PhishTank/requirements.txt
@@ -1 +1,2 @@
 cortexutils
+requests

From ea9bcb98363a14337650392377b4036f73830930 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 4 Nov 2019 16:32:36 +0100
Subject: [PATCH 15/19] #561 Add missing dependencies in requirements.txt

---
 responders/UmbrellaBlacklister/requirements.txt      | 2 ++
 responders/ZEROFOX_Close_alert/requirements.txt      | 2 ++
 responders/ZEROFOX_Takedown_request/requirements.txt | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/responders/UmbrellaBlacklister/requirements.txt b/responders/UmbrellaBlacklister/requirements.txt
index 0b076fb62..5ae4088dd 100644
--- a/responders/UmbrellaBlacklister/requirements.txt
+++ b/responders/UmbrellaBlacklister/requirements.txt
@@ -1 +1,3 @@
+cortexutils
+requests
 datetime
diff --git a/responders/ZEROFOX_Close_alert/requirements.txt b/responders/ZEROFOX_Close_alert/requirements.txt
index 8b1378917..655e90ed6 100644
--- a/responders/ZEROFOX_Close_alert/requirements.txt
+++ b/responders/ZEROFOX_Close_alert/requirements.txt
@@ -1 +1,3 @@
+cortexutils
+requests
 
diff --git a/responders/ZEROFOX_Takedown_request/requirements.txt b/responders/ZEROFOX_Takedown_request/requirements.txt
index 8b1378917..655e90ed6 100644
--- a/responders/ZEROFOX_Takedown_request/requirements.txt
+++ b/responders/ZEROFOX_Takedown_request/requirements.txt
@@ -1 +1,3 @@
+cortexutils
+requests
 

From 47b699a80f88fec06ee9314cfd0b47874f9d7262 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Fri, 15 Nov 2019 21:21:56 +0100
Subject: [PATCH 16/19] #552 Cortex did not found analyzer without execute
 permission

---
 analyzers/ProofPoint/proofpoint_lookup.py | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 analyzers/ProofPoint/proofpoint_lookup.py

diff --git a/analyzers/ProofPoint/proofpoint_lookup.py b/analyzers/ProofPoint/proofpoint_lookup.py
old mode 100644
new mode 100755

From 27e9880651922377649db62dcf797e6b670e6931 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Tue, 26 Nov 2019 17:53:42 +0100
Subject: [PATCH 17/19] add Changelog

---
 CHANGELOG.md | 1045 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1045 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..3196ebeaf
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,1045 @@
+# Changelog
+
+## [2.2.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.2.1) (2019-11-26)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.2.0...HEAD)
+
+**Fixed bugs:**
+
+- \[Bug\] Missing module dependencies on responders [\#561](https://github.com/TheHive-Project/Cortex-Analyzers/issues/561)
+- Old non-existent analysers showing in Cortex \[Bug\] [\#553](https://github.com/TheHive-Project/Cortex-Analyzers/issues/553)
+- \[Bug\] [\#552](https://github.com/TheHive-Project/Cortex-Analyzers/issues/552)
+- \[Bug\] Requests module is missing in PhishTank checkurl analyzer docker image [\#551](https://github.com/TheHive-Project/Cortex-Analyzers/issues/551)
+- Add mime types of encrypted documents [\#550](https://github.com/TheHive-Project/Cortex-Analyzers/issues/550)
+- \[Bug\] Cuckoo Sandbox 2.0.7 [\#544](https://github.com/TheHive-Project/Cortex-Analyzers/issues/544)
+- \[Bug\] Custom responder not working after upgrade to cortex 3 [\#542](https://github.com/TheHive-Project/Cortex-Analyzers/issues/542)
+- \[Bug\] Docker build fails due to spaces in some responders [\#540](https://github.com/TheHive-Project/Cortex-Analyzers/issues/540)
+- \[Bug\] ThreatCrowd analyzer not respecting Max TLP value [\#527](https://github.com/TheHive-Project/Cortex-Analyzers/issues/527)
+- Talos Analyzer No Longer Works [\#521](https://github.com/TheHive-Project/Cortex-Analyzers/issues/521)
+- \[Bug\]Missing baseConfig in two Analyzsers [\#508](https://github.com/TheHive-Project/Cortex-Analyzers/issues/508)
+- \[Bug\] Fortiguard: Category parsing does not handle "-" [\#493](https://github.com/TheHive-Project/Cortex-Analyzers/issues/493)
+- \[Bug\] MISP analyzer does not connect to MISP [\#480](https://github.com/TheHive-Project/Cortex-Analyzers/issues/480)
+
+**Closed issues:**
+
+- MaxMind Analyzer: Use commercial databases with geoipupdate [\#474](https://github.com/TheHive-Project/Cortex-Analyzers/issues/474)
+
+## [2.2.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.2.0) (2019-10-01)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.8...2.2.0)
+
+**Implemented enhancements:**
+
+- \[FR\] Manage encrypted Office documents in FileInfo [\#533](https://github.com/TheHive-Project/Cortex-Analyzers/issues/533)
+- \[FR\] Use HEAD instead of GET in UnshortenLink [\#506](https://github.com/TheHive-Project/Cortex-Analyzers/issues/506)
+- Responder: Block a "domain" observable via BIND RPZ DDNS update [\#435](https://github.com/TheHive-Project/Cortex-Analyzers/issues/435)
+
+**Fixed bugs:**
+
+- \[Bug\] VirusTotal\_GetReport does not work anymore [\#519](https://github.com/TheHive-Project/Cortex-Analyzers/issues/519)
+- \[Bug\] Cortex Analyzers Invalid output [\#515](https://github.com/TheHive-Project/Cortex-Analyzers/issues/515)
+- \[Bug\] FileInfo crashes with some PDF  [\#536](https://github.com/TheHive-Project/Cortex-Analyzers/issues/536)
+- \[Bug\] Hybrid Analysis getReport fails with observable with datatype = file [\#535](https://github.com/TheHive-Project/Cortex-Analyzers/issues/535)
+- \[Bug\] HIBP Analyser no longer works [\#524](https://github.com/TheHive-Project/Cortex-Analyzers/issues/524)
+- \[Misc\] Remove Cymon analyzer [\#489](https://github.com/TheHive-Project/Cortex-Analyzers/issues/489)
+- \[Bug\] Umbrella\_Report\_1\_0 analyzer returning Invalid output [\#459](https://github.com/TheHive-Project/Cortex-Analyzers/issues/459)
+- Encoding error in Shodan results [\#322](https://github.com/TheHive-Project/Cortex-Analyzers/issues/322)
+- \[BugFix\] HIBP Analyser no longer works [\#525](https://github.com/TheHive-Project/Cortex-Analyzers/pull/525) ([jonashergenhahn](https://github.com/jonashergenhahn))
+
+**Closed issues:**
+
+- \[FR\] Responder "request for takedown" in Zerofox [\#532](https://github.com/TheHive-Project/Cortex-Analyzers/issues/532)
+- \[FR\] Responder "Close Alert" for Zerofox [\#531](https://github.com/TheHive-Project/Cortex-Analyzers/issues/531)
+- Responder QRadarAutoClose [\#441](https://github.com/TheHive-Project/Cortex-Analyzers/issues/441)
+
+**Merged pull requests:**
+
+- Responder QRadarAutoClose [\#460](https://github.com/TheHive-Project/Cortex-Analyzers/pull/460) ([cyberpescadito](https://github.com/cyberpescadito))
+- Add responder DNS-RPZ \(issue \#435\) [\#447](https://github.com/TheHive-Project/Cortex-Analyzers/pull/447) ([mhexp](https://github.com/mhexp))
+- New analyser : Google Vision API [\#297](https://github.com/TheHive-Project/Cortex-Analyzers/pull/297) ([0xswitch](https://github.com/0xswitch))
+
+## [2.1.8](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.8) (2019-07-12)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.7...2.1.8)
+
+**Fixed bugs:**
+
+- \[Bug\] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one [\#513](https://github.com/TheHive-Project/Cortex-Analyzers/issues/513)
+
+## [2.1.7](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.7) (2019-07-10)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.6...2.1.7)
+
+**Implemented enhancements:**
+
+- Analyzer Template Check-Up [\#213](https://github.com/TheHive-Project/Cortex-Analyzers/issues/213)
+
+**Fixed bugs:**
+
+- \[Bug\] FortiGuard cannot parse response content [\#491](https://github.com/TheHive-Project/Cortex-Analyzers/issues/491)
+- Threatcrowd, TorBlutmagie, TorProject not displayed [\#414](https://github.com/TheHive-Project/Cortex-Analyzers/issues/414)
+- OTXQuery\_2\_0 Error when submitting IP address  [\#363](https://github.com/TheHive-Project/Cortex-Analyzers/issues/363)
+
+**Closed issues:**
+
+- New analyzer: Talos Reputation [\#426](https://github.com/TheHive-Project/Cortex-Analyzers/issues/426)
+
+## [2.1.6](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.6) (2019-06-21)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.5...2.1.6)
+
+**Implemented enhancements:**
+
+- Use req.text instead of req.content [\#492](https://github.com/TheHive-Project/Cortex-Analyzers/pull/492) ([srilumpa](https://github.com/srilumpa))
+
+**Fixed bugs:**
+
+- Missing request lib in the docker of  Fortiguard analyzer [\#503](https://github.com/TheHive-Project/Cortex-Analyzers/issues/503)
+
+## [2.1.5](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.5) (2019-06-20)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.4...2.1.5)
+
+**Fixed bugs:**
+
+- Docker for EmlParser is not working, python-magic is missing [\#502](https://github.com/TheHive-Project/Cortex-Analyzers/issues/502)
+
+## [2.1.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.4) (2019-06-20)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.3...2.1.4)
+
+**Fixed bugs:**
+
+- TalosReputation : not cortexutils in requirements.txt [\#501](https://github.com/TheHive-Project/Cortex-Analyzers/issues/501)
+
+## [2.1.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.3) (2019-06-17)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.2...2.1.3)
+
+**Fixed bugs:**
+
+- Problem with iocp requirement [\#500](https://github.com/TheHive-Project/Cortex-Analyzers/issues/500)
+
+## [2.1.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.2) (2019-06-16)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.1...2.1.2)
+
+## [2.1.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.1) (2019-06-16)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.0...2.1.1)
+
+## [2.1.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.1.0) (2019-06-09)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.0.1...2.1.0)
+
+**Implemented enhancements:**
+
+- FileInfo : extract URL from documents like PDF or Office [\#465](https://github.com/TheHive-Project/Cortex-Analyzers/issues/465)
+- Use up to date msg-Extract lib  in FileInfo [\#464](https://github.com/TheHive-Project/Cortex-Analyzers/issues/464)
+- \[FR\] Updated crt.sh Analyzer [\#438](https://github.com/TheHive-Project/Cortex-Analyzers/issues/438)
+- remove extra slash [\#488](https://github.com/TheHive-Project/Cortex-Analyzers/pull/488) ([garanews](https://github.com/garanews))
+- EmlParser - Fixed headers and displayTo  [\#486](https://github.com/TheHive-Project/Cortex-Analyzers/pull/486) ([mgabriel-silva](https://github.com/mgabriel-silva))
+- Crtsh updates [\#432](https://github.com/TheHive-Project/Cortex-Analyzers/pull/432) ([kx499](https://github.com/kx499))
+
+**Fixed bugs:**
+
+- \[Bug\] IBM X-Force Analyzer adds an extra slash which prevents it from running correctly [\#487](https://github.com/TheHive-Project/Cortex-Analyzers/issues/487)
+- Cuckoo Sandbox Analyzer error [\#458](https://github.com/TheHive-Project/Cortex-Analyzers/issues/458)
+- \[Bug\] EmlParser has incomplete header [\#484](https://github.com/TheHive-Project/Cortex-Analyzers/issues/484)
+- \[Bug\] OpenXML files detected as zip but ignored by Oletools. [\#475](https://github.com/TheHive-Project/Cortex-Analyzers/issues/475)
+- \[Bug\] Malwares\_GetReport\_1\_0 [\#470](https://github.com/TheHive-Project/Cortex-Analyzers/issues/470)
+- Use VirusTotal with python3  \(issue \#361\) [\#446](https://github.com/TheHive-Project/Cortex-Analyzers/pull/446) ([Nergie](https://github.com/Nergie))
+- Fix emlParser crash [\#439](https://github.com/TheHive-Project/Cortex-Analyzers/pull/439) ([agix](https://github.com/agix))
+
+**Closed issues:**
+
+- "errorMessage": "Missing dataType field" [\#481](https://github.com/TheHive-Project/Cortex-Analyzers/issues/481)
+- Hashdd\_Detail\_1\_0 throwing error [\#461](https://github.com/TheHive-Project/Cortex-Analyzers/issues/461)
+-   "errorMessage": "Invalid output\n" on Mail Responder [\#452](https://github.com/TheHive-Project/Cortex-Analyzers/issues/452)
+
+**Merged pull requests:**
+
+- added custom Dns sinkholed ip [\#482](https://github.com/TheHive-Project/Cortex-Analyzers/pull/482) ([garanews](https://github.com/garanews))
+- Add responder QRadarAutoClose\[FR\#441\] [\#443](https://github.com/TheHive-Project/Cortex-Analyzers/pull/443) ([cyberpescadito](https://github.com/cyberpescadito))
+- yeti api key [\#478](https://github.com/TheHive-Project/Cortex-Analyzers/pull/478) ([siisar](https://github.com/siisar))
+- Possibility to use a Yeti apikey. [\#477](https://github.com/TheHive-Project/Cortex-Analyzers/pull/477) ([siisar](https://github.com/siisar))
+- Utility to make running an Analyzer locally easier, helpful in development [\#471](https://github.com/TheHive-Project/Cortex-Analyzers/pull/471) ([ndejong](https://github.com/ndejong))
+- DNSSinkhole analyzer [\#434](https://github.com/TheHive-Project/Cortex-Analyzers/pull/434) ([garanews](https://github.com/garanews))
+- New analyzer: Talos Reputation [\#427](https://github.com/TheHive-Project/Cortex-Analyzers/pull/427) ([mgabriel-silva](https://github.com/mgabriel-silva))
+
+## [2.0.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.0.1) (2019-04-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.0.0...2.0.1)
+
+**Fixed bugs:**
+
+- \[Bug\] Invalid version for stable Docker image [\#453](https://github.com/TheHive-Project/Cortex-Analyzers/issues/453)
+
+## [2.0.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.0.0) (2019-04-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.16.0...2.0.0)
+
+**Closed issues:**
+
+- \[FR\] Remove contrib folder [\#451](https://github.com/TheHive-Project/Cortex-Analyzers/issues/451)
+- \[FR\] Add support to dockerized analyzers [\#450](https://github.com/TheHive-Project/Cortex-Analyzers/issues/450)
+
+## [1.16.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.16.0) (2019-03-27)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.15.3...1.16.0)
+
+**Implemented enhancements:**
+
+- AbuseIPDB analyzer creation [\#353](https://github.com/TheHive-Project/Cortex-Analyzers/issues/353)
+
+**Fixed bugs:**
+
+- \[Bug\] [\#433](https://github.com/TheHive-Project/Cortex-Analyzers/issues/433)
+
+**Closed issues:**
+
+- Different analyzer results between manually built instance and trainingVM [\#442](https://github.com/TheHive-Project/Cortex-Analyzers/issues/442)
+- Crowdstrike Falcon Responder [\#423](https://github.com/TheHive-Project/Cortex-Analyzers/issues/423)
+- Backscatter.io Analyzer [\#422](https://github.com/TheHive-Project/Cortex-Analyzers/issues/422)
+
+**Merged pull requests:**
+
+- added templates for AbuseIPDB [\#425](https://github.com/TheHive-Project/Cortex-Analyzers/pull/425) ([mlodic](https://github.com/mlodic))
+- A responder for the Crowdstrike Falcon custom IOC api [\#421](https://github.com/TheHive-Project/Cortex-Analyzers/pull/421) ([ag-michael](https://github.com/ag-michael))
+- New analyzer: Backscatter.io [\#420](https://github.com/TheHive-Project/Cortex-Analyzers/pull/420) ([9b](https://github.com/9b))
+- Added AbuseIPDB analyzer [\#400](https://github.com/TheHive-Project/Cortex-Analyzers/pull/400) ([mlodic](https://github.com/mlodic))
+
+## [1.15.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.15.3) (2019-02-28)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.15.2...1.15.3)
+
+**Implemented enhancements:**
+
+- \[FR\] New URLhaus API [\#431](https://github.com/TheHive-Project/Cortex-Analyzers/issues/431)
+- Updating Cuckoo Analyzer/Report Templates [\#418](https://github.com/TheHive-Project/Cortex-Analyzers/pull/418) ([nicpenning](https://github.com/nicpenning))
+
+**Fixed bugs:**
+
+- Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing [\#417](https://github.com/TheHive-Project/Cortex-Analyzers/issues/417)
+
+## [1.15.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.15.2) (2019-02-11)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.15.1...1.15.2)
+
+**Implemented enhancements:**
+
+- Wrong File handling in OTXQuery Analyzer [\#313](https://github.com/TheHive-Project/Cortex-Analyzers/issues/313)
+
+**Fixed bugs:**
+
+- MISP Analyzer only queries first configured MISP instance [\#378](https://github.com/TheHive-Project/Cortex-Analyzers/issues/378)
+- Issue with encoding in mailer responder [\#416](https://github.com/TheHive-Project/Cortex-Analyzers/issues/416)
+- Restrict UnshortenLink usage to urls without IPs and/or ports [\#413](https://github.com/TheHive-Project/Cortex-Analyzers/issues/413)
+- Crtsh Analyzer: crt.sh result is a nested list [\#410](https://github.com/TheHive-Project/Cortex-Analyzers/issues/410)
+- MISP: fix requirements; enum not required for python 3.4+ [\#409](https://github.com/TheHive-Project/Cortex-Analyzers/issues/409)
+- FileInfo Manalyze - \[plugin\_btcaddress\] Renamed to plugin\_cryptoaddress. [\#408](https://github.com/TheHive-Project/Cortex-Analyzers/issues/408)
+-  Bug: a broken link in the Cymon\_Check\_IP report [\#406](https://github.com/TheHive-Project/Cortex-Analyzers/issues/406)
+- Fix for \#410 removed wrapping of crt.sh result in a list [\#411](https://github.com/TheHive-Project/Cortex-Analyzers/pull/411) ([sprungknoedl](https://github.com/sprungknoedl))
+
+**Closed issues:**
+
+- EmlParser\_1\_1 not parsing .msg files [\#401](https://github.com/TheHive-Project/Cortex-Analyzers/issues/401)
+
+**Merged pull requests:**
+
+- Fix a broken link in the Cymon\_Check\_IP report [\#407](https://github.com/TheHive-Project/Cortex-Analyzers/pull/407) ([ninoseki](https://github.com/ninoseki))
+
+## [1.15.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.15.1) (2019-01-09)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.15.0...1.15.1)
+
+**Fixed bugs:**
+
+- Wrong command path in HIBP\_Query.json [\#404](https://github.com/TheHive-Project/Cortex-Analyzers/issues/404)
+- fix the lack of dependency called enum in ubuntu 16.04 [\#398](https://github.com/TheHive-Project/Cortex-Analyzers/pull/398) ([yojo3000](https://github.com/yojo3000))
+
+**Closed issues:**
+
+- Malwares Analyzer for Python 3.4+ [\#402](https://github.com/TheHive-Project/Cortex-Analyzers/issues/402)
+
+**Merged pull requests:**
+
+- make code python 3.4 compatible [\#403](https://github.com/TheHive-Project/Cortex-Analyzers/pull/403) ([dadokkio](https://github.com/dadokkio))
+
+## [1.15.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.15.0) (2018-12-20)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.14.4...1.15.0)
+
+**Implemented enhancements:**
+
+- Improvement: Eml\_Parser Analyzer & Template [\#394](https://github.com/TheHive-Project/Cortex-Analyzers/issues/394)
+- Revamp Shodan analyzer [\#327](https://github.com/TheHive-Project/Cortex-Analyzers/issues/327)
+- Update DomainTools analyzer with new flavors [\#320](https://github.com/TheHive-Project/Cortex-Analyzers/issues/320)
+- Add support for query parameters in DNSDB [\#318](https://github.com/TheHive-Project/Cortex-Analyzers/issues/318)
+- Improvement: Eml\_Parser Analyzer & Template [\#393](https://github.com/TheHive-Project/Cortex-Analyzers/pull/393) ([arnydo](https://github.com/arnydo))
+- Analyzer/Umbrella & Templates [\#392](https://github.com/TheHive-Project/Cortex-Analyzers/pull/392) ([arnydo](https://github.com/arnydo))
+- Improve/mailer [\#376](https://github.com/TheHive-Project/Cortex-Analyzers/pull/376) ([arnydo](https://github.com/arnydo))
+- Additional features for IBM X-force plug-in [\#368](https://github.com/TheHive-Project/Cortex-Analyzers/pull/368) ([gekkeharry13](https://github.com/gekkeharry13))
+- Revamp Shodan analyzer [\#328](https://github.com/TheHive-Project/Cortex-Analyzers/pull/328) ([amr-cossi](https://github.com/amr-cossi))
+- Feature/domain tools more flavors [\#321](https://github.com/TheHive-Project/Cortex-Analyzers/pull/321) ([amr-cossi](https://github.com/amr-cossi))
+
+**Fixed bugs:**
+
+- Fortigard Report Template needs to be updated with new reclassification url [\#345](https://github.com/TheHive-Project/Cortex-Analyzers/issues/345)
+
+**Closed issues:**
+
+- Analyzer report samples/examples [\#390](https://github.com/TheHive-Project/Cortex-Analyzers/issues/390)
+- New Analyzer: Cisco Umbrella Reporting [\#385](https://github.com/TheHive-Project/Cortex-Analyzers/issues/385)
+- Cisco Umbrella Blacklister Responder [\#382](https://github.com/TheHive-Project/Cortex-Analyzers/issues/382)
+- New analyzer : Cyberprotect ThreatScore [\#373](https://github.com/TheHive-Project/Cortex-Analyzers/issues/373)
+- New Analyzer: SecurityTrails [\#370](https://github.com/TheHive-Project/Cortex-Analyzers/issues/370)
+- Analyzer - Haveibeenpwned.com Lookup [\#190](https://github.com/TheHive-Project/Cortex-Analyzers/issues/190)
+
+**Merged pull requests:**
+
+- Adding Patrowl analyzer [\#386](https://github.com/TheHive-Project/Cortex-Analyzers/pull/386) ([MaKyOtOx](https://github.com/MaKyOtOx))
+- Responder/umbrella blacklister [\#383](https://github.com/TheHive-Project/Cortex-Analyzers/pull/383) ([arnydo](https://github.com/arnydo))
+- HIBP\_Query - Option to include Unverified Breaches [\#381](https://github.com/TheHive-Project/Cortex-Analyzers/pull/381) ([arnydo](https://github.com/arnydo))
+- New analyzer : Cyberprotect ThreatScore [\#374](https://github.com/TheHive-Project/Cortex-Analyzers/pull/374) ([remiallain](https://github.com/remiallain))
+- feat: add SecurityTrails analyzers [\#371](https://github.com/TheHive-Project/Cortex-Analyzers/pull/371) ([ninoseki](https://github.com/ninoseki))
+- Added HIBP Analyzer with templates [\#367](https://github.com/TheHive-Project/Cortex-Analyzers/pull/367) ([crackytsi](https://github.com/crackytsi))
+- Fix Fortiguard reclassification request URL [\#346](https://github.com/TheHive-Project/Cortex-Analyzers/pull/346) ([megan201296](https://github.com/megan201296))
+- Add DNSDB API parameters [\#319](https://github.com/TheHive-Project/Cortex-Analyzers/pull/319) ([amr-cossi](https://github.com/amr-cossi))
+
+## [1.14.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.14.4) (2018-12-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.14.3...1.14.4)
+
+**Implemented enhancements:**
+
+- Add option to specify SMTP Port for Mailer Responder [\#377](https://github.com/TheHive-Project/Cortex-Analyzers/issues/377)
+- Virustotal: update short reports to distinguish Scan from GetReport flavors [\#389](https://github.com/TheHive-Project/Cortex-Analyzers/issues/389)
+
+**Fixed bugs:**
+
+- msg-extractor library has been updated and brakes FileInfo analyzer [\#384](https://github.com/TheHive-Project/Cortex-Analyzers/issues/384)
+
+## [1.14.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.14.3) (2018-11-28)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.14.2...1.14.3)
+
+**Fixed bugs:**
+
+- eml\_parser Unexpected Error: list index out of range [\#352](https://github.com/TheHive-Project/Cortex-Analyzers/issues/352)
+
+**Closed issues:**
+
+- CERTatPassiveDNS\_2\_0 Invalid File for WHOIS.sh [\#349](https://github.com/TheHive-Project/Cortex-Analyzers/issues/349)
+
+## [1.14.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.14.2) (2018-11-16)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.14.1...1.14.2)
+
+**Fixed bugs:**
+
+- Fix URLHaus long template [\#375](https://github.com/TheHive-Project/Cortex-Analyzers/issues/375)
+
+## [1.14.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.14.1) (2018-11-09)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.14.0...1.14.1)
+
+**Implemented enhancements:**
+
+- Fix for Fortiguard to handle FQDNs as well as domains and urls [\#358](https://github.com/TheHive-Project/Cortex-Analyzers/pull/358) ([phpsystems](https://github.com/phpsystems))
+
+**Fixed bugs:**
+
+- Proofpoint analyzer definition missing the configuration objects [\#366](https://github.com/TheHive-Project/Cortex-Analyzers/issues/366)
+- fix in case GSB value is missing [\#365](https://github.com/TheHive-Project/Cortex-Analyzers/pull/365) ([garanews](https://github.com/garanews))
+- fix: "cut: the delimiter must be a single character" [\#364](https://github.com/TheHive-Project/Cortex-Analyzers/pull/364) ([garanews](https://github.com/garanews))
+
+**Closed issues:**
+
+- FileInfo 5.0 Dockerized .exe analysis [\#369](https://github.com/TheHive-Project/Cortex-Analyzers/issues/369)
+
+## [1.14.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.14.0) (2018-10-26)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.13.2...1.14.0)
+
+**Implemented enhancements:**
+
+- MISP WarningLists CIDR notation support [\#197](https://github.com/TheHive-Project/Cortex-Analyzers/issues/197)
+- Fixes file not found issue and empty result set in CERT.at passive dns analyzer [\#362](https://github.com/TheHive-Project/Cortex-Analyzers/issues/362)
+- Add RTF support in FileInfo [\#360](https://github.com/TheHive-Project/Cortex-Analyzers/issues/360)
+- PassiveTotal\_Passive\_Dns\_2\_0 ordering issue [\#329](https://github.com/TheHive-Project/Cortex-Analyzers/issues/329)
+- Add new flavors in Onyphe analyzer [\#324](https://github.com/TheHive-Project/Cortex-Analyzers/issues/324)
+- Urlscan Analyzer [\#131](https://github.com/TheHive-Project/Cortex-Analyzers/issues/131)
+- PassiveTotal\_Passive\_Dns\_2\_0: Improve the ordering of the records [\#330](https://github.com/TheHive-Project/Cortex-Analyzers/pull/330) ([ninoseki](https://github.com/ninoseki))
+- Fix a typo in URLhaus's long.html [\#348](https://github.com/TheHive-Project/Cortex-Analyzers/pull/348) ([ninoseki](https://github.com/ninoseki))
+- Add RecordedFuture Analyzer [\#347](https://github.com/TheHive-Project/Cortex-Analyzers/pull/347) ([jojoob](https://github.com/jojoob))
+- Add urlscan.io search analyzer [\#337](https://github.com/TheHive-Project/Cortex-Analyzers/pull/337) ([ninoseki](https://github.com/ninoseki))
+- Add Datascan and Inetnum flavors [\#326](https://github.com/TheHive-Project/Cortex-Analyzers/pull/326) ([amr-cossi](https://github.com/amr-cossi))
+- New Analyzer: Investigate [\#310](https://github.com/TheHive-Project/Cortex-Analyzers/pull/310) ([yasty](https://github.com/yasty))
+- New analyzer : Google DNS over HTTPS [\#305](https://github.com/TheHive-Project/Cortex-Analyzers/pull/305) ([0xswitch](https://github.com/0xswitch))
+
+**Fixed bugs:**
+
+- Cortex Responder - Invalid Output [\#331](https://github.com/TheHive-Project/Cortex-Analyzers/issues/331)
+- Force python3 for MISP-Analyzer [\#356](https://github.com/TheHive-Project/Cortex-Analyzers/issues/356)
+- HybridAnalysis analyzer does not properly handle filenames on some cases [\#323](https://github.com/TheHive-Project/Cortex-Analyzers/issues/323)
+
+**Closed issues:**
+
+- Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro [\#357](https://github.com/TheHive-Project/Cortex-Analyzers/issues/357)
+- Yara analyzer: 'can't open include file' [\#354](https://github.com/TheHive-Project/Cortex-Analyzers/issues/354)
+- Add support to responders in cortexutils [\#316](https://github.com/TheHive-Project/Cortex-Analyzers/issues/316)
+- Could not get Yeti analyzer worked in cortex [\#307](https://github.com/TheHive-Project/Cortex-Analyzers/issues/307)
+- Request for a Cortex Analyzer for Recorded Future [\#102](https://github.com/TheHive-Project/Cortex-Analyzers/issues/102)
+- New Analyzer: Investigate [\#309](https://github.com/TheHive-Project/Cortex-Analyzers/issues/309)
+- New analyzer : Google DNS over HTTPS  [\#306](https://github.com/TheHive-Project/Cortex-Analyzers/issues/306)
+- Proofpoint Forensics Lookup [\#117](https://github.com/TheHive-Project/Cortex-Analyzers/issues/117)
+
+## [1.13.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.13.2) (2018-10-16)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.13.1...1.13.2)
+
+**Fixed bugs:**
+
+- Cuckoo file submission Analyzer error [\#177](https://github.com/TheHive-Project/Cortex-Analyzers/issues/177)
+
+## [1.13.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.13.1) (2018-09-19)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.13.0...1.13.1)
+
+**Fixed bugs:**
+
+- Wrong datatype in artifact\(\) in DShield analyzer  [\#344](https://github.com/TheHive-Project/Cortex-Analyzers/issues/344)
+
+## [1.13.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.13.0) (2018-09-18)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.12.0...1.13.0)
+
+**Implemented enhancements:**
+
+- Whois History  has no mini report [\#339](https://github.com/TheHive-Project/Cortex-Analyzers/issues/339)
+- New analyzer: Pulsedive [\#303](https://github.com/TheHive-Project/Cortex-Analyzers/issues/303)
+- New analyzer : Hunter.io [\#293](https://github.com/TheHive-Project/Cortex-Analyzers/issues/293)
+- add Phishing Initiative Scan analyzer. [\#317](https://github.com/TheHive-Project/Cortex-Analyzers/pull/317) ([sigalpes](https://github.com/sigalpes))
+- New analyzer: DShield [\#300](https://github.com/TheHive-Project/Cortex-Analyzers/pull/300) ([xme](https://github.com/xme))
+- Fortiguard url taxonomy [\#296](https://github.com/TheHive-Project/Cortex-Analyzers/pull/296) ([srilumpa](https://github.com/srilumpa))
+- New analyzer: Hunter.io [\#294](https://github.com/TheHive-Project/Cortex-Analyzers/pull/294) ([remiallain](https://github.com/remiallain))
+
+**Fixed bugs:**
+
+- Fix issues with VMRay analyzer [\#332](https://github.com/TheHive-Project/Cortex-Analyzers/issues/332)
+- Fix code in Domaintools analyzer [\#341](https://github.com/TheHive-Project/Cortex-Analyzers/issues/341)
+- Wrong template in C1fApp analyzer short report [\#340](https://github.com/TheHive-Project/Cortex-Analyzers/issues/340)
+- MISP Analysis failes  [\#335](https://github.com/TheHive-Project/Cortex-Analyzers/issues/335)
+- \[URLhaus\] Change of format from URLhaus [\#308](https://github.com/TheHive-Project/Cortex-Analyzers/issues/308)
+- FortiGuard URL: taxonomy is too rigid [\#295](https://github.com/TheHive-Project/Cortex-Analyzers/issues/295)
+
+**Closed issues:**
+
+- Cortex Responder - "thehive:log" datatype [\#343](https://github.com/TheHive-Project/Cortex-Analyzers/issues/343)
+- DomainTools Analyzer Risk is broken. Gives authentication errors [\#338](https://github.com/TheHive-Project/Cortex-Analyzers/issues/338)
+- StopForumSpam analyzer [\#205](https://github.com/TheHive-Project/Cortex-Analyzers/issues/205)
+- Fireeye iSIGHT Analyzer [\#160](https://github.com/TheHive-Project/Cortex-Analyzers/issues/160)
+- Manalyze analyzer [\#116](https://github.com/TheHive-Project/Cortex-Analyzers/issues/116)
+
+**Merged pull requests:**
+
+- Manalyze submodule for FileInfo analyzer [\#333](https://github.com/TheHive-Project/Cortex-Analyzers/pull/333) ([3c7](https://github.com/3c7))
+
+## [1.12.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.12.0) (2018-07-31)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.11.0...1.12.0)
+
+**Merged pull requests:**
+
+- Eml Parser analyzer [\#260](https://github.com/TheHive-Project/Cortex-Analyzers/pull/260) ([ninSmith](https://github.com/ninSmith))
+
+## [1.11.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.11.0) (2018-07-13)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.10.4...1.11.0)
+
+**Implemented enhancements:**
+
+- New DomainTools API services requires new analyzer [\#240](https://github.com/TheHive-Project/Cortex-Analyzers/issues/240)
+- remove double quotes in short reports [\#291](https://github.com/TheHive-Project/Cortex-Analyzers/issues/291)
+- Update DomainTools Analyzer to pull Risk and Proximity Score [\#214](https://github.com/TheHive-Project/Cortex-Analyzers/issues/214)
+- \[OS3 Hackathon\] Refactor File\_Info Analyzer [\#212](https://github.com/TheHive-Project/Cortex-Analyzers/issues/212)
+- VirusTotal URL report [\#289](https://github.com/TheHive-Project/Cortex-Analyzers/pull/289) ([srilumpa](https://github.com/srilumpa))
+- Add URLHaus analyzer [\#271](https://github.com/TheHive-Project/Cortex-Analyzers/pull/271) ([3c7](https://github.com/3c7))
+
+**Fixed bugs:**
+
+- Analyzer Issue : Abuse\_Finder  [\#277](https://github.com/TheHive-Project/Cortex-Analyzers/issues/277)
+- Malwares analyzer has wrong api URL  [\#292](https://github.com/TheHive-Project/Cortex-Analyzers/issues/292)
+- MISP analyzer certificate validation and name configuration [\#286](https://github.com/TheHive-Project/Cortex-Analyzers/issues/286)
+- FileInfo fixes [\#281](https://github.com/TheHive-Project/Cortex-Analyzers/issues/281)
+
+**Closed issues:**
+
+- disable [\#301](https://github.com/TheHive-Project/Cortex-Analyzers/issues/301)
+- New analyzer: DShield [\#299](https://github.com/TheHive-Project/Cortex-Analyzers/issues/299)
+- New Analyzer: hashdd [\#282](https://github.com/TheHive-Project/Cortex-Analyzers/issues/282)
+
+**Merged pull requests:**
+
+- Feature/urlhaus analyzer [\#285](https://github.com/TheHive-Project/Cortex-Analyzers/pull/285) ([ninoseki](https://github.com/ninoseki))
+- Add hashdd analyzer [\#284](https://github.com/TheHive-Project/Cortex-Analyzers/pull/284) ([iosonogio](https://github.com/iosonogio))
+
+## [1.10.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.10.4) (2018-06-23)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.10.3...1.10.4)
+
+**Fixed bugs:**
+
+- IBM X-Force and Abuse finder problems found in shorts and long report [\#290](https://github.com/TheHive-Project/Cortex-Analyzers/issues/290)
+
+## [1.10.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.10.3) (2018-06-18)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.10.2...1.10.3)
+
+**Implemented enhancements:**
+
+- New analyzer : Threatcrowd [\#243](https://github.com/TheHive-Project/Cortex-Analyzers/issues/243)
+- Msg\_Parser analyser show for all files [\#136](https://github.com/TheHive-Project/Cortex-Analyzers/issues/136)
+
+**Fixed bugs:**
+
+- ibm xforce analyzer "show-all" buttons don't work [\#287](https://github.com/TheHive-Project/Cortex-Analyzers/issues/287)
+
+**Closed issues:**
+
+- Ofuscating an IOC signature before analyzing on VT  [\#288](https://github.com/TheHive-Project/Cortex-Analyzers/issues/288)
+- IBM X-Force Exchange Analyzer [\#144](https://github.com/TheHive-Project/Cortex-Analyzers/issues/144)
+- API Keys to be submitted through Cortex for Analyzers [\#7](https://github.com/TheHive-Project/Cortex-Analyzers/issues/7)
+
+## [1.10.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.10.2) (2018-06-08)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.10.1...1.10.2)
+
+**Fixed bugs:**
+
+- File encoding issue in Threatcrowd json file [\#283](https://github.com/TheHive-Project/Cortex-Analyzers/issues/283)
+- IBMXForce template name [\#280](https://github.com/TheHive-Project/Cortex-Analyzers/issues/280)
+- Allow to set self signed certificates in VMRay analyzer [\#279](https://github.com/TheHive-Project/Cortex-Analyzers/issues/279)
+- IBMXforce Analyzer forces TLP1 [\#278](https://github.com/TheHive-Project/Cortex-Analyzers/issues/278)
+- Greynoise minireport does not give any info when there is no record in report [\#275](https://github.com/TheHive-Project/Cortex-Analyzers/issues/275)
+- encoding problem in ThreatCrowd [\#273](https://github.com/TheHive-Project/Cortex-Analyzers/issues/273)
+
+**Closed issues:**
+
+- Yara config for multi pathes is not parsing correctly in platform [\#274](https://github.com/TheHive-Project/Cortex-Analyzers/issues/274)
+
+## [1.10.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.10.1) (2018-06-06)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.10.0...1.10.1)
+
+**Fixed bugs:**
+
+- Wrong name for Staxx report template [\#272](https://github.com/TheHive-Project/Cortex-Analyzers/issues/272)
+
+## [1.10.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.10.0) (2018-06-06)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.7...1.10.0)
+
+**Implemented enhancements:**
+
+- New analyzer: malwares.com [\#251](https://github.com/TheHive-Project/Cortex-Analyzers/issues/251)
+- Release 1.10.0 [\#270](https://github.com/TheHive-Project/Cortex-Analyzers/issues/270)
+- No short report in Hybrid-Analysis when there is no result [\#267](https://github.com/TheHive-Project/Cortex-Analyzers/issues/267)
+- Add ip dataType to CERT.at Passive DNS analyzer [\#237](https://github.com/TheHive-Project/Cortex-Analyzers/issues/237)
+- Grey Noise analyzer [\#231](https://github.com/TheHive-Project/Cortex-Analyzers/issues/231)
+- URLhaus analyzer [\#226](https://github.com/TheHive-Project/Cortex-Analyzers/issues/226)
+- cybercrime-tracker.net analyzer [\#220](https://github.com/TheHive-Project/Cortex-Analyzers/issues/220)
+- Anomali Staxx Analyzer [\#180](https://github.com/TheHive-Project/Cortex-Analyzers/issues/180)
+- Download only new hash files [\#242](https://github.com/TheHive-Project/Cortex-Analyzers/pull/242) ([ktneely](https://github.com/ktneely))
+- Develop branch, add Staxx Analyzer [\#263](https://github.com/TheHive-Project/Cortex-Analyzers/pull/263) ([robertnixon2003](https://github.com/robertnixon2003))
+- Improve EmergingThreats analyzers [\#259](https://github.com/TheHive-Project/Cortex-Analyzers/pull/259) ([ant1](https://github.com/ant1))
+- Created Mnemonic PDNS public and closed analyzers [\#256](https://github.com/TheHive-Project/Cortex-Analyzers/pull/256) ([NFCERT](https://github.com/NFCERT))
+- New analyzer: malwares.com [\#252](https://github.com/TheHive-Project/Cortex-Analyzers/pull/252) ([garanews](https://github.com/garanews))
+- add UnshortenLink analyzer [\#247](https://github.com/TheHive-Project/Cortex-Analyzers/pull/247) ([sigalpes](https://github.com/sigalpes))
+- add threatcrowd analyzer [\#244](https://github.com/TheHive-Project/Cortex-Analyzers/pull/244) ([remiallain](https://github.com/remiallain))
+- JoeSandbox analyzers: use a sane analysis timeout [\#239](https://github.com/TheHive-Project/Cortex-Analyzers/pull/239) ([ant1](https://github.com/ant1))
+- GreyNoise analyzer [\#236](https://github.com/TheHive-Project/Cortex-Analyzers/pull/236) ([danielbrowne](https://github.com/danielbrowne))
+- cybercrime-tracker.net analyzer [\#222](https://github.com/TheHive-Project/Cortex-Analyzers/pull/222) ([ph34tur3](https://github.com/ph34tur3))
+- created IBMXForce analyzer [\#187](https://github.com/TheHive-Project/Cortex-Analyzers/pull/187) ([garanews](https://github.com/garanews))
+
+**Fixed bugs:**
+
+- Payloadsecurity [\#262](https://github.com/TheHive-Project/Cortex-Analyzers/issues/262)
+- Bug in EmergingThreats\_MalwareInfo analyzer [\#258](https://github.com/TheHive-Project/Cortex-Analyzers/issues/258)
+- Error in permalink in Cymon long report template [\#238](https://github.com/TheHive-Project/Cortex-Analyzers/issues/238)
+- Added the executable flag to cuckoosandbox\_analyzer.py [\#266](https://github.com/TheHive-Project/Cortex-Analyzers/pull/266) ([Jack28](https://github.com/Jack28))
+- MISP WarningLists - Handling IP address lookup in CIDR IP ranges [\#200](https://github.com/TheHive-Project/Cortex-Analyzers/pull/200) ([srilumpa](https://github.com/srilumpa))
+
+**Closed issues:**
+
+- Create GreyNoise analyzer template [\#269](https://github.com/TheHive-Project/Cortex-Analyzers/issues/269)
+
+**Merged pull requests:**
+
+- Add URLhaus analyzer [\#227](https://github.com/TheHive-Project/Cortex-Analyzers/pull/227) ([ninoseki](https://github.com/ninoseki))
+
+## [1.9.7](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.7) (2018-05-29)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.6...1.9.7)
+
+**Implemented enhancements:**
+
+- Update analyzers configuration for Cortex2 [\#172](https://github.com/TheHive-Project/Cortex-Analyzers/issues/172)
+
+**Fixed bugs:**
+
+- Yara no longer processing rules after cortex 2.0 update [\#245](https://github.com/TheHive-Project/Cortex-Analyzers/issues/245)
+
+**Closed issues:**
+
+- extend templates with external libraries [\#250](https://github.com/TheHive-Project/Cortex-Analyzers/issues/250)
+- Bluecoat Analyzer [\#85](https://github.com/TheHive-Project/Cortex-Analyzers/issues/85)
+
+## [1.9.6](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.6) (2018-04-25)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.5...1.9.6)
+
+**Fixed bugs:**
+
+- Yeti pyton lib fails to install for python\_version \> 2.7 [\#241](https://github.com/TheHive-Project/Cortex-Analyzers/issues/241)
+
+## [1.9.5](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.5) (2018-04-18)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.4...1.9.5)
+
+**Fixed bugs:**
+
+- Remove emerging threat wrong template files [\#233](https://github.com/TheHive-Project/Cortex-Analyzers/issues/233)
+- Censys analyzer : no uid given but the parameter is set [\#232](https://github.com/TheHive-Project/Cortex-Analyzers/issues/232)
+
+## [1.9.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.4) (2018-04-13)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.3...1.9.4)
+
+**Implemented enhancements:**
+
+- CIRCLPassiveSSL\_2\_0 requires colons or dashes in hashes [\#229](https://github.com/TheHive-Project/Cortex-Analyzers/issues/229)
+
+**Fixed bugs:**
+
+- Hybrid Analysis returns success when filename query didn't work [\#223](https://github.com/TheHive-Project/Cortex-Analyzers/issues/223)
+- Fix JSB Url Analysis template [\#207](https://github.com/TheHive-Project/Cortex-Analyzers/pull/207) ([ant1](https://github.com/ant1))
+
+## [1.9.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.3) (2018-04-09)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.2...1.9.3)
+
+**Implemented enhancements:**
+
+- Cuckoo Analyzer changes the name of the file [\#188](https://github.com/TheHive-Project/Cortex-Analyzers/issues/188)
+
+**Fixed bugs:**
+
+- Fix the default config of Cymon\_Check\_IP analyzer [\#225](https://github.com/TheHive-Project/Cortex-Analyzers/issues/225)
+- Restrict abuse\_finder and file\_info dependencies to Python 2.7 [\#224](https://github.com/TheHive-Project/Cortex-Analyzers/issues/224)
+- MISPWarningLists Analyzer searches for hashes case sensitive [\#221](https://github.com/TheHive-Project/Cortex-Analyzers/issues/221)
+- Bluecoat Categorization failes [\#216](https://github.com/TheHive-Project/Cortex-Analyzers/issues/216)
+- View All in template long not working [\#208](https://github.com/TheHive-Project/Cortex-Analyzers/issues/208)
+
+**Closed issues:**
+
+- Feature Request: haveibeenpwned.com [\#189](https://github.com/TheHive-Project/Cortex-Analyzers/issues/189)
+
+## [1.9.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.2) (2018-04-04)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.1...1.9.2)
+
+**Fixed bugs:**
+
+- Hybrid Analysis analyzer successful even if rate limit reached [\#215](https://github.com/TheHive-Project/Cortex-Analyzers/issues/215)
+- Data field missing on file submission [\#218](https://github.com/TheHive-Project/Cortex-Analyzers/issues/218)
+
+**Closed issues:**
+
+- Supper the new auto extract config name [\#219](https://github.com/TheHive-Project/Cortex-Analyzers/issues/219)
+- OTXQuery\_2\_0 failes with Cortex2 [\#217](https://github.com/TheHive-Project/Cortex-Analyzers/issues/217)
+
+## [1.9.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.1) (2018-03-30)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.9.0...1.9.1)
+
+## [1.9.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.9.0) (2018-03-29)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.8.3...1.9.0)
+
+**Implemented enhancements:**
+
+- DomainTools\_ReverseIP should accept fqdn and/or domain as datatype [\#193](https://github.com/TheHive-Project/Cortex-Analyzers/issues/193)
+- Manage domain datatype in Name\_history service of DNSDB analyzer [\#183](https://github.com/TheHive-Project/Cortex-Analyzers/issues/183)
+- Manage fqdn datatype in domain\_name service of DNSDB analyzer [\#182](https://github.com/TheHive-Project/Cortex-Analyzers/issues/182)
+- Improve Phishtank maliciousness results  [\#181](https://github.com/TheHive-Project/Cortex-Analyzers/issues/181)
+- IP type for CIRCL Passive DNS and others [\#99](https://github.com/TheHive-Project/Cortex-Analyzers/issues/99)
+- WIP: PEP8 all the things [\#165](https://github.com/TheHive-Project/Cortex-Analyzers/pull/165) ([3c7](https://github.com/3c7))
+- added Malpedia Analyzer [\#168](https://github.com/TheHive-Project/Cortex-Analyzers/pull/168) ([garanews](https://github.com/garanews))
+
+**Fixed bugs:**
+
+- Fortiguard analyzer : use HTTPS to request fortiguard service [\#201](https://github.com/TheHive-Project/Cortex-Analyzers/issues/201)
+
+**Merged pull requests:**
+
+- Fixes some problems with automatic artifact extraction [\#184](https://github.com/TheHive-Project/Cortex-Analyzers/pull/184) ([3c7](https://github.com/3c7))
+- Addedd cymon cortex analyzers [\#133](https://github.com/TheHive-Project/Cortex-Analyzers/pull/133) ([ST2Labs](https://github.com/ST2Labs))
+
+## [1.8.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.8.3) (2018-03-23)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.8.2...1.8.3)
+
+**Fixed bugs:**
+
+- Abuse\_Finder\_2\_0 - Invalid analyzer output format [\#211](https://github.com/TheHive-Project/Cortex-Analyzers/issues/211)
+- Bug in Abuse\_Finder Analyzer [\#161](https://github.com/TheHive-Project/Cortex-Analyzers/issues/161)
+
+## [1.8.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.8.2) (2018-03-21)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.8.1...1.8.2)
+
+**Fixed bugs:**
+
+- Cortex-Analyzer - MISP-plugin without proxy support/recognition [\#209](https://github.com/TheHive-Project/Cortex-Analyzers/issues/209)
+- Bug: FortiGuard URLCategory Failure [\#203](https://github.com/TheHive-Project/Cortex-Analyzers/issues/203)
+- Onyphe\_Ports\_1\_0 return bad data in JSON object [\#169](https://github.com/TheHive-Project/Cortex-Analyzers/issues/169)
+- Joe Sandbox Analyzer returning error [\#156](https://github.com/TheHive-Project/Cortex-Analyzers/issues/156)
+- use https for request [\#204](https://github.com/TheHive-Project/Cortex-Analyzers/pull/204) ([ecapuano](https://github.com/ecapuano))
+- MISP WarningLists reports [\#196](https://github.com/TheHive-Project/Cortex-Analyzers/pull/196) ([srilumpa](https://github.com/srilumpa))
+
+**Closed issues:**
+
+- Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option [\#210](https://github.com/TheHive-Project/Cortex-Analyzers/issues/210)
+- MISP WarningLists long report does not display results [\#195](https://github.com/TheHive-Project/Cortex-Analyzers/issues/195)
+- error in MISP/requirements.txt [\#179](https://github.com/TheHive-Project/Cortex-Analyzers/issues/179)
+
+## [1.8.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.8.1) (2018-02-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.8.0...1.8.1)
+
+**Implemented enhancements:**
+
+- Updating VMRay Analyzer to accept files as dataType [\#157](https://github.com/TheHive-Project/Cortex-Analyzers/issues/157)
+
+**Fixed bugs:**
+
+- Bluecoat analyzer fails if domain contains subdomain [\#173](https://github.com/TheHive-Project/Cortex-Analyzers/issues/173)
+
+**Closed issues:**
+
+- Malpedia \(yara\) Analyzer [\#166](https://github.com/TheHive-Project/Cortex-Analyzers/issues/166)
+
+## [1.8.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.8.0) (2018-01-11)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.7.1...1.8.0)
+
+**Implemented enhancements:**
+
+- VirusTotal ignores Environment Proxies [\#130](https://github.com/TheHive-Project/Cortex-Analyzers/issues/130)
+- Feature/bluecoat [\#84](https://github.com/TheHive-Project/Cortex-Analyzers/pull/84) ([0xswitch](https://github.com/0xswitch))
+- Fixes \#149, removes download\_hashes.py [\#155](https://github.com/TheHive-Project/Cortex-Analyzers/pull/155) ([3c7](https://github.com/3c7))
+- Joe Sandbox API version 2 support [\#141](https://github.com/TheHive-Project/Cortex-Analyzers/pull/141) ([ant1](https://github.com/ant1))
+
+**Fixed bugs:**
+
+- MISP analyzer certpath option doesn't accept bool value [\#164](https://github.com/TheHive-Project/Cortex-Analyzers/issues/164)
+- VirusShare downloader bash script bug [\#149](https://github.com/TheHive-Project/Cortex-Analyzers/issues/149)
+- Cuckoo Analysis Fails [\#162](https://github.com/TheHive-Project/Cortex-Analyzers/issues/162)
+- Fix getting filenames in analyzers [\#140](https://github.com/TheHive-Project/Cortex-Analyzers/pull/140) ([ant1](https://github.com/ant1))
+- fix snort alerts [\#163](https://github.com/TheHive-Project/Cortex-Analyzers/pull/163) ([garanews](https://github.com/garanews))
+
+**Closed issues:**
+
+- Censys.io analyzer [\#135](https://github.com/TheHive-Project/Cortex-Analyzers/issues/135)
+- C1fApp Analyzer [\#64](https://github.com/TheHive-Project/Cortex-Analyzers/issues/64)
+- URLQuery Analyzer [\#18](https://github.com/TheHive-Project/Cortex-Analyzers/issues/18)
+- MISP Warninglists analyzer [\#124](https://github.com/TheHive-Project/Cortex-Analyzers/issues/124)
+- PayloadSecurity Sandbox [\#121](https://github.com/TheHive-Project/Cortex-Analyzers/issues/121)
+- SinkDB Analyzer [\#112](https://github.com/TheHive-Project/Cortex-Analyzers/issues/112)
+- C1fApp OSINT analyzer [\#103](https://github.com/TheHive-Project/Cortex-Analyzers/issues/103)
+- TOR Exit Nodes IPs Analyzer [\#45](https://github.com/TheHive-Project/Cortex-Analyzers/issues/45)
+
+**Merged pull requests:**
+
+- Fixed requirements parsing MsgParser/requirements.txt [\#159](https://github.com/TheHive-Project/Cortex-Analyzers/pull/159) ([peasead](https://github.com/peasead))
+- Censys.io analyzer [\#153](https://github.com/TheHive-Project/Cortex-Analyzers/pull/153) ([3c7](https://github.com/3c7))
+- C1fApp Initial version [\#119](https://github.com/TheHive-Project/Cortex-Analyzers/pull/119) ([etz69](https://github.com/etz69))
+- Fix mode when creating FireHOL ipset directory [\#158](https://github.com/TheHive-Project/Cortex-Analyzers/pull/158) ([srilumpa](https://github.com/srilumpa))
+- Add Onyphe analyzers [\#152](https://github.com/TheHive-Project/Cortex-Analyzers/pull/152) ([Pierre-Baudry](https://github.com/Pierre-Baudry))
+- Tor blutmagie [\#139](https://github.com/TheHive-Project/Cortex-Analyzers/pull/139) ([srilumpa](https://github.com/srilumpa))
+- Tor project analyzer [\#138](https://github.com/TheHive-Project/Cortex-Analyzers/pull/138) ([srilumpa](https://github.com/srilumpa))
+- Added SinkDB analyzer [\#134](https://github.com/TheHive-Project/Cortex-Analyzers/pull/134) ([3c7](https://github.com/3c7))
+- Added MISP warning lists analyzer [\#129](https://github.com/TheHive-Project/Cortex-Analyzers/pull/129) ([3c7](https://github.com/3c7))
+- Robtex API Analyzer [\#105](https://github.com/TheHive-Project/Cortex-Analyzers/pull/105) ([3c7](https://github.com/3c7))
+
+## [1.7.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.7.1) (2017-12-06)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.7.0...1.7.1)
+
+**Closed issues:**
+
+- Issue with Shodan Analyzer [\#150](https://github.com/TheHive-Project/Cortex-Analyzers/issues/150)
+- Analyzers using online query fails to use system proxy settings [\#143](https://github.com/TheHive-Project/Cortex-Analyzers/issues/143)
+- Hippocampe Analyzer Fails [\#137](https://github.com/TheHive-Project/Cortex-Analyzers/issues/137)
+
+**Merged pull requests:**
+
+- Rename hybridanalysis\_analyzer.py to HybridAnalysis\_analyzer.py [\#151](https://github.com/TheHive-Project/Cortex-Analyzers/pull/151) ([treed593](https://github.com/treed593))
+
+## [1.7.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.7.0) (2017-11-08)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.5...1.7.0)
+
+**Implemented enhancements:**
+
+- Cuckoo Analyzer requires final slash [\#113](https://github.com/TheHive-Project/Cortex-Analyzers/issues/113)
+- support both cuckoo versions [\#100](https://github.com/TheHive-Project/Cortex-Analyzers/pull/100) ([garanews](https://github.com/garanews))
+
+**Fixed bugs:**
+
+- PhishTank analyzer doesn't work [\#126](https://github.com/TheHive-Project/Cortex-Analyzers/issues/126)
+- Missing olefile in MsgParser requirements [\#101](https://github.com/TheHive-Project/Cortex-Analyzers/issues/101)
+- VirusTotal URL Scan Bug [\#93](https://github.com/TheHive-Project/Cortex-Analyzers/issues/93)
+
+**Merged pull requests:**
+
+- add Analyzers Shodan [\#125](https://github.com/TheHive-Project/Cortex-Analyzers/pull/125) ([sebdraven](https://github.com/sebdraven))
+- Updated VT Links in Long Report [\#111](https://github.com/TheHive-Project/Cortex-Analyzers/pull/111) ([saadkadhi](https://github.com/saadkadhi))
+- Adding netaddr to requirements for nessus analyzer [\#83](https://github.com/TheHive-Project/Cortex-Analyzers/pull/83) ([drewstinnett](https://github.com/drewstinnett))
+- Fix PhishTank analyzer [\#128](https://github.com/TheHive-Project/Cortex-Analyzers/pull/128) ([ilyaglow](https://github.com/ilyaglow))
+- Fixed: hide empty panel from template [\#108](https://github.com/TheHive-Project/Cortex-Analyzers/pull/108) ([dadokkio](https://github.com/dadokkio))
+- Fixes MISP Analyzer name bug [\#95](https://github.com/TheHive-Project/Cortex-Analyzers/pull/95) ([3c7](https://github.com/3c7))
+- Added VxStream Sandbox \(Hybrid Analysis\) Analyzer [\#73](https://github.com/TheHive-Project/Cortex-Analyzers/pull/73) ([yugoslavskiy](https://github.com/yugoslavskiy))
+
+## [1.6.5](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.5) (2017-11-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.4...1.6.5)
+
+## [1.6.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.4) (2017-11-04)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.3...1.6.4)
+
+**Fixed bugs:**
+
+- name parameter for the MISP analyzer does behave as expected [\#94](https://github.com/TheHive-Project/Cortex-Analyzers/issues/94)
+- fixed line break in WOT requirements.txt [\#132](https://github.com/TheHive-Project/Cortex-Analyzers/pull/132) ([peasead](https://github.com/peasead))
+
+**Closed issues:**
+
+- Virusshare short report enhancements if SHA1 hash passed [\#115](https://github.com/TheHive-Project/Cortex-Analyzers/issues/115)
+- MISP\_2\_0 analyzer does not seems compatible with python 2.7 [\#90](https://github.com/TheHive-Project/Cortex-Analyzers/issues/90)
+- ET Intelligence Analyzer [\#79](https://github.com/TheHive-Project/Cortex-Analyzers/issues/79)
+- Use naming conventions for analyzer config properties [\#33](https://github.com/TheHive-Project/Cortex-Analyzers/issues/33)
+- Hybrid Analysis Analyzer [\#26](https://github.com/TheHive-Project/Cortex-Analyzers/issues/26)
+
+**Merged pull requests:**
+
+- Revert "Updated VT links in Long report" [\#110](https://github.com/TheHive-Project/Cortex-Analyzers/pull/110) ([saadkadhi](https://github.com/saadkadhi))
+- Updated VT links in Long report [\#98](https://github.com/TheHive-Project/Cortex-Analyzers/pull/98) ([mthlvt](https://github.com/mthlvt))
+
+## [1.6.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.3) (2017-09-10)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.2...1.6.3)
+
+**Merged pull requests:**
+
+- MISP Analyzer: forgot to add same procedure if using just one MISP-Server [\#91](https://github.com/TheHive-Project/Cortex-Analyzers/pull/91) ([3c7](https://github.com/3c7))
+
+## [1.6.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.2) (2017-09-04)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.1...1.6.2)
+
+**Closed issues:**
+
+- Invalid Yeti templates folder name [\#89](https://github.com/TheHive-Project/Cortex-Analyzers/issues/89)
+
+**Merged pull requests:**
+
+- Updates to Virusshare analyzer [\#80](https://github.com/TheHive-Project/Cortex-Analyzers/pull/80) ([colinvanniekerk](https://github.com/colinvanniekerk))
+
+## [1.6.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.1) (2017-09-04)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.6.0...1.6.1)
+
+**Closed issues:**
+
+- MISPClient.\_\_init\_\_, ssl parameter default to True but later used as filename [\#87](https://github.com/TheHive-Project/Cortex-Analyzers/issues/87)
+
+**Merged pull requests:**
+
+- Fixes bug in MISP client [\#88](https://github.com/TheHive-Project/Cortex-Analyzers/pull/88) ([3c7](https://github.com/3c7))
+
+## [1.6.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.6.0) (2017-07-27)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.5.1...1.6.0)
+
+**Closed issues:**
+
+- WOT analyzer [\#82](https://github.com/TheHive-Project/Cortex-Analyzers/issues/82)
+- Add Analyzer for Yeti Platform [\#68](https://github.com/TheHive-Project/Cortex-Analyzers/issues/68)
+- Cuckoo Sandbox Analyzer [\#23](https://github.com/TheHive-Project/Cortex-Analyzers/issues/23)
+
+**Merged pull requests:**
+
+- added WOT analyzer & fixed cuckoo templates issue [\#77](https://github.com/TheHive-Project/Cortex-Analyzers/pull/77) ([garanews](https://github.com/garanews))
+- Cuckoo Sandbox Analyzer [\#50](https://github.com/TheHive-Project/Cortex-Analyzers/pull/50) ([garanews](https://github.com/garanews))
+
+## [1.5.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.5.1) (2017-07-13)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.5.0...1.5.1)
+
+**Fixed bugs:**
+
+- Yara analyzer doesn't recognize 'sha1' field name from Yara-rules [\#62](https://github.com/TheHive-Project/Cortex-Analyzers/issues/62)
+
+**Closed issues:**
+
+- Virustotal Scan returning incorrect taxonomy on URL scan [\#74](https://github.com/TheHive-Project/Cortex-Analyzers/issues/74)
+
+## [1.5.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.5.0) (2017-07-05)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.4.4...1.5.0)
+
+**Implemented enhancements:**
+
+- Build a taxonomy in cortexutils  [\#66](https://github.com/TheHive-Project/Cortex-Analyzers/issues/66)
+- Joe Sandbox 19: New Information in Reports [\#65](https://github.com/TheHive-Project/Cortex-Analyzers/issues/65)
+- Review summary\(\) and short reports for https://github.com/CERT-BDF/TheHive/issues/131 [\#56](https://github.com/TheHive-Project/Cortex-Analyzers/issues/56)
+
+**Fixed bugs:**
+
+- Add missing check\_tlp config to GoogleSafeBrowsing analyzer [\#71](https://github.com/TheHive-Project/Cortex-Analyzers/issues/71)
+- Fix the URL configuration of Hippocampe analyzer [\#69](https://github.com/TheHive-Project/Cortex-Analyzers/issues/69)
+- Abuse\_Finder analyzer analyzes "email" instead of "mail" [\#52](https://github.com/TheHive-Project/Cortex-Analyzers/issues/52)
+
+**Closed issues:**
+
+- Missing newlines in requirements.txt [\#60](https://github.com/TheHive-Project/Cortex-Analyzers/issues/60)
+- CERT.at PassiveDNS Analyzer [\#13](https://github.com/TheHive-Project/Cortex-Analyzers/issues/13)
+
+**Merged pull requests:**
+
+- Fixed mistake in blocklist script, added error on missing config [\#67](https://github.com/TheHive-Project/Cortex-Analyzers/pull/67) ([3c7](https://github.com/3c7))
+- There were no carriage returns so it would break if you wanted to mass install the analyzer requirements [\#61](https://github.com/TheHive-Project/Cortex-Analyzers/pull/61) ([Popsiclestick](https://github.com/Popsiclestick))
+
+## [1.4.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.4.4) (2017-06-15)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.4.3...1.4.4)
+
+**Fixed bugs:**
+
+- Inconsistance between long and short reports in MISP analyzer [\#59](https://github.com/TheHive-Project/Cortex-Analyzers/issues/59)
+
+## [1.4.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.4.3) (2017-06-15)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.4.2...1.4.3)
+
+**Fixed bugs:**
+
+- cortexutils fails to generate error reports when the analyzer has no config [\#57](https://github.com/TheHive-Project/Cortex-Analyzers/issues/57)
+- Encoding problem in cortexutils [\#54](https://github.com/TheHive-Project/Cortex-Analyzers/issues/54)
+
+## [1.4.2](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.4.2) (2017-05-24)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.4.1...1.4.2)
+
+## [1.4.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.4.1) (2017-05-23)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.4.0...1.4.1)
+
+## [1.4.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.4.0) (2017-05-22)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.3.1...1.4.0)
+
+**Fixed bugs:**
+
+- Fortiguard API Changed [\#37](https://github.com/TheHive-Project/Cortex-Analyzers/issues/37)
+
+**Closed issues:**
+
+- FireHOL blocklists analyzer [\#31](https://github.com/TheHive-Project/Cortex-Analyzers/issues/31)
+- VMRay Analyzer [\#16](https://github.com/TheHive-Project/Cortex-Analyzers/issues/16)
+
+**Merged pull requests:**
+
+- corrected for change to fortiguard portal [\#51](https://github.com/TheHive-Project/Cortex-Analyzers/pull/51) ([ecapuano](https://github.com/ecapuano))
+
+## [1.3.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.3.1) (2017-05-12)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.3.0...1.3.1)
+
+## [1.3.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.3.0) (2017-05-08)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.2.0...1.3.0)
+
+**Implemented enhancements:**
+
+- Update the polling interval in VT scan analyzer [\#42](https://github.com/TheHive-Project/Cortex-Analyzers/issues/42)
+- Add author and url attributes to analyzer descriptior files [\#32](https://github.com/TheHive-Project/Cortex-Analyzers/issues/32)
+- Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer [\#4](https://github.com/TheHive-Project/Cortex-Analyzers/issues/4)
+- Added rate limit message for VirusTotal analyzer [\#39](https://github.com/TheHive-Project/Cortex-Analyzers/pull/39) ([3c7](https://github.com/3c7))
+
+**Closed issues:**
+
+- File\_Info analyzer has problems examining pe files [\#38](https://github.com/TheHive-Project/Cortex-Analyzers/issues/38)
+- Make cortexutils compatible with python 2 and 3 [\#35](https://github.com/TheHive-Project/Cortex-Analyzers/issues/35)
+- Unify short template reports to use appropriate taxonomy [\#34](https://github.com/TheHive-Project/Cortex-Analyzers/issues/34)
+- Virusshare.com analyzer [\#30](https://github.com/TheHive-Project/Cortex-Analyzers/issues/30)
+- YARA Analyzer [\#19](https://github.com/TheHive-Project/Cortex-Analyzers/issues/19)
+- Google Safe Browsing Analyzer [\#17](https://github.com/TheHive-Project/Cortex-Analyzers/issues/17)
+- CIRCL.lu PassiveSSL Analyzer [\#12](https://github.com/TheHive-Project/Cortex-Analyzers/issues/12)
+- CIRCL.lu PassiveDNS Analyzer [\#11](https://github.com/TheHive-Project/Cortex-Analyzers/issues/11)
+- Nessus Analyzer [\#1](https://github.com/TheHive-Project/Cortex-Analyzers/issues/1)
+
+**Merged pull requests:**
+
+- Automatic ioc extraction using RegEx [\#40](https://github.com/TheHive-Project/Cortex-Analyzers/pull/40) ([3c7](https://github.com/3c7))
+- Use StringIO.StringIO\(\) with python2 [\#36](https://github.com/TheHive-Project/Cortex-Analyzers/pull/36) ([3c7](https://github.com/3c7))
+
+## [1.2.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.2.0) (2017-03-31)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.1.0...1.2.0)
+
+**Closed issues:**
+
+- OTXQuery : improve error handling [\#22](https://github.com/TheHive-Project/Cortex-Analyzers/issues/22)
+- Analyzer Caching [\#6](https://github.com/TheHive-Project/Cortex-Analyzers/issues/6)
+- Joe Sandbox Analyzer [\#27](https://github.com/TheHive-Project/Cortex-Analyzers/issues/27)
+- MISP Analyzer [\#14](https://github.com/TheHive-Project/Cortex-Analyzers/issues/14)
+
+**Merged pull requests:**
+
+- Nessus Analyzer [\#20](https://github.com/TheHive-Project/Cortex-Analyzers/pull/20) ([guillomovitch](https://github.com/guillomovitch))
+
+## [1.1.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.1.0) (2017-03-07)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/1.0.0...1.1.0)
+
+**Implemented enhancements:**
+
+- Python \< 2.7 crashes on version check [\#10](https://github.com/TheHive-Project/Cortex-Analyzers/issues/10)
+- VirusTotal GetReport can't get report for files from Cortex [\#9](https://github.com/TheHive-Project/Cortex-Analyzers/issues/9)
+- Normalize analyzer's JSON configuration file [\#8](https://github.com/TheHive-Project/Cortex-Analyzers/issues/8)
+
+**Fixed bugs:**
+
+- OTX Query error when processing a file in Cortex  [\#21](https://github.com/TheHive-Project/Cortex-Analyzers/issues/21)
+
+**Closed issues:**
+
+- Analyzer Rate Limiting [\#5](https://github.com/TheHive-Project/Cortex-Analyzers/issues/5)
+- Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara [\#3](https://github.com/TheHive-Project/Cortex-Analyzers/issues/3)
+
+## [1.0.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/1.0.0) (2017-02-17)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/bafbe44f28b3f8d8dddd9bac3f16f2b0416f740c...1.0.0)
+
+**Closed issues:**
+
+-  "VirusTotal\_Scan" analyzer is not checking for TLP [\#2](https://github.com/TheHive-Project/Cortex-Analyzers/issues/2)
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

From 5192c6118fdfc1153506a8a7fa4c41b112848161 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Tue, 26 Nov 2019 18:05:27 +0100
Subject: [PATCH 18/19] update Changelog

---
 CHANGELOG.md | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3196ebeaf..915faded8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,22 +7,13 @@
 **Fixed bugs:**
 
 - \[Bug\] Missing module dependencies on responders [\#561](https://github.com/TheHive-Project/Cortex-Analyzers/issues/561)
-- Old non-existent analysers showing in Cortex \[Bug\] [\#553](https://github.com/TheHive-Project/Cortex-Analyzers/issues/553)
 - \[Bug\] [\#552](https://github.com/TheHive-Project/Cortex-Analyzers/issues/552)
 - \[Bug\] Requests module is missing in PhishTank checkurl analyzer docker image [\#551](https://github.com/TheHive-Project/Cortex-Analyzers/issues/551)
 - Add mime types of encrypted documents [\#550](https://github.com/TheHive-Project/Cortex-Analyzers/issues/550)
 - \[Bug\] Cuckoo Sandbox 2.0.7 [\#544](https://github.com/TheHive-Project/Cortex-Analyzers/issues/544)
-- \[Bug\] Custom responder not working after upgrade to cortex 3 [\#542](https://github.com/TheHive-Project/Cortex-Analyzers/issues/542)
 - \[Bug\] Docker build fails due to spaces in some responders [\#540](https://github.com/TheHive-Project/Cortex-Analyzers/issues/540)
-- \[Bug\] ThreatCrowd analyzer not respecting Max TLP value [\#527](https://github.com/TheHive-Project/Cortex-Analyzers/issues/527)
 - Talos Analyzer No Longer Works [\#521](https://github.com/TheHive-Project/Cortex-Analyzers/issues/521)
-- \[Bug\]Missing baseConfig in two Analyzsers [\#508](https://github.com/TheHive-Project/Cortex-Analyzers/issues/508)
 - \[Bug\] Fortiguard: Category parsing does not handle "-" [\#493](https://github.com/TheHive-Project/Cortex-Analyzers/issues/493)
-- \[Bug\] MISP analyzer does not connect to MISP [\#480](https://github.com/TheHive-Project/Cortex-Analyzers/issues/480)
-
-**Closed issues:**
-
-- MaxMind Analyzer: Use commercial databases with geoipupdate [\#474](https://github.com/TheHive-Project/Cortex-Analyzers/issues/474)
 
 ## [2.2.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.2.0) (2019-10-01)
 

From 8eeeee956679bf7b7dcb8445ff67c5c5d318d59a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Thu, 28 Nov 2019 15:06:12 +0100
Subject: [PATCH 19/19] update Changelog

---
 CHANGELOG.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 915faded8..f33a8dddf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,13 @@
 # Changelog
 
-## [2.2.1](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.2.1) (2019-11-26)
+## [2.3.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.3.0) (2019-11-28)
 
-[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.2.0...HEAD)
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.2.0...2.3.0)
+
+**Implemented enhancements:**
+
+- Metadefender analyzer [\#510](https://github.com/TheHive-Project/Cortex-Analyzers/issues/510)
+- updated joe sandbox analyzer [\#512](https://github.com/TheHive-Project/Cortex-Analyzers/issues/512)
 
 **Fixed bugs:**
 
@@ -13,8 +18,13 @@
 - \[Bug\] Cuckoo Sandbox 2.0.7 [\#544](https://github.com/TheHive-Project/Cortex-Analyzers/issues/544)
 - \[Bug\] Docker build fails due to spaces in some responders [\#540](https://github.com/TheHive-Project/Cortex-Analyzers/issues/540)
 - Talos Analyzer No Longer Works [\#521](https://github.com/TheHive-Project/Cortex-Analyzers/issues/521)
+- \[Bug\]Missing baseConfig in two Analyzsers [\#508](https://github.com/TheHive-Project/Cortex-Analyzers/issues/508)
 - \[Bug\] Fortiguard: Category parsing does not handle "-" [\#493](https://github.com/TheHive-Project/Cortex-Analyzers/issues/493)
 
+**Closed issues:**
+
+- MaxMind Analyzer: Use commercial databases with geoipupdate [\#474](https://github.com/TheHive-Project/Cortex-Analyzers/issues/474)
+
 ## [2.2.0](https://github.com/TheHive-Project/Cortex-Analyzers/tree/2.2.0) (2019-10-01)
 
 [Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/2.1.8...2.2.0)
@@ -151,7 +161,6 @@
 **Merged pull requests:**
 
 - added custom Dns sinkholed ip [\#482](https://github.com/TheHive-Project/Cortex-Analyzers/pull/482) ([garanews](https://github.com/garanews))
-- Add responder QRadarAutoClose\[FR\#441\] [\#443](https://github.com/TheHive-Project/Cortex-Analyzers/pull/443) ([cyberpescadito](https://github.com/cyberpescadito))
 - yeti api key [\#478](https://github.com/TheHive-Project/Cortex-Analyzers/pull/478) ([siisar](https://github.com/siisar))
 - Possibility to use a Yeti apikey. [\#477](https://github.com/TheHive-Project/Cortex-Analyzers/pull/477) ([siisar](https://github.com/siisar))
 - Utility to make running an Analyzer locally easier, helpful in development [\#471](https://github.com/TheHive-Project/Cortex-Analyzers/pull/471) ([ndejong](https://github.com/ndejong))
@@ -195,6 +204,7 @@
 
 **Merged pull requests:**
 
+- Add responder QRadarAutoClose\[FR\#441\] [\#443](https://github.com/TheHive-Project/Cortex-Analyzers/pull/443) ([cyberpescadito](https://github.com/cyberpescadito))
 - added templates for AbuseIPDB [\#425](https://github.com/TheHive-Project/Cortex-Analyzers/pull/425) ([mlodic](https://github.com/mlodic))
 - A responder for the Crowdstrike Falcon custom IOC api [\#421](https://github.com/TheHive-Project/Cortex-Analyzers/pull/421) ([ag-michael](https://github.com/ag-michael))
 - New analyzer: Backscatter.io [\#420](https://github.com/TheHive-Project/Cortex-Analyzers/pull/420) ([9b](https://github.com/9b))