From 974f2fa28512f57ebb79340efdfb1b7c69c13df4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= Date: Mon, 22 Jan 2018 19:13:19 +0100 Subject: [PATCH] #172 Update configuration items for all analyzers --- analyzers/Abuse_Finder/Abuse_Finder.json | 2 +- analyzers/C1fApp/C1fApp_osint.json | 23 ++++++++++-- .../CERTatPassiveDNS/CERTatPassiveDNS.json | 24 ++++++++++-- .../CIRCLPassiveDNS/CIRCLPassiveDNS.json | 24 ++++++++++-- .../CIRCLPassiveSSL/CIRCLPassiveSSL.json | 24 ++++++++++-- analyzers/Censys/Censys.json | 25 +++++++++++-- .../CuckooSandbox_File_Analysis.json | 26 ++++++++++--- .../CuckooSandbox_Url_Analysis.json | 27 +++++++++++--- analyzers/DNSDB/DNSDB_DomainName.json | 27 +++++++++++--- analyzers/DNSDB/DNSDB_IPHistory.json | 26 ++++++++++--- analyzers/DNSDB/DNSDB_NameHistory.json | 27 +++++++++++--- .../DomainTools/DomainTools_ReverseIP.json | 27 +++++++++++--- .../DomainTools_ReverseNameServer.json | 27 +++++++++++--- .../DomainTools/DomainTools_ReverseWhois.json | 26 ++++++++++--- .../DomainTools/DomainTools_WhoisHistory.json | 27 +++++++++++--- .../DomainTools/DomainTools_WhoisLookup.json | 27 +++++++++++--- .../DomainTools_WhoisLookupIP.json | 27 +++++++++++--- .../EmergingThreats_DomainInfo.json | 29 ++++++++++++--- .../EmergingThreats_IPInfo.json | 27 +++++++++++--- .../EmergingThreats_MalwareInfo.json | 29 ++++++++++++--- analyzers/File_Info/File_Info.json | 31 ++++++++++++---- .../FireHOLBlocklists/FireHOLBlocklists.json | 27 +++++++++++--- .../Fortiguard/Fortiguard_URLCategory.json | 24 ++++++++++-- .../GoogleSafebrowsing.json | 27 +++++++++++--- .../Hippocampe/Hippocampe_hipposcore.json | 22 +++++++++-- analyzers/Hippocampe/Hippocampe_more.json | 22 +++++++++-- .../HybridAnalysis_GetReport.json | 22 +++++++++-- .../JoeSandbox_File_Analysis_Inet.json | 25 +++++++++++-- .../JoeSandbox_File_Analysis_Noinet.json | 25 +++++++++++-- .../JoeSandbox/JoeSandbox_Url_Analysis.json | 25 +++++++++++-- .../MISPWarningLists/MISPWarningLists.json | 26 +++++++++++-- analyzers/Malpedia/Malpedia.json | 24 ++++++++++-- analyzers/MaxMind/MaxMind_GeoIP.json | 26 ++++++++++--- analyzers/MsgParser/Msg_Parser.json | 30 +++++++++++---- analyzers/Nessus/Nessus.json | 25 +++++++++++-- analyzers/OTXQuery/OTXQuery.json | 23 ++++++++++-- analyzers/Onyphe/Onyphe_Forward.json | 22 +++++++++-- analyzers/Onyphe/Onyphe_Geolocate.json | 22 +++++++++-- analyzers/Onyphe/Onyphe_Ports.json | 22 +++++++++-- analyzers/Onyphe/Onyphe_Reverse.json | 22 +++++++++-- analyzers/Onyphe/Onyphe_Threats.json | 22 +++++++++-- .../PassiveTotal/PassiveTotal_Enrichment.json | 26 ++++++++++--- .../PassiveTotal/PassiveTotal_Malware.json | 26 ++++++++++--- .../PassiveTotal/PassiveTotal_Osint.json | 26 ++++++++++--- .../PassiveTotal_Passive_Dns.json | 26 ++++++++++--- .../PassiveTotal_Ssl_Certificate_Details.json | 26 ++++++++++--- .../PassiveTotal_Ssl_Certificate_History.json | 26 ++++++++++--- .../PassiveTotal_Unique_Resolutions.json | 26 ++++++++++--- .../PassiveTotal_Whois_Details.json | 26 ++++++++++--- .../PayloadSecurity_File_Analysis.json | 26 ++++++++++--- .../PayloadSecurity_Url_Analysis.json | 26 ++++++++++--- analyzers/PhishTank/PhishTank_CheckURL.json | 22 +++++++++-- .../PhishingInitiative_Lookup.json | 22 +++++++++-- .../Robtex/Robtex_Forward_PDNS_Query.json | 21 ++++++++++- analyzers/Robtex/Robtex_IP_Query.json | 4 +- .../Robtex/Robtex_Reverse_PDNS_Query.json | 2 +- analyzers/Shodan/Shodan_Host.json | 22 +++++++++-- analyzers/Shodan/Shodan_Search.json | 22 +++++++++-- analyzers/SinkDB/SinkDB.json | 26 +++++++++++-- analyzers/TorBlutmagie/TorBlutmagie.json | 26 ++++++++++--- analyzers/TorProject/TorProject.json | 27 +++++++++++--- analyzers/VMRay/VMRay.json | 37 +++++++++++++++---- analyzers/Virusshare/Virusshare.json | 24 ++++++++++-- analyzers/WOT/WOT_lookup.json | 22 +++++++++-- analyzers/Yara/Yara.json | 24 ++++++++++-- analyzers/Yeti/Yeti.json | 26 ++++++++++--- 66 files changed, 1325 insertions(+), 277 deletions(-) diff --git a/analyzers/Abuse_Finder/Abuse_Finder.json b/analyzers/Abuse_Finder/Abuse_Finder.json index daee70716..3c970af3c 100644 --- a/analyzers/Abuse_Finder/Abuse_Finder.json +++ b/analyzers/Abuse_Finder/Abuse_Finder.json @@ -4,10 +4,10 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", - "baseConfig": "Abuse_Finder", "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.", "dataTypeList": ["ip", "domain", "url", "mail"], "command": "Abuse_Finder/abusefinder.py", + "baseConfig": "Abuse_Finder", "config": {}, "configurationItems": [ { diff --git a/analyzers/C1fApp/C1fApp_osint.json b/analyzers/C1fApp/C1fApp_osint.json index a1155624a..cd23c1b4d 100644 --- a/analyzers/C1fApp/C1fApp_osint.json +++ b/analyzers/C1fApp/C1fApp_osint.json @@ -6,12 +6,27 @@ "license": "AGPL-V3", "description": "Query C1fApp OSINT Aggregator for IPs, domains and URLs", "dataTypeList": ["url", "domain", "ip"], + "command": "C1fApp/cifquery.py", "baseConfig": "C1fApp", "config": { - "check_tlp":true, - "max_tlp": 2, "service": "query" - }, - "command": "C1fApp/cifquery.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json index ba27277f7..21702d5a1 100644 --- a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json +++ b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", - "baseConfig": "CERTatPassiveDNS", - "config": {}, "description": "Checks CERT.at Passive DNS for a given domain.", "dataTypeList": ["domain", "fqdn"], - "command": "CERTatPassiveDNS/certat_passivedns.py" + "command": "CERTatPassiveDNS/certat_passivedns.py", + "baseConfig": "CERTatPassiveDNS", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json b/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json index 2e20ebfd1..53c303be9 100644 --- a/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json +++ b/analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", - "baseConfig": "CIRCLPassiveDNS", - "config": {}, "description": "Check CIRCL's Passive DNS for a given domain or URL.", "dataTypeList": ["domain", "url", "ip"], - "command": "CIRCLPassiveDNS/circl_passivedns.py" + "command": "CIRCLPassiveDNS/circl_passivedns.py", + "baseConfig": "CIRCLPassiveDNS", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json index 1c8ef2047..5a0cbc22c 100644 --- a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json +++ b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", - "baseConfig": "CIRCLPassiveSSL", - "config": {}, "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.", "dataTypeList": ["ip", "certificate_hash", "hash"], - "command": "CIRCLPassiveSSL/circl_passivessl.py" + "command": "CIRCLPassiveSSL/circl_passivessl.py", + "baseConfig": "CIRCLPassiveSSL", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Censys/Censys.json b/analyzers/Censys/Censys.json index e7b7daed2..cc7f18ab1 100644 --- a/analyzers/Censys/Censys.json +++ b/analyzers/Censys/Censys.json @@ -4,9 +4,28 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/censys-analyzer", "version": "1.0", - "baseConfig": "Censys", - "config": {}, "description": "Check IPs, certificate hashes or domains against censys.io.", "dataTypeList": ["ip", "hash", "domain"], - "command": "Censys/censys_analyzer.py" + "command": "Censys/censys_analyzer.py", + "baseConfig": "Censys", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } +] + } diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json index 64a899e32..9e3b13d2b 100644 --- a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json +++ b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json @@ -4,13 +4,29 @@ "author": "Andrea Garavaglia, LDO-CERT", "url": "https://github.com/garanews/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Cuckoo Sandbox file analysis with Internet access.", + "dataTypeList": ["file"], + "command": "CuckooSandbox/cuckoosandbox_analyzer.py", "baseConfig": "CuckooSandbox", "config": { - "check_tlp": true, - "max_tlp":1, "service": "file_analysis" }, - "description": "Cuckoo Sandbox file analysis with Internet access.", - "dataTypeList": ["file"], - "command": "CuckooSandbox/cuckoosandbox_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json index 8ba6c5637..9482d198e 100644 --- a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json +++ b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json @@ -4,13 +4,30 @@ "author": "Andrea Garavaglia, LDO-CERT", "url": "https://github.com/garanews/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Cuckoo Sandbox URL analysis.", + "dataTypeList": ["url"], + "command": "CuckooSandbox/cuckoosandbox_analyzer.py", "baseConfig": "CuckooSandbox", "config": { - "check_tlp": true, - "max_tlp":1, "service": "url_analysis" }, - "description": "Cuckoo Sandbox URL analysis.", - "dataTypeList": ["url"], - "command": "CuckooSandbox/cuckoosandbox_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DNSDB/DNSDB_DomainName.json b/analyzers/DNSDB/DNSDB_DomainName.json index 39c518c70..ebe42fd8b 100644 --- a/analyzers/DNSDB/DNSDB_DomainName.json +++ b/analyzers/DNSDB/DNSDB_DomainName.json @@ -4,14 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DNSDB to fetch historical records for a domain.", + "dataTypeList": ["domain", "fqdn"], + "command": "DNSDB/dnsdb.py", "baseConfig": "DNSDB", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "domain_name" - }, - "description": "Use DNSDB to fetch historical records for a domain.", - "dataTypeList": ["domain", "fqdn"], - "command": "DNSDB/dnsdb.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/DNSDB/DNSDB_IPHistory.json b/analyzers/DNSDB/DNSDB_IPHistory.json index 66ea96a6b..06f6230c4 100644 --- a/analyzers/DNSDB/DNSDB_IPHistory.json +++ b/analyzers/DNSDB/DNSDB_IPHistory.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DNSDB to fetch historical records for an IP address.", + "dataTypeList": ["ip"], + "command": "DNSDB/dnsdb.py", "baseConfig": "DNSDB", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "ip_history" }, - "description": "Use DNSDB to fetch historical records for an IP address.", - "dataTypeList": ["ip"], - "command": "DNSDB/dnsdb.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/DNSDB/DNSDB_NameHistory.json b/analyzers/DNSDB/DNSDB_NameHistory.json index 14611005d..06d2d20a9 100644 --- a/analyzers/DNSDB/DNSDB_NameHistory.json +++ b/analyzers/DNSDB/DNSDB_NameHistory.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DNSDB to fetch historical records for a fully-qualified domain name.", + "dataTypeList": ["domain","fqdn"], + "command": "DNSDB/dnsdb.py", "baseConfig": "DNSDB", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "name_history" }, - "description": "Use DNSDB to fetch historical records for a fully-qualified domain name.", - "dataTypeList": ["domain","fqdn"], - "command": "DNSDB/dnsdb.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DomainTools/DomainTools_ReverseIP.json b/analyzers/DomainTools/DomainTools_ReverseIP.json index 0578d1359..d1280fa9c 100644 --- a/analyzers/DomainTools/DomainTools_ReverseIP.json +++ b/analyzers/DomainTools/DomainTools_ReverseIP.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get a list of domain names sharing the same IP address.", + "dataTypeList": ["ip", "domain", "fqdn"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "reverse-ip" }, - "description": "Use DomainTools to get a list of domain names sharing the same IP address.", - "dataTypeList": ["ip", "domain", "fqdn"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DomainTools/DomainTools_ReverseNameServer.json b/analyzers/DomainTools/DomainTools_ReverseNameServer.json index e378eeeb5..b350a65c4 100644 --- a/analyzers/DomainTools/DomainTools_ReverseNameServer.json +++ b/analyzers/DomainTools/DomainTools_ReverseNameServer.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get a list of domain names that share the same primary or secondary name server.", + "dataTypeList": ["domain"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "name-server-domains" }, - "description": "Use DomainTools to get a list of domain names that share the same primary or secondary name server.", - "dataTypeList": ["domain"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DomainTools/DomainTools_ReverseWhois.json b/analyzers/DomainTools/DomainTools_ReverseWhois.json index bf55d64aa..6dbd7d47a 100644 --- a/analyzers/DomainTools/DomainTools_ReverseWhois.json +++ b/analyzers/DomainTools/DomainTools_ReverseWhois.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get a list of domain names which share the same registrant information.", + "dataTypeList": ["mail", "ip", "domain", "other"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "reverse-whois" }, - "description": "Use DomainTools to get a list of domain names which share the same registrant information.", - "dataTypeList": ["mail", "ip", "domain", "other"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/DomainTools/DomainTools_WhoisHistory.json b/analyzers/DomainTools/DomainTools_WhoisHistory.json index 983ac19fa..918377dd3 100644 --- a/analyzers/DomainTools/DomainTools_WhoisHistory.json +++ b/analyzers/DomainTools/DomainTools_WhoisHistory.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get a list of historical Whois records associated with a domain name.", + "dataTypeList": ["domain"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "whois/history" }, - "description": "Use DomainTools to get a list of historical Whois records associated with a domain name.", - "dataTypeList": ["domain"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DomainTools/DomainTools_WhoisLookup.json b/analyzers/DomainTools/DomainTools_WhoisLookup.json index 85dc2c15c..ae3d865a8 100644 --- a/analyzers/DomainTools/DomainTools_WhoisLookup.json +++ b/analyzers/DomainTools/DomainTools_WhoisLookup.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get the ownership record for a domain with basic registration details.", + "dataTypeList": ["domain"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "whois/parsed" }, - "description": "Use DomainTools to get the ownership record for a domain with basic registration details.", - "dataTypeList": ["domain"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/DomainTools/DomainTools_WhoisLookupIP.json b/analyzers/DomainTools/DomainTools_WhoisLookupIP.json index beeb6efef..62dab736f 100644 --- a/analyzers/DomainTools/DomainTools_WhoisLookupIP.json +++ b/analyzers/DomainTools/DomainTools_WhoisLookupIP.json @@ -4,13 +4,30 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use DomainTools to get the ownership record for an IP address with basic registration details.", + "dataTypeList": ["ip"], + "command": "DomainTools/domaintools.py", "baseConfig": "DomainTools", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "whois" }, - "description": "Use DomainTools to get the ownership record for an IP address with basic registration details.", - "dataTypeList": ["ip"], - "command": "DomainTools/domaintools.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json b/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json index ed76084b1..29438467d 100644 --- a/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json +++ b/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json @@ -4,13 +4,30 @@ "author": "Arcuri Davide, Garavaglia Andrea [LDO-CERT]", "url": "https://github.com/dadokkio/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Retrieve ET reputation, related malware, and IDS requests for a given domain.", + "dataTypeList": ["domain"], + "command": "EmergingThreats/emergingthreats_analyzer.py", "baseConfig": "EmergingThreats", - "config": { - "check_tlp": true, - "max_tlp" : 2, + "config": { "service": "domain-info" }, - "description": "Retrieve ET reputation, related malware, and IDS requests for a given domain.", - "dataTypeList": ["domain"], - "command": "EmergingThreats/emergingthreats_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 2 + } + ] + } diff --git a/analyzers/EmergingThreats/EmergingThreats_IPInfo.json b/analyzers/EmergingThreats/EmergingThreats_IPInfo.json index 246ef1f9a..97e7dc269 100644 --- a/analyzers/EmergingThreats/EmergingThreats_IPInfo.json +++ b/analyzers/EmergingThreats/EmergingThreats_IPInfo.json @@ -4,13 +4,30 @@ "author": "Arcuri Davide, Garavaglia Andrea [LDO-CERT]", "url": "https://github.com/dadokkio/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Retrieve ET reputation, related malware, and IDS requests for a given IP address.", + "dataTypeList": ["ip"], + "command": "EmergingThreats/emergingthreats_analyzer.py", "baseConfig": "EmergingThreats", "config": { - "check_tlp": true, - "max_tlp" : 2, "service": "ip-info" }, - "description": "Retrieve ET reputation, related malware, and IDS requests for a given IP address.", - "dataTypeList": ["ip"], - "command": "EmergingThreats/emergingthreats_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 2 + } + ] + } diff --git a/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json b/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json index 0d9edc575..34c10e17e 100644 --- a/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json +++ b/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json @@ -4,13 +4,30 @@ "author": "Arcuri Davide, Garavaglia Andrea [LDO-CERT]", "url": "https://github.com/dadokkio/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Retrieve ET details and info related to a malware hash.", + "dataTypeList": ["hash"], + "command": "EmergingThreats/emergingthreats_analyzer.py", "baseConfig": "EmergingThreats", - "config": { - "check_tlp": true, - "max_tlp" : 2, + "config": { "service": "malware-info" }, - "description": "Retrieve ET details and info related to a malware hash.", - "dataTypeList": ["hash"], - "command": "EmergingThreats/emergingthreats_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 2 + } + ] + } diff --git a/analyzers/File_Info/File_Info.json b/analyzers/File_Info/File_Info.json index 22257d09f..089f27a76 100644 --- a/analyzers/File_Info/File_Info.json +++ b/analyzers/File_Info/File_Info.json @@ -4,15 +4,32 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", - "baseConfig": "File_Info", - "config": { - "check_tlp": false, - "max_tlp": 3, - "service": "" - }, "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...", "dataTypeList": [ "file" ], - "command": "File_Info/fileinfo_analyzer.py" + "command": "File_Info/fileinfo_analyzer.py", + "baseConfig": "File_Info", + "config": { + "service": "" + }, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] + } diff --git a/analyzers/FireHOLBlocklists/FireHOLBlocklists.json b/analyzers/FireHOLBlocklists/FireHOLBlocklists.json index 64893ab0c..7b43a7f7b 100644 --- a/analyzers/FireHOLBlocklists/FireHOLBlocklists.json +++ b/analyzers/FireHOLBlocklists/FireHOLBlocklists.json @@ -4,13 +4,30 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", + "description": "Check IP addresses against the FireHOL blocklists", + "dataTypeList": ["ip"], + "command": "FireHOLBlocklists/firehol_blocklists.py", "baseConfig": "FireHOLBlocklists", "config": { - "check_tlp": false, - "max_tlp": 3, "service": "" }, - "description": "Check IP addresses against the FireHOL blocklists", - "dataTypeList": ["ip"], - "command": "FireHOLBlocklists/firehol_blocklists.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] + } diff --git a/analyzers/Fortiguard/Fortiguard_URLCategory.json b/analyzers/Fortiguard/Fortiguard_URLCategory.json index 2980c13c9..3f9691993 100644 --- a/analyzers/Fortiguard/Fortiguard_URLCategory.json +++ b/analyzers/Fortiguard/Fortiguard_URLCategory.json @@ -6,12 +6,28 @@ "license": "AGPL-V3", "dataTypeList": ["domain", "url"], "description": "Check the Fortiguard category of a URL or a domain.", + "command": "Fortiguard/urlcategory.py", "baseConfig": "Fortiguard", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "query" - }, - "command": "Fortiguard/urlcategory.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json b/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json index 0692d76df..9372b0eeb 100644 --- a/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json +++ b/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json @@ -4,12 +4,29 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", + "description": "Use Google Safebrowing to check URLs and domain names.", + "dataTypeList": ["url", "domain"], + "command": "GoogleSafebrowsing/safebrowsing_analyzer.py", "baseConfig": "GoogleSafebrowsing", "config": { - "check_tlp": true, - "max_tlp": 1 }, - "description": "Use Google Safebrowing to check URLs and domain names.", - "dataTypeList": ["url", "domain"], - "command": "GoogleSafebrowsing/safebrowsing_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] + } diff --git a/analyzers/Hippocampe/Hippocampe_hipposcore.json b/analyzers/Hippocampe/Hippocampe_hipposcore.json index bb2ccfd55..5f335e921 100644 --- a/analyzers/Hippocampe/Hippocampe_hipposcore.json +++ b/analyzers/Hippocampe/Hippocampe_hipposcore.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Get the Hippocampe Score report associated with an IP address, a domain or a URL.", "dataTypeList": ["ip", "domain", "fqdn", "url"], + "command": "Hippocampe/hippo.py", "baseConfig": "Hippocampe", "config": { - "check_tlp": false, - "max_tlp":3, "service": "hipposcore" }, - "command": "Hippocampe/hippo.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Hippocampe/Hippocampe_more.json b/analyzers/Hippocampe/Hippocampe_more.json index 2a5aa2597..c704e2ccf 100644 --- a/analyzers/Hippocampe/Hippocampe_more.json +++ b/analyzers/Hippocampe/Hippocampe_more.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Get the Hippocampe detailed report for an IP address, a domain or a URL.", "dataTypeList": ["ip", "domain", "fqdn", "url"], + "command": "Hippocampe/hippo.py", "baseConfig": "Hippocampe", "config": { - "check_tlp": false, - "max_tlp":3, "service": "more" }, - "command": "Hippocampe/hippo.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/HybridAnalysis/HybridAnalysis_GetReport.json b/analyzers/HybridAnalysis/HybridAnalysis_GetReport.json index 314dc4bcd..cf2fbbd85 100644 --- a/analyzers/HybridAnalysis/HybridAnalysis_GetReport.json +++ b/analyzers/HybridAnalysis/HybridAnalysis_GetReport.json @@ -6,10 +6,26 @@ "license": "AGPL-V3", "dataTypeList": ["hash", "file", "filename"], "description": "Fetch Hybrid Analysis reports associated with hashes and filenames.", + "command": "HybridAnalysis/HybridAnalysis_analyzer.py", "baseConfig": "HybridAnalysis", "config": { - "check_tlp": true, - "max_tlp": 2 }, - "command": "HybridAnalysis/HybridAnalysis_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 2 + } + ] } diff --git a/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Inet.json b/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Inet.json index 39e46f6bb..d16ae2d79 100644 --- a/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Inet.json +++ b/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Inet.json @@ -4,12 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Joe Sandbox file analysis with Internet access.", + "dataTypeList": ["file"], + "command": "JoeSandbox/joesandbox_analyzer.py", "baseConfig": "JoeSandbox", "config": { - "check_tlp": false, "service": "file_analysis_inet" }, - "description": "Joe Sandbox file analysis with Internet access.", - "dataTypeList": ["file"], - "command": "JoeSandbox/joesandbox_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Noinet.json b/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Noinet.json index 501097cb1..4db18b9f1 100644 --- a/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Noinet.json +++ b/analyzers/JoeSandbox/JoeSandbox_File_Analysis_Noinet.json @@ -4,12 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Joe Sandbox file analysis without Internet access.", + "dataTypeList": ["file"], + "command": "JoeSandbox/joesandbox_analyzer.py", "baseConfig": "JoeSandbox", "config": { - "check_tlp": false, "service": "file_analysis_noinet" }, - "description": "Joe Sandbox file analysis without Internet access.", - "dataTypeList": ["file"], - "command": "JoeSandbox/joesandbox_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/JoeSandbox/JoeSandbox_Url_Analysis.json b/analyzers/JoeSandbox/JoeSandbox_Url_Analysis.json index 9eeaef916..48d3a00f0 100644 --- a/analyzers/JoeSandbox/JoeSandbox_Url_Analysis.json +++ b/analyzers/JoeSandbox/JoeSandbox_Url_Analysis.json @@ -4,12 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Joe Sandbox URL analysis.", + "dataTypeList": ["url"], + "command": "JoeSandbox/joesandbox_analyzer.py", "baseConfig": "JoeSandbox", "config": { - "check_tlp": false, "service": "url_analysis" }, - "description": "Joe Sandbox URL analysis.", - "dataTypeList": ["url"], - "command": "JoeSandbox/joesandbox_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/MISPWarningLists/MISPWarningLists.json b/analyzers/MISPWarningLists/MISPWarningLists.json index df6767f9c..eaa67d6f1 100644 --- a/analyzers/MISPWarningLists/MISPWarningLists.json +++ b/analyzers/MISPWarningLists/MISPWarningLists.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/misp-warninglists-analyzer", "version": "1.0", - "baseConfig": "MISPWarningLists", - "config": {}, "description": "Check IoCs/Observables against MISP Warninglists to filter false positives.", "dataTypeList": ["ip", "hash", "domain", "fqdn", "url"], - "command": "MISPWarningLists/mispwarninglists.py" -} \ No newline at end of file + "command": "MISPWarningLists/mispwarninglists.py", + "baseConfig": "MISPWarningLists", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } +] +} diff --git a/analyzers/Malpedia/Malpedia.json b/analyzers/Malpedia/Malpedia.json index 9603171b6..79c0ba80c 100644 --- a/analyzers/Malpedia/Malpedia.json +++ b/analyzers/Malpedia/Malpedia.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/LDO-CERT/cortex-analyzers", "version": "1.0", - "baseConfig": "Malpedia", - "config": {}, "description": "Check files against Malpedia YARA rules.", "dataTypeList": ["file"], - "command": "Malpedia/malpedia_analyzer.py" + "command": "Malpedia/malpedia_analyzer.py", + "baseConfig": "Malpedia", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json index 62f20aa9a..1b06a0b6f 100644 --- a/analyzers/MaxMind/MaxMind_GeoIP.json +++ b/analyzers/MaxMind/MaxMind_GeoIP.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use MaxMind to geolocate an IP address.", + "dataTypeList": ["ip"], + "command": "MaxMind/geo.py", "baseconfig":"MaxMind_GeoIP", "config": { - "check_tlp": false, - "max_tlp": 3, "service": "" }, - "description": "Use MaxMind to geolocate an IP address.", - "dataTypeList": ["ip"], - "command": "MaxMind/geo.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/MsgParser/Msg_Parser.json b/analyzers/MsgParser/Msg_Parser.json index be74d1e34..2a54bbe05 100644 --- a/analyzers/MsgParser/Msg_Parser.json +++ b/analyzers/MsgParser/Msg_Parser.json @@ -4,15 +4,31 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", - "baseconfig":"Msg_Parser", - "config": { - "check_tlp": false, - "max_tlp": 3, - "service": "" - }, "description": "Parse Outlook MSG files and extract the main artifacts.", "dataTypeList": [ "file" ], - "command": "MsgParser/parse.py" + "command": "MsgParser/parse.py", + "baseconfig":"Msg_Parser", + "config": { + "service": "" + }, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Nessus/Nessus.json b/analyzers/Nessus/Nessus.json index b480efc28..58ad6a906 100644 --- a/analyzers/Nessus/Nessus.json +++ b/analyzers/Nessus/Nessus.json @@ -4,11 +4,28 @@ "author": "Guillaume Rousse", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "Use Nessus Professional to scan hosts.", + "dataTypeList": ["ip", "fqdn"], + "command": "Nessus/nessus.py", "baseConfig": "Nessus", "config": { - "check_tlp": false }, - "description": "Use Nessus Professional to scan hosts.", - "dataTypeList": ["ip", "fqdn"], - "command": "Nessus/nessus.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/OTXQuery/OTXQuery.json b/analyzers/OTXQuery/OTXQuery.json index 8eaac7617..c5d755583 100644 --- a/analyzers/OTXQuery/OTXQuery.json +++ b/analyzers/OTXQuery/OTXQuery.json @@ -6,12 +6,27 @@ "license": "AGPL-V3", "description": "Query AlienVault OTX for IPs, domains, URLs, or file hashes.", "dataTypeList": ["url", "domain", "file", "hash", "ip"], + "command": "OTXQuery/otxquery.py", "baseConfig": "OTXQuery", "config": { - "check_tlp":true, - "max_tlp": 3, "service": "query" - }, - "command": "OTXQuery/otxquery.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Onyphe/Onyphe_Forward.json b/analyzers/Onyphe/Onyphe_Forward.json index d4f68a22c..144efc28a 100644 --- a/analyzers/Onyphe/Onyphe_Forward.json +++ b/analyzers/Onyphe/Onyphe_Forward.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve forward DNS lookup information we have for the given IPv{4,6} address with history of changes.", "dataTypeList": ["ip"], + "command": "Onyphe/onyphe_analyzer.py", "baseConfig": "Onyphe", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "forward" }, - "command": "Onyphe/onyphe_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } +] } diff --git a/analyzers/Onyphe/Onyphe_Geolocate.json b/analyzers/Onyphe/Onyphe_Geolocate.json index fef1396d4..2cdee22e8 100644 --- a/analyzers/Onyphe/Onyphe_Geolocate.json +++ b/analyzers/Onyphe/Onyphe_Geolocate.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve geolocation information for the given IPv{4,6} address.", "dataTypeList": ["ip"], + "command": "Onyphe/onyphe_analyzer.py", "baseConfig": "Onyphe", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "geolocate" }, - "command": "Onyphe/onyphe_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } +] } diff --git a/analyzers/Onyphe/Onyphe_Ports.json b/analyzers/Onyphe/Onyphe_Ports.json index 954e1f65b..fe8f8db96 100644 --- a/analyzers/Onyphe/Onyphe_Ports.json +++ b/analyzers/Onyphe/Onyphe_Ports.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve synscan information we have for the given IPv{4,6} address with history of changes.", "dataTypeList": ["ip"], + "command": "Onyphe/onyphe_analyzer.py", "baseConfig": "Onyphe", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "ports" }, - "command": "Onyphe/onyphe_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } +] } diff --git a/analyzers/Onyphe/Onyphe_Reverse.json b/analyzers/Onyphe/Onyphe_Reverse.json index 176e40f28..fe17230d9 100644 --- a/analyzers/Onyphe/Onyphe_Reverse.json +++ b/analyzers/Onyphe/Onyphe_Reverse.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve reverse DNS lookup information we have for the given IPv{4,6} address with history of changes.", "dataTypeList": ["ip"], + "command": "Onyphe/onyphe_analyzer.py", "baseConfig": "Onyphe", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "reverse" }, - "command": "Onyphe/onyphe_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } +] } diff --git a/analyzers/Onyphe/Onyphe_Threats.json b/analyzers/Onyphe/Onyphe_Threats.json index dc6a8ad04..1e91bae71 100644 --- a/analyzers/Onyphe/Onyphe_Threats.json +++ b/analyzers/Onyphe/Onyphe_Threats.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve Onyphe threats information on an IPv{4,6} address with history.", "dataTypeList": ["ip"], + "command": "Onyphe/onyphe_analyzer.py", "baseConfig": "Onyphe", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "threats" }, - "command": "Onyphe/onyphe_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } +] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Enrichment.json b/analyzers/PassiveTotal/PassiveTotal_Enrichment.json index 9229d43a3..450cf1150 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Enrichment.json +++ b/analyzers/PassiveTotal/PassiveTotal_Enrichment.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal Enrichment Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "enrichment" }, - "description": "PassiveTotal Enrichment Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Malware.json b/analyzers/PassiveTotal/PassiveTotal_Malware.json index 3494e042d..0aa2dc91a 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Malware.json +++ b/analyzers/PassiveTotal/PassiveTotal_Malware.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal Malware Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "malware" }, - "description": "PassiveTotal Malware Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Osint.json b/analyzers/PassiveTotal/PassiveTotal_Osint.json index d52ca7717..811f3eec5 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Osint.json +++ b/analyzers/PassiveTotal/PassiveTotal_Osint.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal OSINT Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "osint" }, - "description": "PassiveTotal OSINT Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json b/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json index 0b3adf0fb..10c4f0a24 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json +++ b/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal Passive DNS Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "passive_dns" }, - "description": "PassiveTotal Passive DNS Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json index 5277435f8..1a2742089 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json +++ b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal SSL Certificate Details Lookup.", + "dataTypeList": ["hash", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "ssl_certificate_details" }, - "description": "PassiveTotal SSL Certificate Details Lookup.", - "dataTypeList": ["hash", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json index 3f50c5ab2..be8742240 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json +++ b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal SSL Certificate History Lookup.", + "dataTypeList": ["hash", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "ssl_certificate_history" }, - "description": "PassiveTotal SSL Certificate History Lookup.", - "dataTypeList": ["hash", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json b/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json index c70562940..ccd34defa 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json +++ b/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal Unique Resolutions Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "unique_resolutions" }, - "description": "PassiveTotal Unique Resolutions Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json b/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json index 29192c2d4..3c1019516 100644 --- a/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json +++ b/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json @@ -4,13 +4,29 @@ "author": "CERT-BDF", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PassiveTotal Whois Details Lookup.", + "dataTypeList": ["domain", "fqdn", "ip"], + "command": "PassiveTotal/passivetotal_analyzer.py", "baseConfig": "PassiveTotal", "config": { - "check_tlp": true, - "max_tlp":1, "service": "whois_details" }, - "description": "PassiveTotal Whois Details Lookup.", - "dataTypeList": ["domain", "fqdn", "ip"], - "command": "PassiveTotal/passivetotal_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PayloadSecurity/PayloadSecurity_File_Analysis.json b/analyzers/PayloadSecurity/PayloadSecurity_File_Analysis.json index 603bc4ed2..459cc2d1b 100644 --- a/analyzers/PayloadSecurity/PayloadSecurity_File_Analysis.json +++ b/analyzers/PayloadSecurity/PayloadSecurity_File_Analysis.json @@ -4,13 +4,29 @@ "author": "Emmanuel Torquato", "url": "https://github.com/notset/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PayloadSecurity Sandbox File Analysis", + "dataTypeList": ["file"], + "command": "PayloadSecurity/payloadsecurity_analyzer.py", "baseConfig": "PayloadSecurity", "config": { - "check_tlp": true, - "max_tlp": 3, "service": "file_analysis" }, - "description": "PayloadSecurity Sandbox File Analysis", - "dataTypeList": ["file"], - "command": "PayloadSecurity/payloadsecurity_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/PayloadSecurity/PayloadSecurity_Url_Analysis.json b/analyzers/PayloadSecurity/PayloadSecurity_Url_Analysis.json index 149ebc0c1..83635cb72 100644 --- a/analyzers/PayloadSecurity/PayloadSecurity_Url_Analysis.json +++ b/analyzers/PayloadSecurity/PayloadSecurity_Url_Analysis.json @@ -4,13 +4,29 @@ "author": "Emmanuel Torquato", "url": "https://github.com/notset/Cortex-Analyzers", "license": "AGPL-V3", + "description": "PayloadSecurity Sandbox Url Analysis", + "dataTypeList": ["url"], + "command": "PayloadSecurity/payloadsecurity_analyzer.py", "baseConfig": "PayloadSecurity", "config": { - "check_tlp": true, - "max_tlp": 3, "service": "url_analysis" }, - "description": "PayloadSecurity Sandbox Url Analysis", - "dataTypeList": ["url"], - "command": "PayloadSecurity/payloadsecurity_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/PhishTank/PhishTank_CheckURL.json b/analyzers/PhishTank/PhishTank_CheckURL.json index e2de0db82..30ac1f01c 100644 --- a/analyzers/PhishTank/PhishTank_CheckURL.json +++ b/analyzers/PhishTank/PhishTank_CheckURL.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Use PhishTank to check if a URL is a verified phishing site.", "dataTypeList": ["url"], + "command": "PhishTank/phishtank_checkurl.py", "baseConfig": "PhishTank", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "query" }, - "command": "PhishTank/phishtank_checkurl.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json b/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json index 55ea3a975..3d84d01cc 100644 --- a/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json +++ b/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Use Phishing Initiative to check if a URL is a verified phishing site.", "dataTypeList": ["url"], + "command": "PhishingInitiative/phishinginitiative_lookup.py", "baseConfig": "PhishingInitiative", "config": { "service": "query", - "max_tlp": 1, - "check_tlp": true }, - "command": "PhishingInitiative/phishinginitiative_lookup.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/Robtex/Robtex_Forward_PDNS_Query.json b/analyzers/Robtex/Robtex_Forward_PDNS_Query.json index 6c2a3a022..b7a4ab727 100644 --- a/analyzers/Robtex/Robtex_Forward_PDNS_Query.json +++ b/analyzers/Robtex/Robtex_Forward_PDNS_Query.json @@ -6,10 +6,27 @@ "license": "AGPL-V3", "description": "Check domains/fqdns using the Robtex passive dns API", "dataTypeList": ["domain", "fqdn"], + "command": "Robtex/robtex.py", "baseConfig": "Robtex", "config": { - "check_tlp": false, "service": "fpdnsquery" }, - "command": "Robtex/robtex.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Robtex/Robtex_IP_Query.json b/analyzers/Robtex/Robtex_IP_Query.json index cad151d03..0514ce593 100644 --- a/analyzers/Robtex/Robtex_IP_Query.json +++ b/analyzers/Robtex/Robtex_IP_Query.json @@ -6,12 +6,12 @@ "license": "AGPL-V3", "description": "Check IPs using the Robtex IP API", "dataTypeList": ["ip"], - "baseConfig": "Robtex", "command": "Robtex/robtex.py", + "baseConfig": "Robtex", "config": { "service": "ipquery" }, - "configurationItems": [ + "configurationItems": [ { "name": "check_tlp", "description": "Define if the analyzer should check TLP of data before running", diff --git a/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json b/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json index fdc8244f4..bf40f2e6e 100644 --- a/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json +++ b/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json @@ -6,8 +6,8 @@ "license": "AGPL-V3", "description": "Check IPs using the Robtex reverse passive dns API", "dataTypeList": ["ip"], - "baseConfig": "Robtex", "command": "Robtex/robtex.py", + "baseConfig": "Robtex", "config": { "service": "rpdnsquery" }, diff --git a/analyzers/Shodan/Shodan_Host.json b/analyzers/Shodan/Shodan_Host.json index 121226752..85c4840dc 100644 --- a/analyzers/Shodan/Shodan_Host.json +++ b/analyzers/Shodan/Shodan_Host.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve key Shodan information on an IP address.", "dataTypeList": ["ip"], + "command": "Shodan/shodan_analyzer.py", "baseConfig": "Shodan", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "host" }, - "command": "Shodan/shodan_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/Shodan/Shodan_Search.json b/analyzers/Shodan/Shodan_Search.json index f51a7a14d..d90b63da7 100644 --- a/analyzers/Shodan/Shodan_Search.json +++ b/analyzers/Shodan/Shodan_Search.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Retrieve key Shodan information on a domain.", "dataTypeList": ["domain"], + "command": "Shodan/shodan_analyzer.py", "baseConfig": "Shodan", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "search" }, - "command": "Shodan/shodan_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/SinkDB/SinkDB.json b/analyzers/SinkDB/SinkDB.json index 6a2707fa6..79bf0a1ee 100644 --- a/analyzers/SinkDB/SinkDB.json +++ b/analyzers/SinkDB/SinkDB.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/sinkdb-analyzer", "version": "1.0", - "baseConfig": "SinkDB", - "config": {}, "description": "Check if ip is sinkholed via sinkdb.abuse.ch", "dataTypeList": ["ip"], - "command": "SinkDB/sinkdb.py" -} \ No newline at end of file + "command": "SinkDB/sinkdb.py", + "baseConfig": "SinkDB", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] +} diff --git a/analyzers/TorBlutmagie/TorBlutmagie.json b/analyzers/TorBlutmagie/TorBlutmagie.json index 8a95415bb..c597a3d57 100644 --- a/analyzers/TorBlutmagie/TorBlutmagie.json +++ b/analyzers/TorBlutmagie/TorBlutmagie.json @@ -4,12 +4,28 @@ "license": "AGPL-V3", "url": "https://github.com/CERT-BDF/Cortex-Analyzers", "version": "1.0", + "description": "Query http://torstatus.blutmagie.de/query_export.php/Tor_query_EXPORT.csv for TOR exit nodes IP addresses or names.", + "dataTypeList": ["ip", "domain", "fqdn"], + "command": "TorBlutmagie/tor_blutmagie_analyzer.py", "baseConfig": "TorBlutmagie", "config": { - "check_tlp": false, - "max_tlp": 3 }, - "description": "Query http://torstatus.blutmagie.de/query_export.php/Tor_query_EXPORT.csv for TOR exit nodes IP addresses or names.", - "dataTypeList": ["ip", "domain", "fqdn"], - "command": "TorBlutmagie/tor_blutmagie_analyzer.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/TorProject/TorProject.json b/analyzers/TorProject/TorProject.json index 848a27733..b05c85d83 100644 --- a/analyzers/TorProject/TorProject.json +++ b/analyzers/TorProject/TorProject.json @@ -4,12 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/CERT-BDF/Cortex-Analyzers", "version": "1.0", - "baseConfig": "TorProject", - "config": { - "check_tlp": false, - "max_tlp": 3 - }, "description": "Query https://check.torproject.org/exit-addresses for TOR exit nodes IP addresses.", "dataTypeList": ["ip"], - "command": "TorProject/tor_project_analyzer.py" + "command": "TorProject/tor_project_analyzer.py", + "baseConfig": "TorProject", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/VMRay/VMRay.json b/analyzers/VMRay/VMRay.json index feda6d1aa..e7e2dc92d 100644 --- a/analyzers/VMRay/VMRay.json +++ b/analyzers/VMRay/VMRay.json @@ -1,16 +1,39 @@ { "name": "VMRay", - "license": "AGPL-V3", + "license": "AGPL-V3", "author": "Nils Kuhnert, CERT-Bund", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", + "description": "VMRay Sandbox file analysis.", + "dataTypeList": ["hash", "file"], + "command": "VMRay/vmray.py", "baseConfig": "VMRay", "config": { - "cert": false, - "check_tlp": true, - "max_tlp": 1 }, - "description": "VMRay Sandbox file analysis.", - "dataTypeList": ["hash", "file"], - "command": "VMRay/vmray.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + }, + { + "name": "cert", + "description": "Verify certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + } + ] } diff --git a/analyzers/Virusshare/Virusshare.json b/analyzers/Virusshare/Virusshare.json index 298e48c0b..27aa20678 100644 --- a/analyzers/Virusshare/Virusshare.json +++ b/analyzers/Virusshare/Virusshare.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", - "baseConfig": "Virusshare", - "config": {}, "description": "Search for MD5 hashes in Virusshare.com hash list", "dataTypeList": ["hash", "file"], - "command": "Virusshare/virusshare.py" + "command": "Virusshare/virusshare.py", + "baseConfig": "Virusshare", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/WOT/WOT_lookup.json b/analyzers/WOT/WOT_lookup.json index 8d89ebe91..0a05cff2e 100644 --- a/analyzers/WOT/WOT_lookup.json +++ b/analyzers/WOT/WOT_lookup.json @@ -6,11 +6,27 @@ "license": "AGPL-V3", "description": "Use Web of Trust to check a domain's reputation.", "dataTypeList": ["domain", "fqdn"], + "command": "WOT/WOT_lookup.py", "baseConfig": "WOT", "config": { - "check_tlp": true, - "max_tlp": 1, "service": "query" }, - "command": "WOT/WOT_lookup.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 1 + } + ] } diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json index 4f391807e..89c4b27b2 100644 --- a/analyzers/Yara/Yara.json +++ b/analyzers/Yara/Yara.json @@ -4,9 +4,27 @@ "license": "AGPL-V3", "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers", "version": "2.0", - "baseConfig": "Yara", - "config": {}, "description": "Check files against YARA rules.", "dataTypeList": ["file"], - "command": "Yara/yara_analyzer.py" + "command": "Yara/yara_analyzer.py", + "baseConfig": "Yara", + "config": {}, + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] } diff --git a/analyzers/Yeti/Yeti.json b/analyzers/Yeti/Yeti.json index c6e79db43..8ecfacbd8 100644 --- a/analyzers/Yeti/Yeti.json +++ b/analyzers/Yeti/Yeti.json @@ -4,12 +4,28 @@ "license": "AGPL-V3", "url": "https://github.com/CERT/cortex-analyzers", "version": "1.0", + "description": "Fetch observable details from a YETI instance.", + "dataTypeList": ["domain", "fqdn", "ip", "url", "hash"], + "command": "Yeti/yeti.py", "baseConfig": "Yeti", "config": { - "check_tlp": false, - "max_tlp": 3 }, - "description": "Fetch observable details from a YETI instance.", - "dataTypeList": ["domain", "fqdn", "ip", "url", "hash"], - "command": "Yeti/yeti.py" + "configurationItems": [ + { + "name": "check_tlp", + "description": "Define if the analyzer should check TLP of data before running", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": false + }, + { + "name": "max_tlp", + "description": "Define the maximum TLP level autorized", + "type": "number", + "multi": false, + "required": true, + "defaultValue": 3 + } + ] }