diff --git a/analyzers/Onyphe/Onyphe_Datascan.json b/analyzers/Onyphe/Onyphe_Datascan.json
deleted file mode 100644
index 32b1875ca..000000000
--- a/analyzers/Onyphe/Onyphe_Datascan.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Datascan",
- "version": "1.0",
- "author": "ANSSI",
- "url": "https://github.com/cybernardo/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve datascan information Onyphe has for the given IPv{4,6} address with history of changes or search a string.",
- "dataTypeList": ["ip","other"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "datascan"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Forward.json b/analyzers/Onyphe/Onyphe_Forward.json
deleted file mode 100644
index e3f2b79e5..000000000
--- a/analyzers/Onyphe/Onyphe_Forward.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Forward",
- "version": "1.0",
- "author": "Pierre Baudry, Adrien Barchapt",
- "url": "https://github.com/cybernardo/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve forward DNS lookup information Onyphe has for the given IPv{4,6} address with history of changes.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "forward"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Geolocate.json b/analyzers/Onyphe/Onyphe_Geolocate.json
deleted file mode 100644
index 81ad04c24..000000000
--- a/analyzers/Onyphe/Onyphe_Geolocate.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Geolocate",
- "version": "1.0",
- "author": "Pierre Baudry, Adrien Barchapt",
- "url": "https://github.com/cybernardo/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve geolocation information for the given IPv{4,6} address.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "geolocate"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Inetnum.json b/analyzers/Onyphe/Onyphe_Inetnum.json
deleted file mode 100644
index c77b458b6..000000000
--- a/analyzers/Onyphe/Onyphe_Inetnum.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Inetnum",
- "version": "1.0",
- "author": "ANSSI",
- "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve Onyphe Inetnum information on an IPv{4,6} address with history.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "inetnum"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Ports.json b/analyzers/Onyphe/Onyphe_Ports.json
deleted file mode 100644
index fe7fb64c2..000000000
--- a/analyzers/Onyphe/Onyphe_Ports.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Ports",
- "version": "1.0",
- "author": "Pierre Baudry, Adrien Barchapt",
- "url": "https://github.com/cybernardo/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve synscan information Onyphe has for the given IPv{4,6} address with history of changes.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "ports"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Reverse.json b/analyzers/Onyphe/Onyphe_Reverse.json
deleted file mode 100644
index 8602b31ea..000000000
--- a/analyzers/Onyphe/Onyphe_Reverse.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Reverse",
- "version": "1.0",
- "author": "Pierre Baudry, Adrien Barchapt",
- "url": "https://github.com/cybernardo/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve reverse DNS lookup information Onyphe has for the given IPv{4,6} address with history of changes.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "reverse"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/Onyphe_Summary.json b/analyzers/Onyphe/Onyphe_Summary.json
new file mode 100644
index 000000000..b845f0df4
--- /dev/null
+++ b/analyzers/Onyphe/Onyphe_Summary.json
@@ -0,0 +1,31 @@
+{
+ "name": "Onyphe_Summary",
+ "version": "1.0",
+ "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri",
+ "license": "AGPL-V3",
+ "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+ "description": "Retrieve summary information Onyphe has for given ip, domain or fqdn.",
+ "dataTypeList": ["ip", "domain", "fqdn"],
+ "command": "Onyphe/onyphe_analyzer.py",
+ "baseConfig": "Onyphe",
+ "config": {
+ "service": "summary"
+ },
+ "configurationItems": [
+ {
+ "name": "key",
+ "description": "Define the API key to use to connect the service",
+ "type": "string",
+ "multi": false,
+ "required": true
+ },
+ {
+ "name": "verbose_taxonomies",
+ "description": "Set true if you want detailed taxonomies for port, subnet, geoloc, domain",
+ "type": "boolean",
+ "multi": false,
+ "required": true,
+ "defaultValue": false
+ }
+ ]
+}
diff --git a/analyzers/Onyphe/Onyphe_Threats.json b/analyzers/Onyphe/Onyphe_Threats.json
deleted file mode 100644
index 1753d0725..000000000
--- a/analyzers/Onyphe/Onyphe_Threats.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "name": "Onyphe_Threats",
- "version": "1.0",
- "author": "Pierre Baudry, Adrien Barchapt",
- "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
- "license": "AGPL-V3",
- "description": "Retrieve Onyphe threat information for the given IPv{4,6} address with history.",
- "dataTypeList": ["ip"],
- "command": "Onyphe/onyphe_analyzer.py",
- "baseConfig": "Onyphe",
- "config": {
- "service": "threats"
- },
- "configurationItems": [
- {
- "name": "key",
- "description": "Define the API key to use to connect the service",
- "type": "string",
- "multi": false,
- "required": true
- }
- ]
-}
diff --git a/analyzers/Onyphe/onyphe_analyzer.py b/analyzers/Onyphe/onyphe_analyzer.py
index aa7fc78cd..89e84e854 100755
--- a/analyzers/Onyphe/onyphe_analyzer.py
+++ b/analyzers/Onyphe/onyphe_analyzer.py
@@ -2,162 +2,197 @@
from cortexutils.analyzer import Analyzer
from onyphe_api import Onyphe
+from datetime import datetime
class OnypheAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param(
- 'config.service', None, 'Service parameter is missing')
- self.onyphe_key = self.get_param(
- 'config.key', None, 'Missing Onyphe API key')
+ "config.service", None, "Service parameter is missing"
+ )
+ self.onyphe_key = self.get_param("config.key", None, "Missing Onyphe API key")
self.onyphe_client = None
- self.polling_interval = self.get_param('config.polling_interval', 60)
+ self.verbose_taxonomies = self.get_param("config.verbose_taxonomies", False)
+ self.polling_interval = self.get_param("config.polling_interval", 60)
def summary(self, raw):
taxonomies = []
namespace = "Onyphe"
- if self.service == 'threats':
- output_data = {}
- for r in raw['threats']['results']:
- threatlist = r['threatlist']
- if threatlist not in output_data:
- output_data[threatlist] = {
- "dates": [],
- "subnets": [],
- "count": 0
- }
-
- if r['seen_date'] not in output_data[threatlist]["dates"]:
- output_data[threatlist]["dates"].append(r['seen_date'])
- output_data[threatlist]["count"] += 1
- if r['subnet'] not in output_data[threatlist]["subnets"]:
- output_data[threatlist]["subnets"].append(r['subnet'])
- for threatlist, threat_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'malicious', namespace, "Threat", "threatlist: {}, event count: {}".format(
- threatlist, threat_data['count'])))
-
- if self.service == 'geolocate':
- location = raw['location']['results'][0]
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "Geolocate", "country: {}, city: {}".format(
- location["country_name"], location["city"])))
-
- if self.service == 'inetnum':
- output_data = {}
- for r in raw['inetnum']['results']:
- subnet = r['subnet']
- if subnet not in output_data:
- output_data[subnet] = {
- "dates": []
- }
- if r['seen_date'] not in output_data[subnet]['dates']:
- output_data[subnet]['dates'].append(r['seen_date'])
- for subnet, subnet_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "Subnet", "subnet {} last seen {}".format(
- subnet, subnet_data['dates'][0])))
-
- if self.service == 'ports':
- output_data = {}
- for r in raw['ports']['results']:
- port = r['port']
- if port not in output_data:
- output_data[port] = {
- "dates": []
- }
- if r['seen_date'] not in output_data[port]['dates']:
- output_data[port]['dates'].append(r['seen_date'])
- for port_number, port_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "Port", "port {} last seen {}".format(
- port_number, port_data['dates'][0])))
-
- if self.service == 'datascan':
- output_data = {}
- for r in raw['datascan']['results']:
- port = r['port']
- if port not in output_data:
- output_data[port] = {
- "dates": []
- }
- if r['seen_date'] not in output_data[port]['dates']:
- output_data[port]['dates'].append(r['seen_date'])
- for port_number, port_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "Port", "port {} last seen {}".format(
- port_number, port_data['dates'][0])))
-
- if self.service == 'reverse':
- output_data = {}
- for r in raw['reverses']['results']:
- reverse = r['domain']
- if reverse not in output_data:
- output_data[reverse] = {
- "dates": []
- }
-
- if r['seen_date'] not in output_data[reverse]["dates"]:
- output_data[reverse]["dates"].append(r['seen_date'])
- for reverse, reverse_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "DNS Reverse", "name: {}, last_seen: {}".format(
- reverse, reverse_data['dates'][0])))
-
- if self.service == 'forward':
- output_data = {}
- for r in raw['forwards']['results']:
- forwarder = r['forward']
- if forwarder not in output_data:
- output_data[forwarder] = {
- "dates": []
- }
-
- if r['seen_date'] not in output_data[forwarder]["dates"]:
- output_data[forwarder]["dates"].append(r['seen_date'])
- for forwarder, forward_data in output_data.items():
- taxonomies.append(self.build_taxonomy(
- 'info', namespace, "DNS Forwarder", "forwarder: {}, last_seen: {}".format(
- forwarder, forward_data['dates'][0])))
-
- return {'taxonomies': taxonomies}
+
+ if not self.verbose_taxonomies:
+
+ threatlist = list(
+ set(
+ [
+ r["threatlist"]
+ for r in raw["results"]
+ if r["@category"] == "threatlist"
+ ]
+ )
+ )
+
+ if len(threatlist) > 0:
+ taxonomies.append(
+ self.build_taxonomy(
+ "malicious",
+ namespace,
+ "Threat",
+ "{} threat found".format(len(threatlist)),
+ )
+ )
+ else:
+ taxonomies.append(
+ self.build_taxonomy("info", namespace, "Threat", "No threat found",)
+ )
+ else:
+
+ output_data = {
+ "threatlist": {},
+ "subnet": {},
+ "port": {},
+ "reverse": {},
+ "forward": {},
+ "resolver": {},
+ }
+
+ for r in raw["results"]:
+
+ if r["@category"] == "threatlist":
+ threatlist = r["threatlist"]
+ if threatlist not in output_data["threatlist"]:
+ output_data["threatlist"][threatlist] = {
+ "dates": [],
+ "subnets": [],
+ "count": 0,
+ }
+ if (
+ r["seen_date"]
+ not in output_data["threatlist"][threatlist]["dates"]
+ ):
+ output_data["threatlist"][threatlist]["dates"].append(
+ r["seen_date"]
+ )
+ output_data["threatlist"][threatlist]["count"] += 1
+ if (
+ r["subnet"]
+ not in output_data["threatlist"][threatlist]["subnets"]
+ ):
+ output_data["threatlist"][threatlist]["subnets"].append(
+ r["subnet"]
+ )
+
+ elif r["@category"] == "geoloc":
+ taxonomies.append(
+ self.build_taxonomy(
+ "info",
+ namespace,
+ "Geolocate",
+ "country: {}, {}".format(
+ r["country"],
+ "location: {}".format(r["location"])
+ if not r.get("city", None)
+ else "city: {}".format(r["city"]),
+ ),
+ )
+ )
+
+ elif r["@category"] == "inetnum":
+ subnet = r["subnet"]
+ if subnet not in output_data["subnet"]:
+ output_data["subnet"][subnet] = {"dates": []}
+ if r["seen_date"] not in output_data["subnet"][subnet]["dates"]:
+ output_data["subnet"][subnet]["dates"].append(r["seen_date"])
+
+ elif r["@category"] in ["ports", "datascan"]:
+ port = r["port"]
+ if port not in output_data["port"]:
+ output_data["port"][port] = {"dates": []}
+ if r["seen_date"] not in output_data["port"][port]["dates"]:
+ output_data["port"][port]["dates"].append(r["seen_date"])
+
+ elif r["@category"] == "reverse":
+ reverse = r["domain"]
+ if reverse not in output_data["reverse"]:
+ output_data["reverse"][reverse] = {"dates": []}
+ if r["seen_date"] not in output_data["reverse"][reverse]["dates"]:
+ output_data["reverse"][reverse]["dates"].append(r["seen_date"])
+
+ elif r["@category"] == "forward":
+ forward = r["domain"]
+ if forward not in output_data["forward"]:
+ output_data["forward"][forward] = {"dates": []}
+ if r["seen_date"] not in output_data["forward"][forward]["dates"]:
+ output_data["forward"][forward]["dates"].append(r["seen_date"])
+
+ elif r["@category"] == "resolver":
+ resolver = r["hostname"]
+ if resolver not in output_data["resolver"]:
+ output_data["resolver"][resolver] = {"dates": []}
+ if r["seen_date"] not in output_data["resolver"][resolver]["dates"]:
+ output_data["resolver"][resolver]["dates"].append(
+ r["seen_date"]
+ )
+
+ for threatlist, threat_data in output_data["threatlist"].items():
+ taxonomies.append(
+ self.build_taxonomy(
+ "malicious",
+ namespace,
+ "Threat",
+ "threatlist: {}, event count: {}".format(
+ threatlist, threat_data["count"]
+ ),
+ )
+ )
+
+ for topic in ["subnet", "port", "forward", "reverse", "resolver"]:
+ for item, item_data in output_data[topic].items():
+ taxonomies.append(
+ self.build_taxonomy(
+ "info",
+ namespace,
+ item.capitalize(),
+ "{} {} last seen {}".format(
+ topic,
+ item,
+ max(
+ datetime.strptime(x, "%Y-%m-%d")
+ for x in item_data["dates"]
+ ),
+ ),
+ )
+ )
+
+ return {"taxonomies": taxonomies}
def run(self):
Analyzer.run(self)
try:
self.onyphe_client = Onyphe(self.onyphe_key)
- if self.service == 'threats':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'threats': self.onyphe_client.threatlist(ip)}
- self.report(results)
- if self.service == 'ports':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'ports': self.onyphe_client.synscan(ip)}
- self.report(results)
- if self.service == 'geolocate':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'location': self.onyphe_client.geolocate(ip)}
- self.report(results)
- if self.service == 'reverse':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'reverses': self.onyphe_client.reverse(ip)}
- self.report(results)
- if self.service == 'forward':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'forwards': self.onyphe_client.forward(ip)}
- self.report(results)
- if self.service == 'inetnum':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'inetnum': self.onyphe_client.inetnum(ip)}
- self.report(results)
- if self.service == 'datascan':
- ip = self.get_param('data', None, 'Data is missing')
- results = {'datascan': self.onyphe_client.datascan(ip)}
- self.report(results)
+ data = self.get_param("data", None, "Data is missing")
+ results = self.onyphe_client.summary(data, self.data_type)
+ results["totals_category"] = {
+ k: len(
+ [x for x in results["results"] if x["@category"] == k]
+ )
+ for k in [
+ "threatlist",
+ "threats",
+ "geoloc",
+ "inetnum",
+ "ports",
+ "reverse",
+ "datascan",
+ "forward",
+ ]
+ }
+
+ self.report(results)
+
except Exception:
pass
-if __name__ == '__main__':
+if __name__ == "__main__":
OnypheAnalyzer().run()
diff --git a/analyzers/Onyphe/onyphe_api.py b/analyzers/Onyphe/onyphe_api.py
index 3ad4cf23a..eef046601 100755
--- a/analyzers/Onyphe/onyphe_api.py
+++ b/analyzers/Onyphe/onyphe_api.py
@@ -15,7 +15,7 @@ def __init__(self, key: str):
:type key: str
"""
self.api_key = key
- self.base_url = "https://www.onyphe.io"
+ self.base_url = "https://www.onyphe.io/"
self._session = requests.Session()
def _request(self, path: str, query_params: dict={}):
@@ -42,87 +42,15 @@ def _request(self, path: str, query_params: dict={}):
return response_data
- def _request_without_api(self, path: str, query_params: dict={}):
- """Specialized wrapper around the requests module to request data from Onyphe without the api_key(geolocate and myip)
- :param path: The URL path after the onyphe FQDN
- :type path: str
- :param query_params: The dictionnary of query parameters that gets appended to the URL
- :type query_params: str
- """
- url = urljoin(self.base_url, path)
- response = self._session.get(url=url, data=query_params)
-
- if response.status_code == 429:
- raise APIRateLimiting(response.text)
- try:
- response_data = response.json()
- except Exception:
- raise APIError("Couldn't parse response JSON")
-
- if response_data["error"] > 0:
- raise APIError("got error {}: {}".format(
- response_data["error"], response_data["message"]))
-
- return response_data
-
- def myip(self):
- """This method is open to use. There is need for an API key.
- """
- url_path = "/api/myip"
- return self._request_without_api(path=url_path)
-
- def geolocate(self, ip: str):
- """Return geolocate information from ip address (Geolocate doesn't need apikey !!)
- """
- url_path = "/api/geoloc/{ip}".format(ip=ip)
- return self._request_without_api(path=url_path)
-
- def ip(self, ip: str):
- """Return a summary of all information we have for the given IPv{4,6} address. History of changes will not be shown, only latest results.
- """
- url_path = "/api/ip/{ip}".format(ip=ip)
- return self._request(path=url_path)
-
- def inetnum(self, ip: str):
- """Return inetnum information we have for the given IPv{4,6} address with history of changes. Multiple subnets may match because of delegation mechanisms. We return all of them
- """
- url_path = "/api/inetnum/{ip}".format(ip=ip)
- return self._request(path=url_path)
-
- def threatlist(self, ip: str):
- """Return threatlist information we have for the given IPv{4,6} address with history of changes
- """
- url_path = "/api/threatlist/{ip}".format(ip=ip)
- return self._request(path=url_path)
-
- def pastries(self, ip: str):
- """Return pastries information we have for the given IPv{4,6} address with history of changes.
- """
- url_path = "/api/pastries/{ip}".format(ip=ip)
- return self._request(path=url_path)
-
- def synscan(self, ip: str):
- """Return synscan information we have for the given IPv{4,6} address with history of changes. Multiple synscan entries may match. We return all of them.
- """
- url_path = "/api/synscan/{ip}".format(ip=ip)
- return self._request(path=url_path)
-
- def datascan(self, search: str):
- """Return datascan information we have for the given IPv{4,6} address or string with history of changes
- """
- url_path = "/api/datascan/{search}".format(search=search)
- return self._request(path=url_path)
-
- def reverse(self, search: str):
- """Return reverse DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple reverse DNS entries may match. We return all of them.
- """
- url_path = "/api/reverse/{search}".format(search=search)
- return self._request(path=url_path)
-
- def forward(self, search: str):
- """Return forward DNS lookup information we have for the given IPv{4,6} address with history of changes. Multiple forward DNS entries may match. We return all of them.
+ def summary(self, data: str, datatype: str):
+ """Return a summary of all information we have for the given IPv{4,6} address.
"""
- url_path = "/api/forward/{search}".format(search=search)
+ if datatype == 'ip':
+ url_path = "/api/v2/summary/ip/{ip}".format(ip=data)
+ elif datatype == 'domain':
+ url_path = "/api/v2/summary/domain/{domain}".format(domain=data)
+ elif datatype == 'hostname':
+ url_path = "/api/v2/summary/hostname/{hostname}".format(hostname=data)
return self._request(path=url_path)
diff --git a/thehive-templates/Onyphe_Datascan_1_0/long.html b/thehive-templates/Onyphe_Datascan_1_0/long.html
deleted file mode 100644
index 744ae49d7..000000000
--- a/thehive-templates/Onyphe_Datascan_1_0/long.html
+++ /dev/null
@@ -1,78 +0,0 @@
-
-
- Onyphe Datascan - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.datascan.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.datascan.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.datascan.error}}
-
-
-
-
-
- | Category |
- Type |
- ASN |
- Country |
- IPv4 |
- Organisation |
- Location |
- Port |
- Protocol |
- OS |
- Product |
- Product Version |
- Seen Date |
- Data MD5 |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.asn}} |
- {{r.country}} |
- {{r.ip}} |
- {{r.organization}} |
- {{r.location}} |
- {{r.port}} |
- {{r.protocol}} |
- {{r.os}} |
- {{r.product}} |
- {{r.productversion}} |
- {{r.seen_date}} |
- {{r.datamd5}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-
-
- Onyphe Forward - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.forwards.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.forwards.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.forwards.error}}
-
-
-
-
-
- | Category |
- Type |
- Domain |
- IPv4 |
- IPv6 |
- Seen date |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.domain}} |
- {{r.ip}} |
- {{r.ipv6}} |
- {{r.seen_date}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{results.errorMessage}}
-
-
-
- Onyphe Geolocate - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.location.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.location.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.location.error}}
-
-
-
-
-
- | Category |
- Type |
- ASN |
- City |
- Country |
- Latitude |
- Longitude |
- Organization |
- IPv4 |
- IPv6 |
- Subnet |
-
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.asn}} |
- {{r.city}} |
- {{r.country_name}}/{{r.country}} |
- {{r.latitude}} |
- {{r.longitude}} |
- {{r.organisation}} |
- {{r.ip}} |
- {{r.ipv6}} |
- {{r.subnet}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-
-
- Onyphe Datascan - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.inetnum.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.inetnum.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.inetnum.error}}
-
-
-
-
-
- | Category |
- Type |
- ASN |
- Country |
- Subnet |
- Organisation |
- Location |
- Netname |
- Seen Date |
- Source |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.asn}} |
- {{r.country}} |
- {{r.subnet}} |
- {{r.organization}} |
- {{r.location}} |
- {{r.netname}} |
- {{r.seen_date}} |
- {{r.source}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-
-
- Onyphe Ports - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.ports.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.ports.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.ports.error}}
-
-
-
-
-
- | Category |
- Type |
- ASN |
- Country |
- IPv4 |
- Organisation |
- Location |
- OS |
- Port |
- Seen date |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.asn}} |
- {{r.country}} |
- {{r.ip}} |
- {{r.organization}} |
- {{r.location}} |
- {{r.os}} |
- {{r.port}} |
- {{r.seen_date}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-
-
- Onyphe Reverse - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.reverses.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.reverses.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.reverses.error}}
-
-
-
-
-
- | Category |
- Type |
- Domain |
- IPv4 |
- IPv6 |
- Reverse |
- Seen date |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.domain}} |
- {{r.ip}} |
- {{r.ipv6}} |
- {{r.reverse}} |
- {{r.seen_date}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-
+
+ Onyphe Summary - {{(artifact.data || artifact.attachment.name) | fang}}
+
+
+
+
+ | IPv6 |
+ Subnet |
+ Threat list |
+ Seen date |
+
+
+
+ | {{r.ipv6}} |
+ {{r.subnet}} |
+ {{r.threatlist}} |
+ {{r.seen_date}} |
+
+
+
+
+
+
+ Threats
+
+
+
+
+ | IPv6 |
+ Subnet |
+ Threat list |
+ Seen date |
+
+
+
+ | {{r.ipv6}} |
+ {{r.subnet}} |
+ {{r.threatlist}} |
+ {{r.seen_date}} |
+
+
+
+
+
+
+ Geolocate
+
+
+
+
+ | ASN |
+ City |
+ Country |
+ Latitude |
+ Longitude |
+ Organization |
+ IPv4 |
+ IPv6 |
+ Subnet |
+
+
+
+
+ | {{r.asn}} |
+ {{r.city}} |
+ {{r.country_name}}/{{r.country}} |
+ {{r.latitude}} |
+ {{r.longitude}} |
+ {{r.organisation}} |
+ {{r.ip}} |
+ {{r.ipv6}} |
+ {{r.subnet}} |
+
+
+
+
+
+
+ inetnum
+
+
+
+
+ | ASN |
+ Country |
+ Subnet |
+ Organisation |
+ Location |
+ Netname |
+ Seen Date |
+ Source |
+
+
+
+ | {{r.asn}} |
+ {{r.country}} |
+ {{r.subnet}} |
+ {{r.organization}} |
+ {{r.location}} |
+ {{r.netname}} |
+ {{r.seen_date}} |
+ {{r.source}} |
+
+
+
+
+
+
+ Ports
+
+
+
+
+ | ASN |
+ Country |
+ IPv4 |
+ Organisation |
+ Location |
+ OS |
+ Port |
+ Seen date |
+
+
+
+ | {{r.asn}} |
+ {{r.country}} |
+ {{r.ip}} |
+ {{r.organization}} |
+ {{r.location}} |
+ {{r.os}} |
+ {{r.port}} |
+ {{r.seen_date}} |
+
+
+
+
+
+
+ Reverse
+
+
+
+
+ | Domain |
+ IPv4 |
+ IPv6 |
+ Reverse |
+ Seen date |
+
+
+
+ | {{r.domain}} |
+ {{r.ip}} |
+ {{r.ipv6}} |
+ {{r.reverse}} |
+ {{r.seen_date}} |
+
+
+
+
+
+
+ DataScan
+
+
+
+
+ | ASN |
+ Country |
+ IPv4 |
+ Organisation |
+ Location |
+ Port |
+ Protocol |
+ OS |
+ Product |
+ Product Version |
+ Seen Date |
+ Data MD5 |
+
+
+
+ | {{r.asn}} |
+ {{r.country}} |
+ {{r.ip}} |
+ {{r.organization}} |
+ {{r.location}} |
+ {{r.port}} |
+ {{r.protocol}} |
+ {{r.os}} |
+ {{r.product}} |
+ {{r.productversion}} |
+ {{r.seen_date}} |
+ {{r.datamd5}} |
+
+
+
+
+
+
+ Forward
+
+
+
+
+ | Domain |
+ IPv4 |
+ IPv6 |
+ Seen date |
+
+
+
+ | {{r.domain}} |
+ {{r.ip}} |
+ {{r.ipv6}} |
+ {{r.seen_date}} |
+
+
+
+
+
+
+ {{artifact.data | fang}}
+
+
+ {{content.errorMessage}}
+
+
-
- Onyphe Threats - {{(artifact.data || artifact.attachment.name) | fang}}
-
-
-
- -
- My IP
-
- -
- {{content.threats.myip}}
-
-
-
- -
- Number of results
-
- -
- {{content.threats.count}}
-
-
-
- -
- Error(s)
-
- -
- {{content.threats.error}}
-
-
-
-
-
- | Category |
- Type |
- IPv6 |
- Subnet |
- Threat list |
- Seen date |
-
-
-
- | {{r["@category"]}} |
- {{r["@type"]}} |
- {{r.ipv6}} |
- {{r.subnet}} |
- {{r.threatlist}} |
- {{r.seen_date}} |
-
-
-
-
-
-
- {{artifact.data | fang}}
-
-
- {{content.errorMessage}}
-
-