#56 update Domaintools summary() and short reports

TheHive-Project · Jun 15, 2017 · aa70b8f · aa70b8f
1 parent b247b4f
commit aa70b8f
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 19 deletions.
diff --git a/analyzers/DomainTools/domaintools.py b/analyzers/DomainTools/domaintools.py
@@ -21,35 +21,66 @@ def __init__(self):
             'config.service', None, 'Service parameter is missing')
 
     def summary(self, raw):
-        result = {
+        r = {
             "service": self.service,
             "dataType": self.data_type
         }
 
+        taxonomy = {"level": "info", "namespace": "DT", "predicate": "Info", "value": 0}
+        taxonomies = []
+
         if("ip_addresses" in raw):
-            result["ip"] = {
+            r["ip"] = {
                 "address": raw["ip_addresses"]["ip_address"],
                 "domain_count": raw["ip_addresses"]["domain_count"]
             }
 
         if("domain_count" in raw):
-            result["domain_count"] = {
+            r["domain_count"] = {
                 "current": raw["domain_count"]["current"],
                 "historic": raw["domain_count"]["historic"]
             }
 
         if("registrant" in raw):
-            result["registrant"] = raw["registrant"]
+            r["registrant"] = raw["registrant"]
         elif("response" in raw and "registrant" in raw["response"]):
-            result["registrant"] = raw["response"]["registrant"]
+            r["registrant"] = raw["response"]["registrant"]
 
         if("parsed_whois" in raw):
-            result["registrar"] = raw["parsed_whois"]["registrar"]["name"]
+            r["registrar"] = raw["parsed_whois"]["registrar"]["name"]
+            #
 
         if("name_server" in raw):
-            result["name_server"] = raw["name_server"]["hostname"]
-            result["domain_count"] = raw["name_server"]["total"]
+            r["name_server"] = raw["name_server"]["hostname"]
+            r["domain_count"] = raw["name_server"]["total"]
+
+
+
+        # Prepare predicate and value for each service
+        if r["service"] == "reverse-ip":
+            report["predicate"] = "Reverse_IP"
+            taxonomy["value"] = "\"{}, {} domains\"".format(r["ip"]["address"], r["ip"]["domain_count"])
+
+        if r["service"] == "name-server-domains":
+            taxonomy["predicate"] = "Reverse_Name_Server"
+            taxonomy["value"] = "\"{}, {} domains\"".format(r["name_server"], r["domain_count"])
+
+        if r["service"] == "reverse-whois":
+            taxonomy["predicate"] = "Reverse_Whois"
+            taxonomy["value"] = "\"curr:{} / hist:{} domains\"".format(r["domain_count"]["current"], r["domain_count"]["historic"])
+
+        if r["service"] == "whois/history":
+            taxonomy["predicate"] = "Whois_History"
+            taxonomy["value"] = "\"{}, {} domains \"".format(r["name_server"], r["domain_count"])
+
+        if (r["service"] == "whois/parsed") or (r['service'] == "whois"):
+            taxonomy["predicate"] = "Whois"
+            taxonomy["value"] = "\"REGISTRAR:{}\"".format(r["registrar"])
+            taxonomies.append(taxonomy)
+            taxonomy["value"] = "\"REGISTRANT:{}\"".format(r["registrant"])
+            taxonomies.append(taxonomy)
 
+        result = {'taxonomies': taxonomies}
         return result
 
     def run(self):

diff --git a/thehive-templates/DomainTools_ReverseIP_1_0/short.html b/thehive-templates/DomainTools_ReverseIP_1_0/short.html
@@ -1 +1,3 @@
-<span ng-if="content.ip.address || content.ip.domain_count" class="label label-info">DT:ReverseIP={{content.ip.address}}: {{content.ip.domain_count}} domains found</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html b/thehive-templates/DomainTools_ReverseNameServer_1_0/short.html
@@ -1 +1,3 @@
-<span ng-if="content.name_server" class="label label-info">DT:ReverseNameServer= {{content.name_server}}, {{content.domain_count}} domains</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/DomainTools_ReverseWhois_1_0/short.html b/thehive-templates/DomainTools_ReverseWhois_1_0/short.html
@@ -1,3 +1,3 @@
-<span ng-if="content.domain_count.current || content.domain_count.historic" class="label label-info">
-    DT:ReverseWhois= curr:{{content.domain_count.current}}/hist:{{content.domain_count.historic}} domains found
-</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/DomainTools_WhoisHistory_1_0/short.html b/thehive-templates/DomainTools_WhoisHistory_1_0/short.html
@@ -1,2 +1,3 @@
-<span ng-if="content.registrant" class="label label-info">DT:WhoisHistory,REGISTRANT= {{content.registrant}}</span>
-<span ng-if="content.registrar" class="label label-info">DT:WhoisHistory,REGISTRAR= {{content.registrar}}</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/DomainTools_WhoisLookup_1_0/short.html b/thehive-templates/DomainTools_WhoisLookup_1_0/short.html
@@ -1,2 +1,3 @@
-<span ng-if="content.registrant" class="label label-info">DT:Whois,REGISTRANT= {{content.registrant}}</span>
-<span ng-if="content.registrar" class="label label-info">DT:Whois,REGISTRAR= {{content.registrar}}</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;
diff --git a/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html b/thehive-templates/DomainTools_WhoisLookup_IP_1_0/short.html
@@ -1,2 +1,3 @@
-<span ng-if="content.registrant" class="label label-info">DT:Whois,REGISTRANT= {{content.registrant}}</span>
-<span ng-if="content.registrar" class="label label-info">DT:Whois,REGISTRAR= {{content.registrar}}</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;