add TheHive template for Phishing Initiative - Scan analyzer.

TheHive-Project · Aug 2, 2018 · aad7a16 · aad7a16
1 parent f9a1fbb
commit aad7a16
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 6 deletions.
diff --git a/analyzers/PhishingInitiative/phishinginitiative_scan.py b/analyzers/PhishingInitiative/phishinginitiative_scan.py
@@ -18,9 +18,9 @@ def summary(self, raw):
         predicate = "Status"
         value = "\"Clean\""
 
-        if raw["tag_label"] == "phishing":
+        if raw["status"] == "phishing":
             level = "malicious"
-            value = "\"{}\"".format(raw["tag_label"])
+            value = "\"{}\"".format(raw["status"])
         taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
         return {"taxonomies": taxonomies}
 
@@ -35,13 +35,13 @@ def run(self):
             api_response_url = "".join(api_response["url"])
 
             if "Elle a été marquée comme étant du phishing" in api_response_url:
-                self.report("phishing")
+                self.report({"status":"phishing"})
             elif "Elle est en cours d'analyse" in api_response_url:
-                self.report("analyzing")
+                self.report({"status":"analyzing"})
             elif "Elle n'est pas considérée comme étant du phishing" in api_response_url:
-                self.report("clean")
+                self.report({"status":"clean"})
             else:
-                self.report("report")
+                self.report({"status":"report"})
         except Exception:
             self.unexpectedError("Service unavailable")
 

diff --git a/thehive-templates/PhishingInitiative_Scan_1_0/long.html b/thehive-templates/PhishingInitiative_Scan_1_0/long.html
@@ -0,0 +1,21 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        PhishingInitiative Report for <strong>{{artifact.data | fang}}</strong>
+    </div>
+    <div class="panel-body">
+ <dl class="dl-horizontal">
+                <dt>Status: </dt>
+                <dd class="wrap" ng-class="{'text-danger': content.status==='phishing', 'text-warning': content.status==='analyzing', 'text-success': content.status==='clean'}">
+   {{content.status}}
+  </dd>
+        </dl>
+    </div>
+</div>
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{artifact.data | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
diff --git a/thehive-templates/PhishingInitiative_Scan_1_0/short.html b/thehive-templates/PhishingInitiative_Scan_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>