From abe1edd441408b11d5c1728095f4b8bfb78a680f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Sun, 18 Oct 2020 09:23:27 +0200
Subject: [PATCH] #805 #806 extract interesting orbservables from reports

---
 analyzers/CIRCLPassiveSSL/circl_passivessl.py | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/analyzers/CIRCLPassiveSSL/circl_passivessl.py b/analyzers/CIRCLPassiveSSL/circl_passivessl.py
index 02ef0bee2..ddbb16ba8 100755
--- a/analyzers/CIRCLPassiveSSL/circl_passivessl.py
+++ b/analyzers/CIRCLPassiveSSL/circl_passivessl.py
@@ -89,6 +89,30 @@ def summary(self, raw):
 
         return {"taxonomies": taxonomies}
 
+
+    def artifacts(self, raw):
+        artifacts = []
+        if 'certificates' in raw:
+            for c in raw.get('certificates'):
+                artifacts.append(
+                    self.build_artifact(
+                        'hash',
+                         str(c.get('fingerprint'))
+                )
+            )
+        
+        if 'query' in raw:
+            for ip in raw.get('query').get('seen'):
+                artifacts.append(
+                    self.build_artifact(
+                        'ip',
+                        str(ip)
+                    )
+
+                )
+        return artifacts
+
+
     def run(self):
         if self.data_type == 'certificate_hash' or self.data_type == 'hash':
             data = self.get_data()