Skip to content

Commit

Permalink
#56 update JoeSandbox summary() and short reports
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Jun 16, 2017
1 parent f1b3d94 commit bda9c34
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 40 deletions.
27 changes: 26 additions & 1 deletion analyzers/JoeSandbox/joesandbox_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,35 @@ def summary(self, raw):
'dataType': self.data_type
}

result.update(raw['detection'])
taxonomy = {"level": "info", "namespace": "JSB", "predicate": "Clean", "value": 0}
taxonomies = []

r = raw['detection']

taxonomy["value"] = "\"{}/{}\"".format(r["score"], r["maxscore"])
if r["clean"]:
taxonomy["level"] = "safe"
elif r["suspicious"]:
taxonomy["level"] = "suspicious"
taxonomy["predicate"] = "Suspicious"
elif r["malicious"]:
taxonomy["level"] = "malicious"
taxonomy["predicate"] = "Malicious"


else:
taxonomy["level"] = "info"
taxonomy["value"] = "?"

taxonomies.append(taxonomy)
result.update(taxonomies)

return result

# content = (k,v) k.score / k.maxscore
#{malicious: true, service: "file_analysis_inet", dataType: "file", unknown: false, minscore: 0,…}


def run(self):
Analyzer.run(self)

Expand Down
16 changes: 3 additions & 13 deletions thehive-templates/JoeSandbox_File_Analysis_Inet_1_1/short.html
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
<span ng-repeat="(k,v) in content">
<span ng-switch="k">
<span ng-switch-when="clean" class="label label-success" ng-if="v === true">
JSB:Clean
</span>
<span ng-switch-when="malicious" class="label label-danger" ng-if="v === true">
JSB:Malicious={{content.score}}/{{content.maxscore}}
</span>
<span ng-switch-when="suspicious" class="label label-danger" ng-if="v === true">
JSB:Suspicious={{content.score}}/{{content.maxscore}}
</span>
</span>
</span>
<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}={{t.value}}
</span>&nbsp;
16 changes: 3 additions & 13 deletions thehive-templates/JoeSandbox_File_Analysis_Noinet_1_1/short.html
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
<span ng-repeat="(k,v) in content">
<span ng-switch="k">
<span ng-switch-when="clean" class="label label-success" ng-if="v === true">
JSB:Clean
</span>
<span ng-switch-when="malicious" class="label label-danger" ng-if="v === true">
JSB:Malicious={{content.score}}/{{content.maxscore}}
</span>
<span ng-switch-when="suspicious" class="label label-danger" ng-if="v === true">
JSB:Suspicious={{content.score}}/{{content.maxscore}}
</span>
</span>
</span>
<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}={{t.value}}
</span>&nbsp;
16 changes: 3 additions & 13 deletions thehive-templates/JoeSandbox_Url_Analysis_1_1/short.html
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
<span ng-repeat="(k,v) in content">
<span ng-switch="k">
<span ng-switch-when="clean" class="label label-success" ng-if="v === true">
JSB:Clean
</span>
<span ng-switch-when="malicious" class="label label-danger" ng-if="v === true">
JSB:Malicious={{content.score}}/{{content.maxscore}}
</span>
<span ng-switch-when="suspicious" class="label label-danger" ng-if="v === true">
JSB:Suspicious={{content.score}}/{{content.maxscore}}
</span>
</span>
</span>
<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}={{t.value}}
</span>&nbsp;

0 comments on commit bda9c34

Please sign in to comment.