Skip to content

Commit

Permalink
Merge pull request #418 from nicpenning/master
Browse files Browse the repository at this point in the history 
Updating Cuckoo Analyzer/Report Templates
  • Loading branch information
@jeromeleonard
jeromeleonard authored Feb 20, 2019
2 parents 44945bc + b241bc4 commit c41779c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 21 deletions.
10 changes: 5 additions & 5 deletions analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,17 +105,17 @@ def run(self):
else:
snort_alerts = []
try:
hosts = [(x['ip'], x['hostname'], x['country_name']) for x in
resp_json['network']['hosts']] if 'hosts' in resp_json['network'].keys() else None
domains = [(x['ip'], x['domain']) for x in
resp_json['network']['domains']] if 'domains' in resp_json['network'].keys() else None
except TypeError as e:
hosts = [x for x in resp_json['network']['hosts']] if 'hosts' in resp_json['network'].keys() else []
domains = [x for x in resp_json['network']['domains']] if 'domains' in resp_json['network'].keys() else []
uri = [(x['uri']) for x in resp_json['network']['http']] if 'http' in resp_json['network'].keys() else []
if self.data_type == 'url':
self.report({
'signatures': list_description,
'suricata_alerts': suri_alerts,
'snort_alerts': snort_alerts,
'hosts': hosts,
'domains': domains,
'uri': uri,
'malscore': resp_json['malscore'] if 'malscore' in resp_json.keys() else resp_json['info'].get(
'score', None),
Expand All @@ -129,7 +129,7 @@ def run(self):
'signatures': list_description,
'suricata_alerts': suri_alerts,
'snort_alerts': snort_alerts,
'hosts': hosts,
'domains': domains,
'uri': uri,
'malscore': resp_json['malscore'] if 'malscore' in resp_json.keys() else resp_json['info'].get(
'score', None),
Expand Down
16 changes: 7 additions & 9 deletions thehive-templates/CuckooSandbox_File_Analysis_Inet_1_0/long.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,18 @@ <h4>Signatures</h4>
</div>
<div class="panel-body">

<div ng-if="content.hosts">
<div ng-if="content.domains">
<h4>Remote connections</h4>
<br>
<div>
<table class="table table-hover">
<tr>
<th>Domain</th>
<th>IP</th>
<th>Location</th>
<th>Domain</th>
</tr>
<tr ng-repeat="host in content.hosts track by $index">
<td>{{host[1]}}</td>
<td>{{host[0]}}</td>
<td>{{host[2]}}</td>
<tr ng-repeat="domains in content.domains track by $index">
<td>{{domains[0]}}</td>
<td>{{domains[1]}}</td>
</tr>
</table>
</div>
Expand Down Expand Up @@ -105,8 +103,8 @@ <h4>URI</h4>
<div ng-if="content.yara">
<h4>Yara</h4>
<br>
<dl class="dl-horizontal" ng-repeat="yara in content.yara track by $index">
<dd>{{ yara }}<dd>
<dl class="dl-horizontal">
<dd>{{ content.yara }}<dd>
</dl>
</div>
<div ng-if="!content.yara">
Expand Down
12 changes: 5 additions & 7 deletions thehive-templates/CuckooSandbox_Url_Analysis_1_0/long.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,18 @@ <h4>Signatures</h4>
</div>
<div class="panel-body">

<div ng-if="content.hosts">
<div ng-if="content.domains">
<h4>Remote connections</h4>
<br>
<div>
<table class="table table-hover">
<tr>
<th>Domain</th>
<th>IP</th>
<th>Location</th>
<th>Domain</th>
</tr>
<tr ng-repeat="host in content.hosts track by $index">
<td>{{host[1]}}</td>
<td>{{host[0]}}</td>
<td>{{host[2]}}</td>
<tr ng-repeat="domains in content.domains track by $index">
<td>{{domains[0]}}</td>
<td>{{domains[1]}}</td>
</tr>
</table>
</div>
Expand Down

0 comments on commit c41779c

Please sign in to comment.