#56 update CIRCL PassiveSSL summary() and short reports

TheHive-Project · Jun 15, 2017 · ebb9877 · ebb9877
1 parent 605bd1f
commit ebb9877
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/analyzers/CIRCLPassiveSSL/circl_passivessl.py b/analyzers/CIRCLPassiveSSL/circl_passivessl.py
@@ -66,17 +66,22 @@ def query_certificate(self, cert_hash):
         return {'query': cquery,
                 'cert': cfetch}
 
+
     def summary(self, raw):
-        if raw.get('cert', None):
-            result = {'num_ips_used_cert': raw.get('query').get('hits')}
-
-            # Not available for all certificates
-            if raw.get('cert').get('icsi', None):
-                result['validated'] = raw.get('cert').get('icsi').get('validated')
-                result['lastseen'] = raw.get('cert').get('icsi').get('last_seen')
-            return result
+        result = {"level": "info", "taxonomy": {"namespace": "CIRCL", "predicate": "PassiveSSL", "value": 0}}
+
+        if (self.data_type == 'hash') and ("query" in raw):
+            r = raw.get('query', 0).get('hits', 0)
+        if (self.data_type == 'ip') and ("certificates" in raw):
+            r = len(raw['certificates'])
+
+        if r == 0 or r == 1:
+            result["taxonomy"]["value"] = "\"{} hit\"".format(r)
         else:
-            return {'num_certs_by_ip': len(raw.get(self.getData()).get('certificates'))}
+            result["taxonomy"]["value"] = "\"{} hits\"".format(r)
+
+        return result
+
 
     def run(self):
         if self.data_type == 'certificate_hash' or self.data_type == 'hash':

diff --git a/thehive-templates/CIRCLPassiveSSL_1_0/short.html b/thehive-templates/CIRCLPassiveSSL_1_0/short.html
@@ -1,4 +1,3 @@
-<span ng-if="success">
-    <span class="label label-info" ng-if="content.num_ips_used_cert >= 0">CIRCL:PassiveSSL= {{content.num_ips_used_cert}} IPs used that certificate</span>&nbsp;
-    <span class="label label-info" ng-if="content.num_certs_by_ip >= 0">CIRCL:PassiveSSL= {{content.num_certs_by_ip}} different certificates on IP<span>&nbsp;
+<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
 </span>&nbsp;