#56 update FileInfo summary() and short reports

TheHive-Project · Jun 16, 2017 · fcd8197 · fcd8197
1 parent ee94e1e
commit fcd8197
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 15 deletions.
diff --git a/analyzers/File_Info/fileinfo_analyzer.py b/analyzers/File_Info/fileinfo_analyzer.py
@@ -138,18 +138,38 @@ def MSOffice_Summary(self,report):
 
     # SUMMARY
     def summary(self, fullReport):
+
+        taxonomy = {"level": "info", "namespace": "FileInfo", "predicate": "Filetype", "value": 0}
+        taxonomies = []
+
         if fullReport['Mimetype'] in ['application/x-dosexec']:
-            return self.PE_Summary(fullReport)
-        if fullReport['Mimetype'] in ['application/pdf']:
-            return self.PDF_Summary(fullReport)
-        if (fullReport['filetype'] in ['DOC','DOCM','DOCX',
+            pereport = self.PE_Summary(fullReport)
+            taxonomy["value"] = pereport['filetype']
+            taxonomies.append(taxonomy)
+        elif fullReport['Mimetype'] in ['application/pdf']:
+            pdfreport = self.PDF_Summary(fullReport)
+            taxonomy['value'] = pdfreport['filetype']
+            if pdfreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        elif (fullReport['filetype'] in ['DOC','DOCM','DOCX',
                                     'XLS', 'XLSM', 'XLSX',
                                     'PPT', "PPTM", 'PPTX']):
-            return self.MSOffice_Summary(fullReport)
+            msreport = self.MSOffice_Summary(fullReport)
+            taxonomy['value'] = msreport['filetype']
+            if msreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        else:
+            taxonomy['value'] = fullReport['filetype']
+            taxonomies.append(taxonomy)
+
+        result = {'taxonomies': taxonomies}
+        return result
+
+
+
 
-        return {
-            'filetype': fullReport['filetype']
-        }
 
     def SpecificInfo(self,report):
         # run specific program for PE

diff --git a/thehive-templates/File_Info_1_0/short.html b/thehive-templates/File_Info_1_0/short.html
@@ -1,7 +1,3 @@
-<span class="label label-info" ng-if="!content.suspicious">
-    File_Info:filetype={{content.filetype}}
-</span>
-
-<span class="label label-warning" ng-if="content.suspicious">
-    File_Info:Suspicious
-</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;