diff --git a/analyzers/File_Info/fileinfo_analyzer.py b/analyzers/File_Info/fileinfo_analyzer.py
index 45c095a7c..14ad9624a 100755
--- a/analyzers/File_Info/fileinfo_analyzer.py
+++ b/analyzers/File_Info/fileinfo_analyzer.py
@@ -138,18 +138,38 @@ def MSOffice_Summary(self,report):
# SUMMARY
def summary(self, fullReport):
+
+ taxonomy = {"level": "info", "namespace": "FileInfo", "predicate": "Filetype", "value": 0}
+ taxonomies = []
+
if fullReport['Mimetype'] in ['application/x-dosexec']:
- return self.PE_Summary(fullReport)
- if fullReport['Mimetype'] in ['application/pdf']:
- return self.PDF_Summary(fullReport)
- if (fullReport['filetype'] in ['DOC','DOCM','DOCX',
+ pereport = self.PE_Summary(fullReport)
+ taxonomy["value"] = pereport['filetype']
+ taxonomies.append(taxonomy)
+ elif fullReport['Mimetype'] in ['application/pdf']:
+ pdfreport = self.PDF_Summary(fullReport)
+ taxonomy['value'] = pdfreport['filetype']
+ if pdfreport['suspicious']:
+ taxonomy['level'] = 'warning'
+ taxonomies.append(taxonomy)
+ elif (fullReport['filetype'] in ['DOC','DOCM','DOCX',
'XLS', 'XLSM', 'XLSX',
'PPT', "PPTM", 'PPTX']):
- return self.MSOffice_Summary(fullReport)
+ msreport = self.MSOffice_Summary(fullReport)
+ taxonomy['value'] = msreport['filetype']
+ if msreport['suspicious']:
+ taxonomy['level'] = 'warning'
+ taxonomies.append(taxonomy)
+ else:
+ taxonomy['value'] = fullReport['filetype']
+ taxonomies.append(taxonomy)
+
+ result = {'taxonomies': taxonomies}
+ return result
+
+
+
- return {
- 'filetype': fullReport['filetype']
- }
def SpecificInfo(self,report):
# run specific program for PE
diff --git a/thehive-templates/File_Info_1_0/short.html b/thehive-templates/File_Info_1_0/short.html
index 7d0de04e8..563ca58f3 100644
--- a/thehive-templates/File_Info_1_0/short.html
+++ b/thehive-templates/File_Info_1_0/short.html
@@ -1,7 +1,3 @@
-
- File_Info:filetype={{content.filetype}}
-
-
-
- File_Info:Suspicious
-
+
+ {{t.namespace}}:{{t.predicate}}={{t.value}}
+