[Bug] Investigate Analyzer Broken

[jaredstewart101]

Describe the bug
I've configured the investigate analyzer with our API key from Cisco subscription, but when I attempt to run the analyzer using the "Categorization" feature, it returns with a message saying:

"Unknown Investigate service or invalid data type"

To Reproduce
Steps to reproduce the behavior:

1. Configure analyzer with API key from Cisco Umbrella
2. Add domain observable to case such as "amazon.com"
3. Run "Investigate_Categorization_1_0"
4. Report will fail with message "Unknown Investigate service or invalid data type"

Expected behavior
What should happen is a report should be returned with the categorization of the domain such as "Safe", "Suspicious", or "Malicious".

Complementary information
Screenshot of error message received after running analyzer on "www.amazon.com"

Work environment

• Client OS: Docker
• Server OS: Ubuntu 16.04
• Browse type and version: Chrome
• Cortex version: 3.0.0-1
• Cortex Analyzer/Responder name: Investigate
• Cortex Analyzer/Responder version: 1.0

Possible solutions
It almost seems that since this analyzer was written, the API for Investigate has changed and the new analyzer doesn't work with it.

[jaredstewart101]

I just saw that this bug was fixed in Cortex 2.5 I believe. The docker image for Cortex 3.0.0 needs to be updated with the fix. I removed the following code from the investigate_analyzer.py file and it works now:
else: self.error('Unknown Investigate service or invalid data type')

That was mentioned in this commit: 19164d7

[garanews]

Fixed in 2.6.0 with #718

[jeromeleonard]

@jaredstewart101 finally we reverted the version bump. I tested on the version fixed with Cortex-Analyzers 2.5.0 and docker image and it works very well.