TheHive-Project · nusantara-self · Oct 16, 2024 · Feb 19, 2023 · Oct 16, 2024
diff --git a/responders/Telegram/README.md b/responders/Telegram/README.md
@@ -0,0 +1,15 @@
+### Telegram responder
+
+##### Data required for the work of the responder
+
+* **api_token**
+How to create a telegram bot and get API token [read here](https://flowxo.com/how-to-create-a-bot-for-telegram-short-and-simple-guide-for-beginners/)
+
+* **chat_id**
+How to get a group or channal chat ID [read here](https://stackoverflow.com/questions/32423837/telegram-bot-how-to-get-a-group-chat-id)
+
+* **date_format**
+Make the date and time format convenient for you or use the default. About date and time code formats [here](https://www.geeksforgeeks.org/python-datetime-strptime-function/) 
+
+* **tag**
+If you want a tag to be attached to the case when executing the responder, specify its name (optional)
diff --git a/responders/Telegram/Telegram.json b/responders/Telegram/Telegram.json
@@ -0,0 +1,46 @@
+{
+  "name": "Telegram",
+  "version": "1.0",
+  "author": "Alex Kolnik, PS Cloud Services, @ps_kz",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Send a message to Telegram with information from TheHive case",
+  "dataTypeList": ["thehive:case"],
+  "command": "Telegram/telegram.py",
+  "baseConfig": "Telegram",
+  "configurationItems": [
+    {
+      "name": "api_token",
+      "description": "The token is a string, like 110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw, which is required to authorize the bot and send requests to the Bot API",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "chat_id",
+      "description": "ID of the chat or channel to which the message will be sent",
+      "type": "number",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "date_format",
+      "description": "https://www.geeksforgeeks.org/python-datetime-strptime-function/",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "%d.%m.%Y %H:%M"
+    },
+    {
+      "name": "tag",
+      "description": "Tag name to be assigned to the case",
+      "type": "string",
+      "multi": false,
+      "required": false
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": false,
+  "free_subscription": true,
+  "service_homepage": "https://www.telegram.org"
+}
diff --git a/responders/Telegram/requirements.txt b/responders/Telegram/requirements.txt
@@ -0,0 +1 @@
+cortexutils
diff --git a/responders/Telegram/telegram.py b/responders/Telegram/telegram.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+# encoding: utf-8
+
+import json
+import requests
+from datetime import datetime
+from cortexutils.responder import Responder
+
+
+class Telegram(Responder):
+
+    def __init__(self):
+        Responder.__init__(self)
+        self.api_token = self.get_param(
+            "config.api_token", None, "Missing Telegram bot API token")
+        self.chat_id = self.get_param(
+            "config.chat_id", None, "Missing Telegram Chat ID")
+        self.date_format = self.get_param(
+            "config.date_format", "%d.%m.%Y %H:%M")
+        self.tag = self.get_param("config.tag", None)
+
+    def run(self):
+        Responder.run(self)
+
+        # converting TheHive severities to readable
+        severities = {
+            1: 'Low',
+            2: 'Medium',
+            3: 'High',
+            4: 'Critical'
+        }
+
+        caseId = self.get_param("data.caseId")
+        title = self.get_param("data.title")
+        severity = severities[self.get_param("data.severity", 2)]
+        owner = self.get_param("data.owner")
+        description = self.get_param("data.description")
+
+        startDate_datetime = datetime.fromtimestamp(
+            self.get_param("data.startDate", 0) / 1000)
+        startDate_formated = startDate_datetime.strftime(self.date_format)
+
+        # markdown syntax in TheHive is different from Telegram
+        description = description.replace("**", "*")
+        description = description.replace("\n\n", "\n")
+
+        msg_content = f'#Case{caseId}\n'
+        msg_content += f'*{title}*\n\n'
+        msg_content += f'*Severity*: {severity}\n'
+        msg_content += f'*Assignee*: {owner}\n'
+        msg_content += f'*Date*: {startDate_formated}\n\n'
+        msg_content += f'*Description*:\n{description}'
+
+        msg_data = {}
+        msg_data['chat_id'] = self.chat_id
+        msg_data['text'] = msg_content
+        msg_data['parse_mode'] = 'markdown'
+        message = json.dumps(msg_data)
+
+        hook_url = f'https://api.telegram.org/bot{self.api_token}/sendMessage'
+        headers = {'content-type': 'application/json',
+                   'Accept-Charset': 'UTF-8'}
+        resp_code = requests.post(hook_url, headers=headers, data=message)
+
+        self.report({"message": f"{resp_code.text}"})
+
+    def operations(self, raw):
+        if self.tag:
+            return [self.build_operation("AddTagToCase", tag=self.tag)]
+
+
+if __name__ == "__main__":
+    Telegram().run()