Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PayloadSecurity Analyzer #122

Merged
merged 1 commit into from
Jan 9, 2018
Merged

PayloadSecurity Analyzer #122

merged 1 commit into from
Jan 9, 2018

Conversation

typonino
Copy link
Contributor

Hello,

I have created a Payload Security Sandbox Cortex analyzer.
It has been tested on private instance, but should be working on private cloud also.

It allows to submit file or URL from Cortex for sandbox analysis.

Also add report template for thehive integration.

Regards

This was referenced Oct 26, 2017
Closed
Closed
@saadkadhi saadkadhi added scope:analyzer Issue is analyzer related category:feature-request Issue is related to a feature request status:pr-submitted labels Dec 13, 2017
@jeromeleonard jeromeleonard self-requested a review December 22, 2017 16:42
@jeromeleonard
Copy link
Contributor

jeromeleonard commented Dec 27, 2017
edited
Loading

Hi,

Thank you for the PR. File submission works like a charm on my side, but cannot run URL submission without getting a {"error":"bad-url"} from Hybrid Analysis API. The server response is HTTP/200 and content is {"response_code":-1,"response":{"error":"bad-url"}}. Could you please have a look ?

Thx.

@typonino
Copy link
Contributor Author

typonino commented Jan 3, 2018

Hi jeromeleonard ,

Can you share the URL you have tested. Have you done a test directly through PayloadSecurity to compare? I have noticed also issues with a few URL but it seems to be more on PayloadSecurity side.

Regards,

@jeromeleonard
Copy link
Contributor

Hi, this one for example : hxxp://165[.]227[.]215[.]25/xmrig-aeon[.]exe . I did not test directly on PayloadSecurity as there is already a report for that URL. (hxxps://www[.]hybrid-analysis[.]com/sample/348c7dd59ea1b4e88585863dd788621f1101202d32df67eb0015761d25946420?environmentId=120)

@typonino
Copy link
Contributor Author

typonino commented Jan 5, 2018

Hi Jerome,

I have tested on premise payload security and it's works as expected. I think it's because on hybrid-analysis you can only submit file when you are using the free service.

@jeromeleonard jeromeleonard added this to the 1.8.0 milestone Jan 9, 2018
@jeromeleonard jeromeleonard merged commit e07f7e6 into TheHive-Project:develop Jan 9, 2018
jeromeleonard added a commit that referenced this pull request Jan 9, 2018
@jeromeleonard
#122 move report templates to their own folder
d939e33
@jeromeleonard
Copy link
Contributor

Thank you @typonino, indeed it sounds related the the type of service level used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeromeleonard jeromeleonard Awaiting requested review from jeromeleonard

Assignees
No one assigned
Labels
category:feature-request Issue is related to a feature request scope:analyzer Issue is analyzer related scope:question status:pr-submitted status:under-review
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@typonino @jeromeleonard @saadkadhi