Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stopforumspam analyzer #253

Closed
wants to merge 16 commits into from
Closed

Stopforumspam analyzer #253

wants to merge 16 commits into from

Conversation

srilumpa
Copy link
Contributor

Hi,
Here is an analyzer to cross data from the StopForumSpam API (http://stopforumspam.com/). This relates to the issue #205.

I have tested it in CLI but I was not able to test its execution through Cortex nor to test the report in TheHive. Hopefully everything should work. Also, I started working on it based on Cortex 1.1.4 but I should have adapted it to Cortex2 requirements.

Don't hesitate to notify me if you see something that is not to your liking.

srilumpa added 16 commits March 14, 2018 09:18
@srilumpa
Copy link
Contributor Author

Also, some tests that I have done:

$ ./stopforumspam_analyzer.py <<< '{"data":"[email protected]", "dataType":"mail"}'

{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "info",
        "namespace": "SFS",
        "predicate": "mail",
        "value": "Not found"
      }
    ]
  },
  "artifacts": [],
  "full": {
    "frequency": 0,
    "appears": false
  }
}

$ ./stopforumspam_analyzer.py <<< '{"data":"<some_spammer_email>", "dataType":"mail"}'

{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "malicious",
        "namespace": "SFS",
        "predicate": "mail",
        "value": 99.96
      }
    ]
  },
  "artifacts": [],
  "full": {
    "lastseen": 1527238999,
    "frequency": 12474,
    "appears": true,
    "confidence": 99.96
  }
}

./stopforumspam_analyzer.py <<< '{"data":"<some_spammer_ip>", "dataType":"ip"}'

{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "malicious",
        "namespace": "SFS",
        "predicate": "ip",
        "value": 99.99
      }
    ]
  },
  "artifacts": [],
  "full": {
    "lastseen": 1527239119,
    "frequency": 65535,
    "appears": true,
    "confidence": 99.99,
    "delegated": "ua",
    "country": "ua",
    "asn": 15895
  }
}

./stopforumspam_analyzer.py <<< '{"data":"1.1.1.1", "dataType":"ip"}'

{
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "level": "info",
        "namespace": "SFS",
        "predicate": "ip",
        "value": "Not found"
      }
    ]
  },
  "artifacts": [],
  "full": {
    "frequency": 0,
    "appears": false,
    "country": "au",
    "asn": 13335
  }
}

@3c7 3c7 added category:enhancement Issue is related to an existing feature to improve scope:analyzer Issue is analyzer related status:needs-review labels May 25, 2018
@3c7 3c7 added this to the 1.10.0 milestone May 29, 2018
@3c7
Copy link
Contributor

3c7 commented May 29, 2018

This is merged in release/1.10.0 and gets closed automatically when merged into develop. Thanks for your contribution!

@3c7 3c7 closed this Jun 4, 2018
@srilumpa srilumpa deleted the stopforumspam branch July 5, 2018 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
category:enhancement Issue is related to an existing feature to improve scope:analyzer Issue is analyzer related status:merged
Projects
None yet
Milestone
1.10.0
Development

Successfully merging this pull request may close these issues.
2 participants
@srilumpa @3c7