From d635ce34b184e93a2e058e14c10750e110333d19 Mon Sep 17 00:00:00 2001
From: 9b <brandon@9bplus.com>
Date: Fri, 8 Feb 2019 18:57:53 -0500
Subject: [PATCH 1/4] Working copy of Backscatter.io analyzer

---
 .../BackscatterIO_Enrichment.json             |  26 +++++
 .../BackscatterIO_GetObservations.json        |  26 +++++
 analyzers/BackscatterIO/backscatter-io.py     | 105 ++++++++++++++++++
 analyzers/BackscatterIO/requirements.txt      |   2 +
 .../BackscatterIO_Enrichment_1_0/long.html    |  21 ++++
 .../BackscatterIO_Enrichment_1_0/short.html   |   3 +
 .../long.html                                 |  62 +++++++++++
 .../short.html                                |   3 +
 8 files changed, 248 insertions(+)
 create mode 100644 analyzers/BackscatterIO/BackscatterIO_Enrichment.json
 create mode 100644 analyzers/BackscatterIO/BackscatterIO_GetObservations.json
 create mode 100644 analyzers/BackscatterIO/backscatter-io.py
 create mode 100644 analyzers/BackscatterIO/requirements.txt
 create mode 100644 thehive-templates/BackscatterIO_Enrichment_1_0/long.html
 create mode 100644 thehive-templates/BackscatterIO_Enrichment_1_0/short.html
 create mode 100644 thehive-templates/BackscatterIO_GetObservations_1_0/long.html
 create mode 100644 thehive-templates/BackscatterIO_GetObservations_1_0/short.html

diff --git a/analyzers/BackscatterIO/BackscatterIO_Enrichment.json b/analyzers/BackscatterIO/BackscatterIO_Enrichment.json
new file mode 100644
index 000000000..b64fb5501
--- /dev/null
+++ b/analyzers/BackscatterIO/BackscatterIO_Enrichment.json
@@ -0,0 +1,26 @@
+{
+    "name": "BackscatterIO_Enrichment",
+    "version": "1.0",
+    "author": "brandon@backscatter.io",
+    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+    "license": "APLv2",
+    "description": "Enrich values using Backscatter.io data.",
+    "dataTypeList": ["ip", "network", "autonomous-system", "port"],
+    "baseConfig": "BackscatterIO",
+    "command": "BackscatterIO/backscatter-io.py",
+    "configurationItems": [
+      {
+        "name": "key",
+        "description": "API key for Backscatter.io",
+        "type": "string",
+        "multi": false,
+        "required": true
+      }
+    ],
+    "config": {
+        "check_tlp": true,
+        "max_tlp": 2,
+        "auto_extract": true,
+        "service": "enrichment"
+    }
+}
\ No newline at end of file
diff --git a/analyzers/BackscatterIO/BackscatterIO_GetObservations.json b/analyzers/BackscatterIO/BackscatterIO_GetObservations.json
new file mode 100644
index 000000000..c8442c324
--- /dev/null
+++ b/analyzers/BackscatterIO/BackscatterIO_GetObservations.json
@@ -0,0 +1,26 @@
+{
+    "name": "BackscatterIO_GetObservations",
+    "version": "1.0",
+    "author": "brandon@backscatter.io",
+    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+    "license": "APLv2",
+    "description": "Determine whether a value has known scanning activity using Backscatter.io data.",
+    "dataTypeList": ["ip", "network", "autonomous-system"],
+    "baseConfig": "BackscatterIO",
+    "command": "BackscatterIO/backscatter-io.py",
+    "configurationItems": [
+      {
+        "name": "key",
+        "description": "API key for Backscatter.io",
+        "type": "string",
+        "multi": false,
+        "required": true
+      }
+    ],
+    "config": {
+        "check_tlp": true,
+        "max_tlp": 2,
+        "auto_extract": true,
+        "service": "observations"
+    }
+}
\ No newline at end of file
diff --git a/analyzers/BackscatterIO/backscatter-io.py b/analyzers/BackscatterIO/backscatter-io.py
new file mode 100644
index 000000000..7a2520488
--- /dev/null
+++ b/analyzers/BackscatterIO/backscatter-io.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+from backscatter import Backscatter
+from collections import defaultdict, OrderedDict
+from cortexutils.analyzer import Analyzer
+
+
+class BackscatterAnalyzer(Analyzer):
+
+    """
+    Backscatter.io API docs: https://backscatter.io/developers
+    """
+
+    def __init__(self):
+        """Setup the Backscatter object."""
+        Analyzer.__init__(self)
+        self.api_key = self.get_param('config.key', None, 'No Backscatter.io API key provided.')
+        self.proxies = {
+            "https" : self.get_param("config.proxy_https"),
+            "http" : self.get_param("config.proxy_http")
+        }
+        kwargs = {'api_key': self.api_key, 'headers': {'X-Integration': 'TheHive'}}
+        if self.proxies['https'] or self.proxies['http']:
+            kwargs.update({'proxies': self._proxies})
+        self.bs = Backscatter(**kwargs)
+        self.service = self.get_param('config.service', None, 'Backscatter service is missing')
+
+    def run(self):
+        """Run the process to get observation data from Backscatter.io."""
+        kwargs = {'query': self.get_data()}
+        if self.data_type == "ip":
+            kwargs.update({'query_type': 'ip'})
+        elif self.data_type == "network":
+            kwargs.update({'query_type': 'network'})
+        elif self.data_type == 'autonomous-system':
+            kwargs.update({'query_type': 'asn'})
+        elif self.data_type == 'port':
+            kwargs.update({'query_type': 'port'})
+        else:
+            self.notSupported()
+            return False
+
+        if self.service == 'observations':
+            response = self.bs.get_observations(**kwargs)
+            self.report(response)
+        elif self.service == 'enrichment':
+            response = self.bs.enrich(**kwargs)
+            self.report(response)
+        else:
+            self.report({'error': 'Invalid service defined.'})
+
+    def summary(self, raw):
+        """Use the Backscatter.io summary data to create a view."""
+        try:
+            taxonomies = list()
+            level = 'info'
+            namespace = 'Backscatter.io'
+
+            if self.service == 'observations':
+                summary = raw.get('results', dict()).get('summary', dict())
+                taxonomies = taxonomies + [
+                    self.build_taxonomy(level, namespace, 'Observations', str(summary.get('observations_count', 0))),
+                    self.build_taxonomy(level, namespace, 'IP Addresses', str(summary.get('ip_address_count', 0))),
+                    self.build_taxonomy(level, namespace, 'Networks', str(summary.get('network_count', 0))),
+                    self.build_taxonomy(level, namespace, 'AS', str(summary.get('autonomous_system_count', 0))),
+                    self.build_taxonomy(level, namespace, 'Ports', str(summary.get('port_count', 0))),
+                    self.build_taxonomy(level, namespace, 'Protocols', str(summary.get('protocol_count', 0)))
+                ]
+            elif self.service == 'enrichment':
+                summary = raw.get('results', dict())
+                if self.data_type == 'ip':
+                    taxonomies = taxonomies + [
+                        self.build_taxonomy(level, namespace, 'Network', summary.get('network')),
+                        self.build_taxonomy(level, namespace, 'Network Broadcast', summary.get('network_broadcast')),
+                        self.build_taxonomy(level, namespace, 'Network Size', summary.get('network_size')),
+                        self.build_taxonomy(level, namespace, 'Country', summary.get('country_name')),
+                        self.build_taxonomy(level, namespace, 'AS Number', summary.get('as_num')),
+                        self.build_taxonomy(level, namespace, 'AS Name', summary.get('as_name')),
+                    ]
+                elif self.data_type == 'network':
+                    taxonomies = taxonomies + [
+                        self.build_taxonomy(level, namespace, 'Network Size', summary.get('network_size'))
+                    ]
+                elif self.data_type == 'autonomous-system':
+                    taxonomies = taxonomies + [
+                        self.build_taxonomy(level, namespace, 'Prefix Count', summary.get('prefix_count')),
+                        self.build_taxonomy(level, namespace, 'AS Number', summary.get('as_num')),
+                        self.build_taxonomy(level, namespace, 'AS Name', summary.get('as_name'))
+                    ]
+                elif self.data_type == 'port':
+                    for result in raw.get('results', list()):
+                        display = "%s (%s)" % (result.get('service'), result.get('protocol'))
+                        taxonomies.append(self.build_taxonomy(level, namespace, 'Service', display))
+                else:
+                    pass
+            else:
+                pass
+            return {"taxonomies": taxonomies}
+
+        except Exception as e:
+            self.error('Summary failed\n{}'.format(e.message))
+
+
+if __name__ == '__main__':
+    BackscatterAnalyzer().run()
diff --git a/analyzers/BackscatterIO/requirements.txt b/analyzers/BackscatterIO/requirements.txt
new file mode 100644
index 000000000..34eae7d8c
--- /dev/null
+++ b/analyzers/BackscatterIO/requirements.txt
@@ -0,0 +1,2 @@
+cortexutils
+backscatter
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_Enrichment_1_0/long.html b/thehive-templates/BackscatterIO_Enrichment_1_0/long.html
new file mode 100644
index 000000000..ff84a794e
--- /dev/null
+++ b/thehive-templates/BackscatterIO_Enrichment_1_0/long.html
@@ -0,0 +1,21 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        Backscatter.io results for <strong>{{artifact.data}}</strong>
+    </div>
+    <div class="panel-body">
+        <div ng-repeat="(k,v) in content.results">
+            <span><strong>{{k}}:</strong> {{v}}</spam>
+        </div>
+        <p ng-if="!content.results">No records found for {{artifact.data}}.</p>
+    </div>
+</div>
+
+<!-- General error -->
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_Enrichment_1_0/short.html b/thehive-templates/BackscatterIO_Enrichment_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/BackscatterIO_Enrichment_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>
diff --git a/thehive-templates/BackscatterIO_GetObservations_1_0/long.html b/thehive-templates/BackscatterIO_GetObservations_1_0/long.html
new file mode 100644
index 000000000..edd21c04a
--- /dev/null
+++ b/thehive-templates/BackscatterIO_GetObservations_1_0/long.html
@@ -0,0 +1,62 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        Backscatter.io results for <strong>{{artifact.data}}</strong>
+    </div>
+    <div class="panel-body">
+        <table class="table" ng-if="content.results.summary">
+            <tbody>
+                <tr>
+                    <th>Observation Count</th>
+                    <td>{{content.results.summary['observations_count']}}</td>
+                </tr>
+                <tr>
+                    <th>IP Address Count</th>
+                    <td>{{content.results.summary['ip_address_count']}}</td>
+                </tr>
+                <tr>
+                    <th>Network Count</th>
+                    <td>{{content.results.summary['network_count']}}</td>
+                </tr>
+                <tr>
+                    <th>AS Count</th>
+                    <td>{{content.results.summary['autonomous_system_count']}}</td>
+                </tr>
+                <tr>
+                    <th>Port Count</th>
+                    <td>{{content.results.summary['port_count']}}</td>
+                </tr>
+                <tr>
+                    <th>Protocol Count</th>
+                    <td>{{content.results.summary['protocol_count']}}</td>
+                </tr>
+            </tbody>
+        </table>
+        <table class="table" ng-if="content.results.observations">
+            <thead>
+                <th>Observed</th>
+                <th>Protocol</th>
+                <th>Destination Port</th>
+                <th>Length</th>
+            </thead>
+            <tbody ng-repeat="record in content.results.observations">
+                <tr>
+                    <td>{{record['observed']}}</td>
+                    <td>{{record['protocol']}}</td>
+                    <td>{{record['dst_port']}}</td>
+                    <td>{{record['length']}}</td>
+                </tr>
+            </tbody>
+        </table>
+        <p ng-if="!content.results.observations">No records found for {{artifact.data}}.</p>
+    </div>
+</div>
+
+<!-- General error -->
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_GetObservations_1_0/short.html b/thehive-templates/BackscatterIO_GetObservations_1_0/short.html
new file mode 100644
index 000000000..5fc0dabfb
--- /dev/null
+++ b/thehive-templates/BackscatterIO_GetObservations_1_0/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>

From bc576618e9d1a0bb9568594efb18e16f4c545137 Mon Sep 17 00:00:00 2001
From: 9b <brandon@9bplus.com>
Date: Fri, 14 Jun 2019 10:50:34 +0100
Subject: [PATCH 2/4] Updates to the PassiveTotal Analyzer

---
 .../PassiveTotal/PassiveTotal_Components.json | 31 +++++++++
 .../PassiveTotal/PassiveTotal_Enrichment.json |  3 +-
 .../PassiveTotal/PassiveTotal_Host_Pairs.json | 31 +++++++++
 .../PassiveTotal/PassiveTotal_Malware.json    |  3 +-
 .../PassiveTotal/PassiveTotal_Osint.json      |  3 +-
 .../PassiveTotal_Passive_Dns.json             |  3 +-
 .../PassiveTotal_Ssl_Certificate_Details.json |  3 +-
 .../PassiveTotal_Ssl_Certificate_History.json |  3 +-
 .../PassiveTotal/PassiveTotal_Trackers.json   | 31 +++++++++
 .../PassiveTotal_Unique_Resolutions.json      |  3 +-
 .../PassiveTotal_Whois_Details.json           |  3 +-
 .../PassiveTotal/passivetotal_analyzer.py     | 67 +++++++++++++++++++
 .../PassiveTotal_Components_2_0/long.html     | 66 ++++++++++++++++++
 .../PassiveTotal_Host_Pairs_2_0/long.html     | 64 ++++++++++++++++++
 .../PassiveTotal_Trackers_2_0/long.html       | 64 ++++++++++++++++++
 15 files changed, 370 insertions(+), 8 deletions(-)
 create mode 100644 analyzers/PassiveTotal/PassiveTotal_Components.json
 create mode 100644 analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
 create mode 100644 analyzers/PassiveTotal/PassiveTotal_Trackers.json
 create mode 100644 thehive-templates/PassiveTotal_Components_2_0/long.html
 create mode 100644 thehive-templates/PassiveTotal_Host_Pairs_2_0/long.html
 create mode 100644 thehive-templates/PassiveTotal_Trackers_2_0/long.html

diff --git a/analyzers/PassiveTotal/PassiveTotal_Components.json b/analyzers/PassiveTotal/PassiveTotal_Components.json
new file mode 100644
index 000000000..6b628c685
--- /dev/null
+++ b/analyzers/PassiveTotal/PassiveTotal_Components.json
@@ -0,0 +1,31 @@
+{
+  "name": "PassiveTotal_Components",
+  "version": "2.0",
+  "author": "CERT-BDF",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "PassiveTotal Components Lookup.",
+  "dataTypeList": ["domain", "fqdn", "ip"],
+  "command": "PassiveTotal/passivetotal_analyzer.py",
+  "baseConfig": "PassiveTotal",
+  "config": {
+    "service": "components",
+    "auto_extract": true
+  },
+  "configurationItems": [
+    {
+      "name": "username",
+      "description": "Define the username of the account used to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/PassiveTotal/PassiveTotal_Enrichment.json b/analyzers/PassiveTotal/PassiveTotal_Enrichment.json
index 50554f195..1aab9223f 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Enrichment.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Enrichment.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "enrichment"
+    "service": "enrichment",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json b/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
new file mode 100644
index 000000000..ed392f526
--- /dev/null
+++ b/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
@@ -0,0 +1,31 @@
+{
+  "name": "PassiveTotal_Host_Pairs",
+  "version": "2.0",
+  "author": "CERT-BDF",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "PassiveTotal Host Pairs Lookup.",
+  "dataTypeList": ["domain", "fqdn", "ip"],
+  "command": "PassiveTotal/passivetotal_analyzer.py",
+  "baseConfig": "PassiveTotal",
+  "config": {
+    "service": "host_pairs",
+    "auto_extract": true
+  },
+  "configurationItems": [
+    {
+      "name": "username",
+      "description": "Define the username of the account used to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/PassiveTotal/PassiveTotal_Malware.json b/analyzers/PassiveTotal/PassiveTotal_Malware.json
index a2d3d144c..cdf502e3d 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Malware.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Malware.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "malware"
+    "service": "malware",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Osint.json b/analyzers/PassiveTotal/PassiveTotal_Osint.json
index 92a6c552e..98e8dc5c5 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Osint.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Osint.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "osint"
+    "service": "osint",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json b/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json
index a3135541d..872343b9a 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Passive_Dns.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "passive_dns"
+    "service": "passive_dns",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json
index 1f4dff33d..0bb26c0a0 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_Details.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "ssl_certificate_details"
+    "service": "ssl_certificate_details",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json
index 9fcbe96dd..8ef92ff11 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Ssl_Certificate_History.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "ssl_certificate_history"
+    "service": "ssl_certificate_history",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Trackers.json b/analyzers/PassiveTotal/PassiveTotal_Trackers.json
new file mode 100644
index 000000000..3fe0ac863
--- /dev/null
+++ b/analyzers/PassiveTotal/PassiveTotal_Trackers.json
@@ -0,0 +1,31 @@
+{
+  "name": "PassiveTotal_Trackers",
+  "version": "2.0",
+  "author": "CERT-BDF",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "PassiveTotal Trackers Lookup.",
+  "dataTypeList": ["domain", "fqdn", "ip"],
+  "command": "PassiveTotal/passivetotal_analyzer.py",
+  "baseConfig": "PassiveTotal",
+  "config": {
+    "service": "trackers",
+    "auto_extract": true
+  },
+  "configurationItems": [
+    {
+      "name": "username",
+      "description": "Define the username of the account used to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}
diff --git a/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json b/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json
index 531447785..e013017a2 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Unique_Resolutions.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-    "service": "unique_resolutions"
+    "service": "unique_resolutions",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json b/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json
index 05b33fff8..33177c98d 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Whois_Details.json
@@ -9,7 +9,8 @@
   "command": "PassiveTotal/passivetotal_analyzer.py",
   "baseConfig": "PassiveTotal",
   "config": {
-      "service": "whois_details"
+      "service": "whois_details",
+    "auto_extract": true
   },
   "configurationItems": [
     {
diff --git a/analyzers/PassiveTotal/passivetotal_analyzer.py b/analyzers/PassiveTotal/passivetotal_analyzer.py
index 985da4aaa..8db781bb9 100755
--- a/analyzers/PassiveTotal/passivetotal_analyzer.py
+++ b/analyzers/PassiveTotal/passivetotal_analyzer.py
@@ -7,6 +7,7 @@
 from passivetotal.libs.enrichment import EnrichmentRequest
 from passivetotal.libs.ssl import SslRequest
 from passivetotal.libs.whois import WhoisRequest
+from passivetotal.libs.host_attributes import HostAttributeRequest
 
 
 class PassiveTotalAnalyzer(Analyzer):
@@ -98,6 +99,51 @@ def summary(self, raw):
                 value = "REGISTRAR: {}".format(result['registrar'])
                 taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
 
+        # component service
+        elif self.service == 'component':
+            predicate = "WebComponent"
+            if 'totalRecords' in raw and raw['totalRecords']:
+                result['total'] = raw['totalRecords']
+            else:
+                result['total'] = 0
+
+            if result['total'] < 2:
+                value = "{} record".format(result['total'])
+            else:
+                value = "{} records".format(result['total'])
+
+            taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
+
+        # tracker service
+        elif self.service == 'trackers':
+            predicate = "Tracker"
+            if 'totalRecords' in raw and raw['totalRecords']:
+                result['total'] = raw['totalRecords']
+            else:
+                result['total'] = 0
+
+            if result['total'] < 2:
+                value = "{} record".format(result['total'])
+            else:
+                value = "{} records".format(result['total'])
+
+            taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
+
+        # host pair service
+        elif self.service == 'host_pairs':
+            predicate = "HostPairs"
+            if 'totalRecords' in raw and raw['totalRecords']:
+                result['total'] = raw['totalRecords']
+            else:
+                result['total'] = 0
+
+            if result['total'] < 2:
+                value = "{} record".format(result['total'])
+            else:
+                value = "{} records".format(result['total'])
+
+            taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
+
         return {"taxonomies": taxonomies}
 
     def run(self):
@@ -152,6 +198,27 @@ def run(self):
                 result = whois_request.get_whois_details(query=data)
                 self.report(result)
 
+            # components service
+            elif self.service == 'components':
+                host_attr_request = HostAttributeRequest(username=self.username, api_key=self.api_key)
+                result = host_attr_request.get_components(query=data)
+                self.report(result)
+
+            # trackers service
+            elif self.service == 'trackers':
+                host_attr_request = HostAttributeRequest(username=self.username, api_key=self.api_key)
+                result = host_attr_request.get_trackers(query=data)
+                self.report(result)
+
+            # host pairs service
+            elif self.service == 'host_pairs':
+                host_attr_request = HostAttributeRequest(username=self.username, api_key=self.api_key)
+                result = host_attr_request.get_host_pairs(query=data, direction='parents')
+                children = host_attr_request.get_host_pairs(query=data, direction='children')
+                result['totalRecords'] += children['totalRecords']
+                result['results'] = result['results'] + children['results']
+                self.report(result)
+
             else:
                 self.error('Unknown PassiveTotal service')
 
diff --git a/thehive-templates/PassiveTotal_Components_2_0/long.html b/thehive-templates/PassiveTotal_Components_2_0/long.html
new file mode 100644
index 000000000..bb15bc884
--- /dev/null
+++ b/thehive-templates/PassiveTotal_Components_2_0/long.html
@@ -0,0 +1,66 @@
+<div class="report-PT" ng-if="success">
+    <style>
+        .report-PT dl {
+            margin-bottom: 2px;
+        }
+    </style>
+
+
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>PassiveTotal Components Report</strong>
+        </div>
+        <div class="panel-body">
+            <div ng-if="content.result.length === 0">
+                No records found
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Summary Information
+                </div>
+                <div class="panel-body">
+                    <dl class="dl-horizontal">
+                        <dt>Total Records:</dt>
+                        <dd>{{content.totalRecords}}</dd>
+                    </dl>
+                </div>
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Records
+                </div>
+                <div class="panel-body">
+                    <table class="table table-hover" ng-if="content.results.length > 0">
+                        <tr>
+                            <th>Source</th>
+                            <th>Category</th>
+                            <th>Label</th>
+                            <th>Version</th>
+                            <th>First seen</th>
+                            <th>Last seen</th>
+                        </tr>
+                        <tr ng-repeat="c in content.results | orderBy:'-firstSeen'">
+                            <td>{{c.hostname || 'None'}}</td>
+                            <td>{{c.category || 'None'}}</td>
+                            <td>{{c.label || 'None'}}</td>
+                            <td>{{c.version || 'None'}}</td>
+                            <td>{{c.firstSeen || 'None'}}</td>
+                            <td>{{c.lastSeen || 'None'}}</td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
+
+        </div>
+    </div>
+
+</div>
+
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
diff --git a/thehive-templates/PassiveTotal_Host_Pairs_2_0/long.html b/thehive-templates/PassiveTotal_Host_Pairs_2_0/long.html
new file mode 100644
index 000000000..46367b989
--- /dev/null
+++ b/thehive-templates/PassiveTotal_Host_Pairs_2_0/long.html
@@ -0,0 +1,64 @@
+<div class="report-PT" ng-if="success">
+    <style>
+        .report-PT dl {
+            margin-bottom: 2px;
+        }
+    </style>
+
+
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>PassiveTotal Host Pairs Report</strong>
+        </div>
+        <div class="panel-body">
+            <div ng-if="content.result.length === 0">
+                No records found
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Summary Information
+                </div>
+                <div class="panel-body">
+                    <dl class="dl-horizontal">
+                        <dt>Total Records:</dt>
+                        <dd>{{content.totalRecords}}</dd>
+                    </dl>
+                </div>
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Records
+                </div>
+                <div class="panel-body">
+                    <table class="table table-hover" ng-if="content.results.length > 0">
+                        <tr>
+                            <th>Parent</th>
+                            <th>Child</th>
+                            <th>Cause</th>
+                            <th>First seen</th>
+                            <th>Last seen</th>
+                        </tr>
+                        <tr ng-repeat="c in content.results | orderBy:'-firstSeen'">
+                            <td>{{c.parent || 'None'}}</td>
+                            <td>{{c.child || 'None'}}</td>
+                            <td>{{c.cause || 'None'}}</td>
+                            <td>{{c.firstSeen || 'None'}}</td>
+                            <td>{{c.lastSeen || 'None'}}</td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
+
+        </div>
+    </div>
+
+</div>
+
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
diff --git a/thehive-templates/PassiveTotal_Trackers_2_0/long.html b/thehive-templates/PassiveTotal_Trackers_2_0/long.html
new file mode 100644
index 000000000..2e2245a5d
--- /dev/null
+++ b/thehive-templates/PassiveTotal_Trackers_2_0/long.html
@@ -0,0 +1,64 @@
+<div class="report-PT" ng-if="success">
+    <style>
+        .report-PT dl {
+            margin-bottom: 2px;
+        }
+    </style>
+
+
+    <div class="panel panel-info">
+        <div class="panel-heading">
+            <strong>PassiveTotal Trackers Report</strong>
+        </div>
+        <div class="panel-body">
+            <div ng-if="content.result.length === 0">
+                No records found
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Summary Information
+                </div>
+                <div class="panel-body">
+                    <dl class="dl-horizontal">
+                        <dt>Total Records:</dt>
+                        <dd>{{content.totalRecords}}</dd>
+                    </dl>
+                </div>
+            </div>
+            <div ng-if="content.result.length !== 0" class="panel panel-default">
+                <div class="panel-heading">
+                    Records
+                </div>
+                <div class="panel-body">
+                    <table class="table table-hover" ng-if="content.results.length > 0">
+                        <tr>
+                            <th>Source</th>
+                            <th>Type</th>
+                            <th>Value</th>
+                            <th>First seen</th>
+                            <th>Last seen</th>
+                        </tr>
+                        <tr ng-repeat="c in content.results | orderBy:'-firstSeen'">
+                            <td>{{c.hostname || 'None'}}</td>
+                            <td>{{c.attributeType || 'None'}}</td>
+                            <td>{{c.attributeValue || 'None'}}</td>
+                            <td>{{c.firstSeen || 'None'}}</td>
+                            <td>{{c.lastSeen || 'None'}}</td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
+
+        </div>
+    </div>
+
+</div>
+
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>

From 6c1504abdd582b59650e73d99de7660d6a54b1c5 Mon Sep 17 00:00:00 2001
From: 9b <brandon@9bplus.com>
Date: Fri, 14 Jun 2019 10:53:31 +0100
Subject: [PATCH 3/4] Remove Backscatter off the branch

---
 .../BackscatterIO_Enrichment.json             |  26 -----
 .../BackscatterIO_GetObservations.json        |  26 -----
 analyzers/BackscatterIO/backscatter-io.py     | 105 ------------------
 analyzers/BackscatterIO/requirements.txt      |   2 -
 .../BackscatterIO_Enrichment_1_0/long.html    |  21 ----
 .../BackscatterIO_Enrichment_1_0/short.html   |   3 -
 .../long.html                                 |  62 -----------
 .../short.html                                |   3 -
 8 files changed, 248 deletions(-)
 delete mode 100644 analyzers/BackscatterIO/BackscatterIO_Enrichment.json
 delete mode 100644 analyzers/BackscatterIO/BackscatterIO_GetObservations.json
 delete mode 100644 analyzers/BackscatterIO/backscatter-io.py
 delete mode 100644 analyzers/BackscatterIO/requirements.txt
 delete mode 100644 thehive-templates/BackscatterIO_Enrichment_1_0/long.html
 delete mode 100644 thehive-templates/BackscatterIO_Enrichment_1_0/short.html
 delete mode 100644 thehive-templates/BackscatterIO_GetObservations_1_0/long.html
 delete mode 100644 thehive-templates/BackscatterIO_GetObservations_1_0/short.html

diff --git a/analyzers/BackscatterIO/BackscatterIO_Enrichment.json b/analyzers/BackscatterIO/BackscatterIO_Enrichment.json
deleted file mode 100644
index b64fb5501..000000000
--- a/analyzers/BackscatterIO/BackscatterIO_Enrichment.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "name": "BackscatterIO_Enrichment",
-    "version": "1.0",
-    "author": "brandon@backscatter.io",
-    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
-    "license": "APLv2",
-    "description": "Enrich values using Backscatter.io data.",
-    "dataTypeList": ["ip", "network", "autonomous-system", "port"],
-    "baseConfig": "BackscatterIO",
-    "command": "BackscatterIO/backscatter-io.py",
-    "configurationItems": [
-      {
-        "name": "key",
-        "description": "API key for Backscatter.io",
-        "type": "string",
-        "multi": false,
-        "required": true
-      }
-    ],
-    "config": {
-        "check_tlp": true,
-        "max_tlp": 2,
-        "auto_extract": true,
-        "service": "enrichment"
-    }
-}
\ No newline at end of file
diff --git a/analyzers/BackscatterIO/BackscatterIO_GetObservations.json b/analyzers/BackscatterIO/BackscatterIO_GetObservations.json
deleted file mode 100644
index c8442c324..000000000
--- a/analyzers/BackscatterIO/BackscatterIO_GetObservations.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "name": "BackscatterIO_GetObservations",
-    "version": "1.0",
-    "author": "brandon@backscatter.io",
-    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
-    "license": "APLv2",
-    "description": "Determine whether a value has known scanning activity using Backscatter.io data.",
-    "dataTypeList": ["ip", "network", "autonomous-system"],
-    "baseConfig": "BackscatterIO",
-    "command": "BackscatterIO/backscatter-io.py",
-    "configurationItems": [
-      {
-        "name": "key",
-        "description": "API key for Backscatter.io",
-        "type": "string",
-        "multi": false,
-        "required": true
-      }
-    ],
-    "config": {
-        "check_tlp": true,
-        "max_tlp": 2,
-        "auto_extract": true,
-        "service": "observations"
-    }
-}
\ No newline at end of file
diff --git a/analyzers/BackscatterIO/backscatter-io.py b/analyzers/BackscatterIO/backscatter-io.py
deleted file mode 100644
index 7a2520488..000000000
--- a/analyzers/BackscatterIO/backscatter-io.py
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-from backscatter import Backscatter
-from collections import defaultdict, OrderedDict
-from cortexutils.analyzer import Analyzer
-
-
-class BackscatterAnalyzer(Analyzer):
-
-    """
-    Backscatter.io API docs: https://backscatter.io/developers
-    """
-
-    def __init__(self):
-        """Setup the Backscatter object."""
-        Analyzer.__init__(self)
-        self.api_key = self.get_param('config.key', None, 'No Backscatter.io API key provided.')
-        self.proxies = {
-            "https" : self.get_param("config.proxy_https"),
-            "http" : self.get_param("config.proxy_http")
-        }
-        kwargs = {'api_key': self.api_key, 'headers': {'X-Integration': 'TheHive'}}
-        if self.proxies['https'] or self.proxies['http']:
-            kwargs.update({'proxies': self._proxies})
-        self.bs = Backscatter(**kwargs)
-        self.service = self.get_param('config.service', None, 'Backscatter service is missing')
-
-    def run(self):
-        """Run the process to get observation data from Backscatter.io."""
-        kwargs = {'query': self.get_data()}
-        if self.data_type == "ip":
-            kwargs.update({'query_type': 'ip'})
-        elif self.data_type == "network":
-            kwargs.update({'query_type': 'network'})
-        elif self.data_type == 'autonomous-system':
-            kwargs.update({'query_type': 'asn'})
-        elif self.data_type == 'port':
-            kwargs.update({'query_type': 'port'})
-        else:
-            self.notSupported()
-            return False
-
-        if self.service == 'observations':
-            response = self.bs.get_observations(**kwargs)
-            self.report(response)
-        elif self.service == 'enrichment':
-            response = self.bs.enrich(**kwargs)
-            self.report(response)
-        else:
-            self.report({'error': 'Invalid service defined.'})
-
-    def summary(self, raw):
-        """Use the Backscatter.io summary data to create a view."""
-        try:
-            taxonomies = list()
-            level = 'info'
-            namespace = 'Backscatter.io'
-
-            if self.service == 'observations':
-                summary = raw.get('results', dict()).get('summary', dict())
-                taxonomies = taxonomies + [
-                    self.build_taxonomy(level, namespace, 'Observations', str(summary.get('observations_count', 0))),
-                    self.build_taxonomy(level, namespace, 'IP Addresses', str(summary.get('ip_address_count', 0))),
-                    self.build_taxonomy(level, namespace, 'Networks', str(summary.get('network_count', 0))),
-                    self.build_taxonomy(level, namespace, 'AS', str(summary.get('autonomous_system_count', 0))),
-                    self.build_taxonomy(level, namespace, 'Ports', str(summary.get('port_count', 0))),
-                    self.build_taxonomy(level, namespace, 'Protocols', str(summary.get('protocol_count', 0)))
-                ]
-            elif self.service == 'enrichment':
-                summary = raw.get('results', dict())
-                if self.data_type == 'ip':
-                    taxonomies = taxonomies + [
-                        self.build_taxonomy(level, namespace, 'Network', summary.get('network')),
-                        self.build_taxonomy(level, namespace, 'Network Broadcast', summary.get('network_broadcast')),
-                        self.build_taxonomy(level, namespace, 'Network Size', summary.get('network_size')),
-                        self.build_taxonomy(level, namespace, 'Country', summary.get('country_name')),
-                        self.build_taxonomy(level, namespace, 'AS Number', summary.get('as_num')),
-                        self.build_taxonomy(level, namespace, 'AS Name', summary.get('as_name')),
-                    ]
-                elif self.data_type == 'network':
-                    taxonomies = taxonomies + [
-                        self.build_taxonomy(level, namespace, 'Network Size', summary.get('network_size'))
-                    ]
-                elif self.data_type == 'autonomous-system':
-                    taxonomies = taxonomies + [
-                        self.build_taxonomy(level, namespace, 'Prefix Count', summary.get('prefix_count')),
-                        self.build_taxonomy(level, namespace, 'AS Number', summary.get('as_num')),
-                        self.build_taxonomy(level, namespace, 'AS Name', summary.get('as_name'))
-                    ]
-                elif self.data_type == 'port':
-                    for result in raw.get('results', list()):
-                        display = "%s (%s)" % (result.get('service'), result.get('protocol'))
-                        taxonomies.append(self.build_taxonomy(level, namespace, 'Service', display))
-                else:
-                    pass
-            else:
-                pass
-            return {"taxonomies": taxonomies}
-
-        except Exception as e:
-            self.error('Summary failed\n{}'.format(e.message))
-
-
-if __name__ == '__main__':
-    BackscatterAnalyzer().run()
diff --git a/analyzers/BackscatterIO/requirements.txt b/analyzers/BackscatterIO/requirements.txt
deleted file mode 100644
index 34eae7d8c..000000000
--- a/analyzers/BackscatterIO/requirements.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-cortexutils
-backscatter
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_Enrichment_1_0/long.html b/thehive-templates/BackscatterIO_Enrichment_1_0/long.html
deleted file mode 100644
index ff84a794e..000000000
--- a/thehive-templates/BackscatterIO_Enrichment_1_0/long.html
+++ /dev/null
@@ -1,21 +0,0 @@
-<div class="panel panel-info" ng-if="success">
-    <div class="panel-heading">
-        Backscatter.io results for <strong>{{artifact.data}}</strong>
-    </div>
-    <div class="panel-body">
-        <div ng-repeat="(k,v) in content.results">
-            <span><strong>{{k}}:</strong> {{v}}</spam>
-        </div>
-        <p ng-if="!content.results">No records found for {{artifact.data}}.</p>
-    </div>
-</div>
-
-<!-- General error -->
-<div class="panel panel-danger" ng-if="!success">
-    <div class="panel-heading">
-        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
-    </div>
-    <div class="panel-body">
-        {{content.errorMessage}}
-    </div>
-</div>
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_Enrichment_1_0/short.html b/thehive-templates/BackscatterIO_Enrichment_1_0/short.html
deleted file mode 100644
index 5fc0dabfb..000000000
--- a/thehive-templates/BackscatterIO_Enrichment_1_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
-    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
-</span>
diff --git a/thehive-templates/BackscatterIO_GetObservations_1_0/long.html b/thehive-templates/BackscatterIO_GetObservations_1_0/long.html
deleted file mode 100644
index edd21c04a..000000000
--- a/thehive-templates/BackscatterIO_GetObservations_1_0/long.html
+++ /dev/null
@@ -1,62 +0,0 @@
-<div class="panel panel-info" ng-if="success">
-    <div class="panel-heading">
-        Backscatter.io results for <strong>{{artifact.data}}</strong>
-    </div>
-    <div class="panel-body">
-        <table class="table" ng-if="content.results.summary">
-            <tbody>
-                <tr>
-                    <th>Observation Count</th>
-                    <td>{{content.results.summary['observations_count']}}</td>
-                </tr>
-                <tr>
-                    <th>IP Address Count</th>
-                    <td>{{content.results.summary['ip_address_count']}}</td>
-                </tr>
-                <tr>
-                    <th>Network Count</th>
-                    <td>{{content.results.summary['network_count']}}</td>
-                </tr>
-                <tr>
-                    <th>AS Count</th>
-                    <td>{{content.results.summary['autonomous_system_count']}}</td>
-                </tr>
-                <tr>
-                    <th>Port Count</th>
-                    <td>{{content.results.summary['port_count']}}</td>
-                </tr>
-                <tr>
-                    <th>Protocol Count</th>
-                    <td>{{content.results.summary['protocol_count']}}</td>
-                </tr>
-            </tbody>
-        </table>
-        <table class="table" ng-if="content.results.observations">
-            <thead>
-                <th>Observed</th>
-                <th>Protocol</th>
-                <th>Destination Port</th>
-                <th>Length</th>
-            </thead>
-            <tbody ng-repeat="record in content.results.observations">
-                <tr>
-                    <td>{{record['observed']}}</td>
-                    <td>{{record['protocol']}}</td>
-                    <td>{{record['dst_port']}}</td>
-                    <td>{{record['length']}}</td>
-                </tr>
-            </tbody>
-        </table>
-        <p ng-if="!content.results.observations">No records found for {{artifact.data}}.</p>
-    </div>
-</div>
-
-<!-- General error -->
-<div class="panel panel-danger" ng-if="!success">
-    <div class="panel-heading">
-        <strong>{{(artifact.data || artifact.attachment.name) | fang}}</strong>
-    </div>
-    <div class="panel-body">
-        {{content.errorMessage}}
-    </div>
-</div>
\ No newline at end of file
diff --git a/thehive-templates/BackscatterIO_GetObservations_1_0/short.html b/thehive-templates/BackscatterIO_GetObservations_1_0/short.html
deleted file mode 100644
index 5fc0dabfb..000000000
--- a/thehive-templates/BackscatterIO_GetObservations_1_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
-    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
-</span>

From 84102e70e5513e007027a6ae74fb6a0c80518666 Mon Sep 17 00:00:00 2001
From: 9b <brandon@9bplus.com>
Date: Fri, 14 Jun 2019 10:55:34 +0100
Subject: [PATCH 4/4] Changed out author for proper support on new additions

---
 analyzers/PassiveTotal/PassiveTotal_Components.json | 2 +-
 analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json | 2 +-
 analyzers/PassiveTotal/PassiveTotal_Trackers.json   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/analyzers/PassiveTotal/PassiveTotal_Components.json b/analyzers/PassiveTotal/PassiveTotal_Components.json
index 6b628c685..9be950421 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Components.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Components.json
@@ -1,7 +1,7 @@
 {
   "name": "PassiveTotal_Components",
   "version": "2.0",
-  "author": "CERT-BDF",
+  "author": "Brandon Dixon (9bplus)",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "PassiveTotal Components Lookup.",
diff --git a/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json b/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
index ed392f526..c8f3bd9ec 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Host_Pairs.json
@@ -1,7 +1,7 @@
 {
   "name": "PassiveTotal_Host_Pairs",
   "version": "2.0",
-  "author": "CERT-BDF",
+  "author": "Brandon Dixon (9bplus)",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "PassiveTotal Host Pairs Lookup.",
diff --git a/analyzers/PassiveTotal/PassiveTotal_Trackers.json b/analyzers/PassiveTotal/PassiveTotal_Trackers.json
index 3fe0ac863..8f1c98f6d 100644
--- a/analyzers/PassiveTotal/PassiveTotal_Trackers.json
+++ b/analyzers/PassiveTotal/PassiveTotal_Trackers.json
@@ -1,7 +1,7 @@
 {
   "name": "PassiveTotal_Trackers",
   "version": "2.0",
-  "author": "CERT-BDF",
+  "author": "Brandon Dixon (9bplus)",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "PassiveTotal Trackers Lookup.",