Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Edit Readme.MD for a goot view. #757

Closed
wants to merge 21 commits into from
Closed

Edit Readme.MD for a goot view. #757

wants to merge 21 commits into from

Conversation

DanteDevil89
Copy link

At the end's Readme you not have same "\n".
sorry for my bad English.

##Basic configuration: The following settings are available for the script.
QRadar:
proxies: << Use this for any proxy url's required
http:
https:
url: https://<ip/hostname>: << QRadar url
key: << QRadar API key. This can be the same as the key for the analyzer
verify: <True/False/pathtocert> << Defines whether or not certificate hostname validation is enabled. Provide a path to a CA file if you have a specific file with authorized CA's
enabled_datatypes: << Allows you to enable/disable certain datatypes.
- ip
- domain
- fqdn
- url
- hash
search_limit : 1 << The amount of days it searches back in time
search_timeout : 86400 << The maximum duration it may take to complete the search
polling_interval : 10 << polling interval for the search status
url_root_domain_field: << Field names
url_fqdn_field:
url_field:
mail_recipient_field:
mail_sender_field:
mail_send_qid:
mail_receive_qid:
hash_md5:
hash_sha1:
hash_sha256:

TheHive:
proxies: << Use this for any proxy url's required
http:
https:
url: https://<ip/hostname> << The Hive url
key: << The Hive API key
verify: <True/False/pathtocert> << Defines whether or not certificate hostname validation is enabled. Provide a path to a CA file if you have a specific file with authorized CA's

Jeffrey Everling and others added 21 commits January 2, 2019 17:40
Adjusted emlparser to enhance the "Auto Extract" feature of The Hive
9e48bf3
Merge branch 'master' of github.com:TheHive-Project/Cortex-Analyzers
90f4949
@jeffrey-e
Enhanced regexes
0973b6c
Added task based mail respondings
f2e1f76
Revert "Added task based mail respondings"
5fcf7e9 
Added branch for it

This reverts commit f2e1f76.
Adjusted code so that only analyzer specific regex are to be added
fa18080
Fixed some issues
098d76f
Fixed multi recipient issue
0323898
Adding first version of QRadar analyzer
d2b980b
Small readme update
11b810a
Fixing param mismatch
dda6ecf
Adding mailer SMTPAUTH
320fde5
@jeffrey-e
Merge branch 'adjusting-Mail-Responder' into adding-QRadar-Analyzer
7c9b220
@jeffrey-e
Merge pull request #1 from jeffrey-e/adding-QRadar-Analyzer
ead2259 
Adding q radar analyzer
@jeffrey-e
Revert "Adding q radar analyzer"
181050b
@jeffrey-e
Merge pull request #2 from jeffrey-e/revert-1-adding-QRadar-Analyzer
f05589a 
Revert "Adding q radar analyzer"
@jeffrey-e
Merge pull request #3 from jeffrey-e/adjusting-Mail-Responder
4db31f1 
Adjusting mail responder
Adding QRadar Analyzer
3637640
Adding mailer additions for SMTPAUTH
1203d75
Adding missing underscore
c07d70a
Fixing underscore issue nr 2
185ae6a
@dadokkio
Copy link
Contributor

dadokkio commented May 5, 2020

Thanks @DanteDevil89

If I'm not wrong this issue is related to:
Emlparser Analyzer - add ioc extraction
IBMQRadar - new analyzer
Mailer Responder - add auth and support for case_task

I need to ask you to split this pull in 3 different part.
The ioc extraction has been started with the following commit and will be release soon 99337a4 and regarding mailer there is an ongoing discussion.

If you provide different pull will be easier and quicker for us to merge them.

@dadokkio
Copy link
Contributor

I'm going to close this pull because it's very difficult to review and merge.
Please try to keep pull simple and follow the pull request guideline

@dadokkio dadokkio closed this May 12, 2020
@dadokkio dadokkio mentioned this pull request May 12, 2020
Merged
@DanteDevil89
Copy link
Author

sorry @dadokkio, But i have suggesto also a change ok README.md. Because web view isn't good.

@garanews
Copy link
Contributor

Hi @DanteDevil89 , what do you mean with issue for \n at the end of README.md ?
Can you show what is not good in your view?

@DanteDevil89
Copy link
Author

Hi i view this!

READEME

@dadokkio
Copy link
Contributor

@DanteDevil89 probably you want to make this change in @jeffrey-e https://github.com/jeffrey-e/Cortex-Analyzers repo because the analyzer you are trying to fix in not yet available in this one.
Then if anyone wants to make separate pulls for IBMQRadar and Emlparser I'll be available to review them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DanteDevil89 @dadokkio @garanews @jeffrey-e