Feature/update docs

analyzers/AbuseIPDB/AbuseIPDB.json

@@ -29,5 +29,19 @@
         "check_tlp": true,
         "max_tlp": 2,
         "auto_extract": false
-    }
+    },
+    "registration_required": true,
+    "subscription_required": true,
+    "free_subscription": true,
+    "service_homepage": "https://www.abuseipdb.com/",
+    "service_logo": {
+        "path": "assets/abuseipdb.png",
+        "caption": "abuseipdb logo"
+    },
+    "screenshots": [
+        {
+            "path": "assets/long_report.png",
+            "caption": "AbuseIPDB: Long report template"
+        }
+    ]
 }

analyzers/AbuseIPDB/README.md

@@ -0,0 +1,10 @@
+### AbuseIPDB
+[AbuseIPDB](https://www.abuseipdb.com/) is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
+
+The analyzer comes in only one flavor.
+
+#### Requirements
+You need a valid AbuseIPDB API integration subscription to use the analyzer:
+
+- Provide your API key as a value for the `key` parameter.
+- Set the `days` parameter to limit temporal range in search

analyzers/AnyRun/AnyRun_Sandbox_Analysis.json

@@ -32,5 +32,24 @@
       "required": true,
       "defaultValue": true
     }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": false,
+  "service_homepage": "https://any.run/",
+  "service_logo": {
+      "path": "assets/anyrun.png",
+      "caption": "AnyRun logo"
+  },
+  "screenshots": [
+      {
+          "path": "assets/short_report.png",
+          "caption": "AnyRun: Short report template"
+      },
+
+      {
+          "path": "assets/long_report.png",
+          "caption": "AnyRun: Long report template"
+      }
   ]
 }

analyzers/AnyRun/README.md

@@ -0,0 +1,15 @@
+### AnyRun
+[ANY.RUN](https://any.run/) is a malware sandbox service in the cloud. By using this analyzer, an analyst can submit a suspicious file or URL to the service for analysis and get a report. The report can contain various information such as:
+
+- Interactive access
+- Research threats by filter in public submissions
+- File and URL dynamic analysis
+- Mitre ATT&CK mapping
+- Detailed malware reports
+
+#### Requirements
+You need a valid AnyRun API integration subscription to use the analyzer. Free plan does not provide API access.
+
+- Provide your API token as a value for the `token` parameter.
+- Define the privacy setting in `privacy_type` parameter.
+- Set `verify_ssl` parameter as false if you connection requires it

analyzers/Censys/Censys.json

@@ -23,5 +23,19 @@
       "multi": false,
       "required": true
     }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://censys.io/",
+  "service_logo": {
+    "path": "assets/censys.png",
+    "caption": "Censys logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "Censys: Long report template"
+    }
   ]
 }

analyzers/Censys/README.md

@@ -0,0 +1,8 @@
+### Censys
+[Censys](https://censys.io/) is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet. Regularly probes every public IP address and popular domain names, curate and enrich the resulting data, and make it intelligible through an interactive search engine and API.
+
+#### Requirements
+You need a valid Censys API integration subscription to use the analyzer.
+
+- Provide your API uid as values for the `uid` parameter.
+- Provide your API key as values for the `key` parameter.

analyzers/Crtsh/Crtsh.json

@@ -6,13 +6,25 @@
   "version": "1.0",
   "baseConfig": "Crtsh",
   "config": {
-        "check_tlp": false,
-        "max_tlp": 3
+    "check_tlp": false,
+    "max_tlp": 3
   },
   "description": "Query domains against the certificate transparency lists available at crt.sh.",
   "dataTypeList": ["domain"],
   "command": "Crtsh/crtshquery.py",
-  "configurationItems": [
+  "configurationItems": [],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://crt.sh/",
+  "service_logo": {
+    "path": "assets/logo.png",
+    "caption": "Sectigo logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "Crt: Long report template"
+    }
   ]
-
 }

analyzers/Crtsh/README.md

@@ -0,0 +1,5 @@
+### Crtsh
+[Crtsh](https://crt.sh/) is a platform that permits you search for certificates that have been logged by CT.
+
+#### Requirements
+It does not require any requirements.

analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json

@@ -2,7 +2,7 @@
   "name": "CuckooSandbox_File_Analysis_Inet",
   "version": "1.2",
   "author": "Andrea Garavaglia, LDO-CERT",
-  "url": "https://github.com/garanews/Cortex-Analyzers",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "Cuckoo Sandbox file analysis with Internet access.",
   "dataTypeList": ["file"],
@@ -38,5 +38,19 @@
       "multi": false,
       "required": false
     }
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://cuckoosandbox.org/",
+  "service_logo": {
+    "path": "assets/cuckoosandbox.png",
+    "caption": "CuckooSandbox logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "CuckooSandbox: Long report template"
+    }
   ]
 }

analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json

@@ -2,7 +2,7 @@
   "name": "CuckooSandbox_Url_Analysis",
   "version": "1.2",
   "author": "Andrea Garavaglia, LDO-CERT",
-  "url": "https://github.com/garanews/Cortex-Analyzers",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "description": "Cuckoo Sandbox URL analysis.",
   "dataTypeList": ["url"],
@@ -38,6 +38,19 @@
       "multi": false,
       "required": false
     }
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://cuckoosandbox.org/",
+  "service_logo": {
+    "path": "assets/cuckoosandbox.png",
+    "caption": "CuckooSandbox logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "CuckooSandbox: Long report template"
+    }
   ]
-
 }

analyzers/CuckooSandbox/README.md

@@ -0,0 +1,17 @@
+### CuckooSandbox
+
+[CuckooSandbox](https://cuckoosandbox.org/)  is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. 
+
+- Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
+- Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
+- Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
+- Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.
+
+The analyzer comes in two different flavour to analzye url or file with internet access.
+
+#### Requirements
+
+You need to have your cuckoosandox deployed in your infrastructure. You can download it and follow installation instructions.
+
+The address of the machine must be se as `url` parameter and relative token as the value for the `token` parameter.
+Depending on your network configuration you can configure `verifyssl` and `cert_path` accordingly.

analyzers/CyberChef/CyberChef_FromBase64.json

@@ -1,24 +1,38 @@
 {
-    "name": "CyberChef_FromBase64",
-    "version": "1.0",
-    "author": "Wes Lambert",
-    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
-    "license": "AGPL-V3",
-    "description": "Convert Base64 with CyberChef Server",
-    "dataTypeList": ["other"],
-    "baseConfig": "CyberChef",
-    "config": {
-       "service": "FromBase64"
-    },
-    "command": "CyberChef/cyberchef.py",
-    "configurationItems": [
-      {
-        "name": "url",
-        "description": "CyberChef Server URL",
-        "type": "string",
-        "multi": false,
-        "required": true,
-        "defaultValue": "http://192.168.1.178:3000/"
-      }
-    ]
+  "name": "CyberChef_FromBase64",
+  "version": "1.0",
+  "author": "Wes Lambert",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Convert Base64 with CyberChef Server",
+  "dataTypeList": ["other"],
+  "baseConfig": "CyberChef",
+  "config": {
+    "service": "FromBase64"
+  },
+  "command": "CyberChef/cyberchef.py",
+  "configurationItems": [
+    {
+      "name": "url",
+      "description": "CyberChef Server URL",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "http://192.168.1.178:3000/"
+    }
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://github.com/gchq/CyberChef-server",
+  "service_logo": {
+    "path": "assets/cyberchef.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "Cyberchef: long report"
+    }
+  ]
 }

analyzers/CyberChef/CyberChef_FromCharCode.json

@@ -1,24 +1,38 @@
 {
-    "name": "CyberChef_FromCharCode",
-    "version": "1.0",
-    "author": "Wes Lambert",
-    "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
-    "license": "AGPL-V3",
-    "description": "Convert Char Code with CyberChef Server",
-    "dataTypeList": ["other"],
-    "baseConfig": "CyberChef",
-    "config": {
-       "service": "FromCharCode"
-    },
-    "command": "CyberChef/cyberchef.py",
-    "configurationItems": [
-      {
-        "name": "url",
-        "description": "CyberChef Server URL",
-        "type": "string",
-        "multi": false,
-        "required": true,
-        "defaultValue": "http://192.168.1.178:3000/"
-      }
-    ]
+  "name": "CyberChef_FromCharCode",
+  "version": "1.0",
+  "author": "Wes Lambert",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Convert Char Code with CyberChef Server",
+  "dataTypeList": ["other"],
+  "baseConfig": "CyberChef",
+  "config": {
+    "service": "FromCharCode"
+  },
+  "command": "CyberChef/cyberchef.py",
+  "configurationItems": [
+    {
+      "name": "url",
+      "description": "CyberChef Server URL",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "http://192.168.1.178:3000/"
+    }
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://github.com/gchq/CyberChef-server",
+  "service_logo": {
+    "path": "assets/cyberchef.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/long_report.png",
+      "caption": "Cyberchef: long report"
+    }
+  ]
 }