Merge tag '1.1.3' into develop

1.1.3

Conflicts:
	CHANGELOG.md
	build.sbt
	ui/bower.json
	ui/package.json
	version.sbt

CHANGELOG.md

@@ -1,8 +1,17 @@
 # Change Log
 
-## [1.1.2](https://github.com/CERT-BDF/Cortex/tree/1.1.2)
+## [1.1.3](https://github.com/CERT-BDF/Cortex/tree/1.1.3)
 
-[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/rpm/1.1.1-2...1.1.2)
+[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/debian/1.1.2...1.1.3)
+
+**Fixed bugs:**
+
+- Problem Start Cortex on Ubuntu 16.04 [\#35](https://github.com/CERT-BDF/Cortex/issues/35)
+- Error when parsing analyzer failure report [\#33](https://github.com/CERT-BDF/Cortex/issues/33)
+
+
+## [1.1.2](https://github.com/CERT-BDF/Cortex/tree/1.1.2) (2017-05-24)
+[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/debian/1.1.1...1.1.2)
 
 **Implemented enhancements:**
 
@@ -15,22 +24,13 @@
 - Cortex and MISP unclear and error-loop [\#29](https://github.com/CERT-BDF/Cortex/issues/29)
 - Error 500 in TheHive when a job is submited to Cortex [\#27](https://github.com/CERT-BDF/Cortex/issues/27)
 
-## [rpm/1.1.1-2](https://github.com/CERT-BDF/Cortex/tree/rpm/1.1.1-2) (2017-05-19)
-[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/debian/1.1.1-2...rpm/1.1.1-2)
-
-## [debian/1.1.1-2](https://github.com/CERT-BDF/Cortex/tree/debian/1.1.1-2) (2017-05-19)
-[Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.1.1...debian/1.1.1-2)
-
-**Fixed bugs:**
-
-- After Upgrade from Cortex 1.0.2 to 1.1.1 system does not come up [\#26](https://github.com/CERT-BDF/Cortex/issues/26)
-
 ## [1.1.1](https://github.com/CERT-BDF/Cortex/tree/1.1.1) (2017-05-17)
 [Full Changelog](https://github.com/CERT-BDF/Cortex/compare/1.1.0...1.1.1)
 
 **Fixed bugs:**
 
 - Missing logos and favicons [\#25](https://github.com/CERT-BDF/Cortex/issues/25)
+- After Upgrade from Cortex 1.0.2 to 1.1.1 system does not come up [\#26](https://github.com/CERT-BDF/Cortex/issues/26)
 
 **Closed issues:**
 

README.md

@@ -12,23 +12,30 @@ By using Cortex, you won't need to rewrite the wheel every time you'd like to us
 # Cortex and TheHive
 Along with [MISP](http://www.misp-project.org/), Cortex is the perfect companion for [TheHive](https://thehive-project.org). Starting from Buckfast (TheHive version 2.10), you can analyze tens or hundreds of observables in a few clicks using one or several Cortex instances depending on your OPSEC needs and security requirements. Moreover, TheHive comes with a report template engine that allows you to adjust the output of Cortex analyzers to your taste instead of having to create your own JSON parsers for Cortex output.
 
-# Architecture
+# Cortex and MISP
+Starting from Cortex 1.1.1, Cortex can be integrated with [MISP](http://www.misp-project.org/) in two ways:
+- Cortex can [invoke MISP modules](https://github.com/CERT-BDF/CortexDocs/blob/master/misp.md#invoke-misp-modules-within-cortex)
+- MISP can [invoke Cortex analyzers](https://github.com/CERT-BDF/CortexDocs/blob/master/misp.md#invoke-cortex-analyzers-within-misp)
+
+# Details
+## Architecture
 Cortex is written in Scala. The front-end uses AngularJS with Bootstrap. Its REST API is stateless which allows it to be horizontally scalable. The provided analyzers are written in Python. Additional analyzers may be written using the same language or any other language supported by Linux.
 
 <p align="center">
   <img src="images/cortex-architecture.png" alt="Cortex Architecture" width="400">
 </p>
 
 
-# Analyzers
-There are currently 21 analyzers.
+## Analyzers
+Cortex has 23 analyzers listed below:
 
 + Abuse Finder: use CERT-SG's [Abuse Finder](https://github.com/certsocietegenerale/abuse_finder) to find the abuse contact associated with domain names, URLs, IP and email addresses.
 + CIRCLPassiveDNS\*: Check [CIRCL's Passive DNS](https://www.circl.lu/services/passive-dns/) for a given domain.
 + CIRCLPassiveSSL\*: Check [CIRCL's Passive SSL](https://www.circl.lu/services/passive-ssl/) service for a given IP address or certificate hash.
 + DNSDB\*: leverage Farsight's [DNSDB](https://www.dnsdb.info/) for pDNS.
 + DomainTools\*: look up domain names, IP addresses, WHOIS records, etc. using the popular [DomainTools](http://domaintools.com/) service API.
 + File Info: parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more.
++ FireHOL Blocklists: check IP addresses against the [FireHOL blocklists](https://firehol.org/).
 + GoogleSafebrowsing\*: check URLs against [Google Safebrowsing](https://www.google.com/transparencyreport/safebrowsing/).
 + Hippocampe: query threat feeds through [Hippocampe](https://github.com/CERT-BDF/Hippocampe), a FOSS tool that centralizes feeds and allows you to associate a confidence level to each one of them (that can be changed over time) and get a score indicating the data quality.
 + Joe Sandbox\*: analyze URLs and files using the powerful [Joe Sandbox](https://www.joesecurity.org/) malware analysis solution.
@@ -43,10 +50,14 @@ There are currently 21 analyzers.
 + URLCategory: check the Fortinet categories of URLs.
 + VirusShare: check whether a file/hash is available on [VirusShare.com](https://virusshare.com/).
 + VirusTotal\*: look up files, URLs and hashes through [VirusTotal](https://www.virustotal.com/).
++ VMRay\*: analyze files using [VMRay](https://www.vmray.com/).
 + Yara: check files against [YARA](https://virustotal.github.io/yara/) rules using yara-python.
 
 The star (\*) indicates that the analyzer needs either an API key or user accounts to work correctly. **We do not provide API keys or user accounts**. You have to use your own.
 
+## Documentation
+We have made several guides available in the [Documentation repository](https://github.com/CERT-BDF/CortexDocs).
+
 # License
 Cortex is an open source and free software released under the [AGPL](https://github.com/CERT-BDF/Cortex/blob/master/LICENSE) (Affero General Public License). We, TheHive Project, are committed to ensure that Cortex will remain a free and open source project on the long-run.
 

app/models/JsonFormat.scala

@@ -52,7 +52,7 @@ object JsonFormat {
         } yield SuccessReport(artifacts, full, summary))
           .getOrElse(FailureReport(s"Invalid analyzer output format : $json"))
       else
-        FailureReport((json \ "error").asOpt[String].getOrElse(json.toString))
+        FailureReport((json \ "errorMessage").asOpt[String].getOrElse(json.toString))
     }
   }
 

build.sbt

@@ -84,8 +84,8 @@ packageBin := {
   (packageBin in Universal).value
 }
 // DEB //
-version in Debian := version.value + "-2"
-debianPackageDependencies += "java8-runtime-headless | java8-runtime"
+version in Debian := version.value + "-1"
+debianPackageDependencies += "openjdk-8-jre-headless"
 maintainerScripts in Debian := maintainerScriptsFromDirectory(
   baseDirectory.value / "package" / "debian",
   Seq(DebianConstants.Postinst, DebianConstants.Prerm, DebianConstants.Postrm)

ui/bower.json

@@ -1,6 +1,6 @@
 {
   "name": "cortex",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "dependencies": {
     "angular": "1.5.10",
     "angular-sanitize": "1.5.10",

ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cortex",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "license": "AGPL-3.0",
   "repository": {
     "type": "git",

version.sbt

@@ -1 +1 @@
-version in ThisBuild := "1.1.2"
+version in ThisBuild := "1.1.3"