Merge branch 'release/1.3.1'

analyzers/Abuse_Finder/Abuse_Finder.json

@@ -10,7 +10,7 @@
       "max_tlp":3,
       "service":""
     },
-    "description": "Use CERT-SG's Abuse Finder to find the abuse contact associated with domain names, URLs, IP and email addresses.",
+    "description": "Use CERT-SG's Abuse Finder to find the abuse contact associated with domain names, URLs, IPs and email addresses",
     "dataTypeList": ["ip", "domain", "url","email"],
     "command": "Abuse_Finder/abusefinder.py"
 }

analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json

@@ -3,10 +3,10 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "0.1",
+    "version": "1.0",
     "baseConfig": "CIRCLPassiveDNS",
     "config": {},
-    "description": "Checks CIRCL's Passive DNS for a given domain, API Key via circl.lu.",
+    "description": "Check CIRCL's Passive DNS for a given domain or URL",
     "dataTypeList": ["domain", "url"],
     "command": "CIRCLPassiveDNS/circl_passivedns.py"
 }

analyzers/CIRCLPassiveDNS/requirements.txt

@@ -1 +1,2 @@
 pypdns
+cortexutils

analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json

@@ -3,10 +3,10 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "0.1",
+    "version": "1.0",
     "baseConfig": "CIRCLPassiveSSL",
     "config": {},
-    "description": "Check CIRCL's Passive SSL for a given ip or certificate hash",
+    "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash",
     "dataTypeList": ["ip", "certificate_hash", "hash"],
     "command": "CIRCLPassiveSSL/circl_passivessl.py"
 }

analyzers/CIRCLPassiveSSL/requirements.txt

@@ -1 +1,2 @@
 pypssl
+cortexutils

analyzers/DNSDB/DNSDB_DomainName.json

@@ -11,7 +11,7 @@
         "service": "domain_name"
 
     },
-    "description": "DNSDB Passive DNS query for Domain Names : Provides history records for a domain",
+    "description": "Provide history records for a domain using DNSDB Passive DNS service",
     "dataTypeList": ["domain"],
     "command": "DNSDB/dnsdb.py"
 }

analyzers/DNSDB/DNSDB_IPHistory.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "ip_history"
     },
-    "description": "DNSDB Passive DNS query for IP history : Provides history records for an IP",
+    "description": "Provide history records for an IP address using DNSDB Passive DNS service",
     "dataTypeList": ["ip"],
     "command": "DNSDB/dnsdb.py"
 }

analyzers/DNSDB/DNSDB_NameHistory.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "name_history"
     },
-    "description": "DNSDB Passive DNS query for domain/host name history : Provides history records for an domain/host",
+    "description": "Provide history records for a fully-qualified domain name using DNSDB Passive DNS",
     "dataTypeList": ["fqdn"],
     "command": "DNSDB/dnsdb.py"
 }

analyzers/DomainTools/DomainTools_ReverseIP.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "reverse-ip"
     },
-    "description": "DomainTools Reverse IP: provides a list of domain names that share the same Internet host",
+    "description": "Use DomainTools Reverse IP service to provide a list of domain names sharing the same IP address",
     "dataTypeList": ["ip"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/DomainTools/DomainTools_ReverseNameServer.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "name-server-domains"
     },
-    "description": "DomainTools Reverse Name server: provides a list of domain names that share the same primary or secondary name server",
+    "description": "Use DomainTools Reverse Name Server service to get a list of domain names that share the same primary or secondary name server",
     "dataTypeList": ["domain"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/DomainTools/DomainTools_ReverseWhois.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "reverse-whois"
     },
-    "description": "Domaintools Reverse Whois lookup : provides a list of domain names that share the same Registrant Information.",
+    "description": "Get a list of domain names which share the same registrant information through Domaintools Reverse Whois service",
     "dataTypeList": ["mail", "ip", "domain", "other"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/DomainTools/DomainTools_WhoisHistory.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "whois/history"
     },
-    "description": "DomainTools Whois History: provides a list of historic Whois records for a domain name",
+    "description": "Get a list of historic Whois records associated with a domain name through DomainTools Whois History service",
     "dataTypeList": ["domain"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/DomainTools/DomainTools_WhoisLookup.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "whois/parsed"
     },
-    "description": "DomainTools Whois Lookup: provides the ownership record for a domain name with basic registration details",
+    "description": "Get the ownership record for a domain with basic registration details using DomainTools Whois Lookup service",
     "dataTypeList": ["domain"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/DomainTools/DomainTools_WhoisLookupIP.json

@@ -10,7 +10,7 @@
         "max_tlp": 1,
         "service": "whois"
     },
-    "description": "DomainTools Whois Lookup IP: provides the ownership record for a IP address with basic registration details",
+    "description": "Get the ownership record for an IP address with basic registration details using DomainTools Whois Lookup IP service",
     "dataTypeList": ["ip"],
     "command": "DomainTools/domaintools.py"
 }

analyzers/File_Info/File_Info.json

@@ -10,7 +10,7 @@
         "max_tlp": 3,
         "service": ""
     },
-    "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more.",
+    "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more",
     "dataTypeList": [
         "file"
     ],

analyzers/Fortiguard/Fortiguard_URLCategory.json

@@ -5,7 +5,7 @@
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
     "dataTypeList": ["domain", "url"],
-    "description": "URL Category by Fortiguard: checks the category of a specific URL or domain",
+    "description": "Check the Fortiguard category of a URL or a domain",
     "baseConfig": "Fortiguard",
     "config": {
         "check_tlp": true,

analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json

@@ -3,10 +3,10 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "0.1",
+    "version": "1.0",
     "baseConfig": "GoogleSafebrowsing",
     "config": {},
-    "description": "Check url against Google Safebrowsing lists.",
+    "description": "Check URLs and domain names against Google Safebrowsing",
     "dataTypeList": ["url", "domain"],
     "command": "GoogleSafebrowsing/safebrowsing_analyzer.py"
 }

analyzers/GoogleSafebrowsing/requirements.txt

@@ -1 +1,2 @@
 requests
+cortexutils

analyzers/GoogleSafebrowsing/safebrowsing_analyzer.py

@@ -5,12 +5,12 @@
 
 
 class SafebrowsingAnalyzer(Analyzer):
-    """Enables TheHive to query Google Safebrowsing for URLs. Info how to obtain an API key can be found
+    """Cortex analyzer to query Google Safebrowsing for URLs. Info how to obtain an API key can be found
     `here <https://developers.google.com/safe-browsing/v4/get-started>`_."""
     def __init__(self):
         Analyzer.__init__(self)
         self.api_key = self.get_param('config.key', None, 'No Google API key provided.')
-        self.client_id = self.get_param('config.client_id', 'TheHive')
+        self.client_id = self.get_param('config.client_id', 'Cortex')
         self.client_version = '0.1'
 
         self.sb = safebrowsing.SafebrowsingClient(

analyzers/Hippocampe/Hippocampe_hipposcore.json

@@ -4,7 +4,7 @@
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "Hippocampe Score report: provides the last report for an IP, domain or a URL",
+    "description": "Get the Hippocampe Score report associated with an IP address, a domain or a URL",
     "dataTypeList": ["ip", "domain", "fqdn", "url"],
     "baseConfig": "Hippocampe",
     "config": {

analyzers/Hippocampe/Hippocampe_more.json

@@ -4,7 +4,7 @@
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "Hippocampe detailed report: provides the last detailed report for an IP, domain or a URL",
+    "description": "Get the Hippocampe detailed report for an IP address, a domain or a URL",
     "dataTypeList": ["ip", "domain", "fqdn", "url"],
     "baseConfig": "Hippocampe",
     "config": {

analyzers/JoeSandbox/JoeSandbox_Url_Analysis.json

@@ -9,7 +9,7 @@
         "check_tlp": false,
         "service": "url_analysis"
     },
-    "description": "Joe Sandbox url analysis",
+    "description": "Joe Sandbox URL analysis",
     "dataTypeList": ["url"],
     "command": "JoeSandbox/joesandbox_analyzer.py"
 }

analyzers/MISP/MISP_Search.json

@@ -9,7 +9,7 @@
         "check_tlp": false,
         "service": "search"
     },
-    "description": "Search MISP event that have the observable provided as an input",
+    "description": "Search MISP events that have the observable provided as input",
     "dataTypeList": ["domain", "filename", "fqdn", "hash", "ip", "mail", "mail_subject", "other", "regexp", "registry", "uri_path", "url", "user-agent"],
     "command": "MISP/misp_analyzer.py"
 }

analyzers/MaxMind/MaxMind_GeoIP.json

@@ -10,7 +10,7 @@
         "max_tlp": 3,
         "service": ""
     },
-    "description": "MaxMind: Geolocation",
+    "description": "Geolocate an IP Address via MaxMind",
     "dataTypeList": ["ip"],
     "command": "MaxMind/geo.py"
 }

analyzers/MsgParser/Msg_Parser.json

@@ -10,7 +10,7 @@
         "max_tlp": 3,
         "service": ""
     },
-    "description": "Outlook .msg file parser",
+    "description": "Parse Outlook MSG files and extract the main artifacts",
     "dataTypeList": [
         "file"
     ],

analyzers/Nessus/Nessus.json

@@ -1,14 +1,14 @@
 {
     "name": "Nessus",
     "version": "1.0",
-    "author": "CERT-BDF",
+    "author": "Guillaume Rousse",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
     "baseConfig": "Nessus",
     "config": {
         "check_tlp": false
     },
-    "description": "Nessus scanner",
+    "description": "Scan hosts using Tenable's Nessus scanner",
     "dataTypeList": ["ip", "fqdn"],
     "command": "Nessus/nessus.py"
 }

analyzers/OTXQuery/OTXQuery.json

@@ -4,7 +4,7 @@
     "author": "Eric Capuano",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "Query AlienVault OTX for IPs, Domains, URLs, or File Hashes",
+    "description": "Query AlienVault OTX for IPs, domains, URLs, or file hashes",
     "dataTypeList": ["url", "domain", "file", "hash", "ip"],
     "baseConfig": "OTXQuery",
     "config": {

analyzers/PhishTank/PhishTank_CheckURL.json

@@ -4,7 +4,7 @@
     "author": "Eric Capuano",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "Check URL against PhishTank to determine if it's a verified phishing site",
+    "description": "Check a URL against PhishTank to determine if it's a verified phishing site",
     "dataTypeList": ["url"],
     "baseConfig": "PhishTank",
     "config": {

analyzers/PhishingInitiative/PhishingInitiative_Lookup.json

@@ -4,7 +4,7 @@
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "Check URL against Phishing Initiative to determine if it's a verified phishing site",
+    "description": "Check a URL against Phishing Initiative to determine if it's a verified phishing site",
     "dataTypeList": ["url"],
     "baseConfig": "PhishingInitiative",
     "config": {

analyzers/VirusTotal/VirusTotal_GetReport.json

@@ -4,7 +4,7 @@
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "VirusTotal get report: provides the last report of a file, hash, domain or ip",
+    "description": "Get the latest VirusTotal report for a file, hash, domain or an IP address",
     "dataTypeList": ["file", "hash", "domain", "ip"],
     "baseConfig": "VirusTotal",
     "config": {

analyzers/VirusTotal/VirusTotal_Scan.json

@@ -4,7 +4,7 @@
     "author": "CERT-BDF",
     "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
     "license": "AGPL-V3",
-    "description": "VirusTotal scan file or url",
+    "description": "Scan a file or URL using VirusTotal",
     "dataTypeList": ["file", "url"],
     "baseConfig": "VirusTotal",
     "config": {

analyzers/Virusshare/Virusshare.json

@@ -3,10 +3,10 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "0.1",
+    "version": "1.0",
     "baseConfig": "Virusshare",
     "config": {},
-    "description": "Check if file (md5-hash) is available on virusshare.com",
+    "description": "Search for MD5 hashes in Virusshare.com hash list",
     "dataTypeList": ["hash", "file"],
     "command": "Virusshare/virusshare.py"
 }

analyzers/Virusshare/requirements.txt

@@ -1,2 +1,3 @@
 requests
 progressbar2
+cortexutils

analyzers/Yara/Yara.json

@@ -3,10 +3,10 @@
     "author": "Nils Kuhnert, CERT-Bund",
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "0.1",
+    "version": "1.0",
     "baseConfig": "Yara",
     "config": {},
-    "description": "Check files against yara rules using yara-python.",
+    "description": "Check files against YARA rules",
     "dataTypeList": ["file"],
     "command": "Yara/yara_analyzer.py"
 }