From 8cda4f048a6b2dba4982fc7a1dba52bc48404612 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Tue, 3 Mar 2020 12:29:31 +0100
Subject: [PATCH] fqdn  support for Url haus

As suggested in https://github.com/TheHive-Project/Cortex-Analyzers/pull/556
---
 analyzers/URLhaus/URLhaus.json        | 2 +-
 analyzers/URLhaus/URLhaus_analyzer.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/analyzers/URLhaus/URLhaus.json b/analyzers/URLhaus/URLhaus.json
index 7059eb53a..1562e56b1 100644
--- a/analyzers/URLhaus/URLhaus.json
+++ b/analyzers/URLhaus/URLhaus.json
@@ -6,7 +6,7 @@
   "version": "2.0",
   "baseConfig": "URLhaus",
   "description": "Search domains, IPs, URLs or hashes on URLhaus.",
-  "dataTypeList": ["domain", "url", "hash", "ip"],
+  "dataTypeList": ["domain", "fqdn", "url", "hash", "ip"],
   "command": "URLhaus/URLhaus_analyzer.py",
   "configurationItems": [
   ]
diff --git a/analyzers/URLhaus/URLhaus_analyzer.py b/analyzers/URLhaus/URLhaus_analyzer.py
index ce8d1ad04..2bf5f2276 100755
--- a/analyzers/URLhaus/URLhaus_analyzer.py
+++ b/analyzers/URLhaus/URLhaus_analyzer.py
@@ -15,7 +15,7 @@ def run(self):
         results = {}
         if self.data_type == 'url':
             results = URLhausClient.search_url(data)
-        elif self.data_type in ['domain', 'ip']:
+        elif self.data_type in ['domain', 'fqdn', 'ip']:
             results = URLhausClient.search_host(data)
         elif self.data_type == 'hash':
             if len(data) in [32, 64]:
@@ -50,7 +50,7 @@ def summary(self, raw):
                     'Threat',
                     raw['threat']
                 ))
-            elif self.data_type in ['domain', 'ip']:
+            elif self.data_type in ['domain', 'fqdn', 'ip']:
                 threat_types = []
                 for url in raw['urls']:
                     if url['threat'] not in threat_types: