#296 #295 review PR

analyzers/Fortiguard/Fortiguard_URLCategory.json

@@ -1,11 +1,29 @@
 {
   "name": "Fortiguard_URLCategory",
-  "version": "2.0",
+  "version": "2.1",
   "author": "Eric Capuano",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
   "dataTypeList": ["domain", "url"],
-  "description": "Check the Fortiguard category of a URL or a domain.",
+  "description": "Check the Fortiguard category of a URL or a domain. Check the full available list at https://fortiguard.com/webfilter/categories",
   "baseConfig": "Fortiguard",
-  "command": "Fortiguard/urlcategory.py"
+  "command": "Fortiguard/urlcategory.py",
+  "configurationItems": [
+    {
+      "name": "malicious_categories",
+      "description": "List of FortiGuard categories to be considered as malicious",
+      "type": "string",
+      "multi": true,
+      "required": true,
+      "defaultValue": ["Malicious Websites", "Phishing", "Spam URLs"]
+    },
+    {
+      "name": "suspicious_categories",
+      "description": "List of FortiGuard categories to be considered as suspicious",
+      "type": "string",
+      "multi": true,
+      "required": true,
+      "defaultValue": ["Newly Observed Domain", "Newly Registered Domain", "Dynamic DNS", "Proxy Avoidance", "Hacking"]
+    }
+  ]
 }

analyzers/Fortiguard/urlcategory.py

@@ -15,10 +15,10 @@ def summary(self, raw):
 
         if 'category' in raw:
             r = raw.get('category')
-            value = "{}".format(r)
-            if r == "Malicious Websites":
+            value = "\"{}\"".format(r)
+            if r in self.get_param('config.malicious_categories', []):
                 level = "malicious"
-            elif r == "Suspicious Websites":
+            elif r in self.get_param('config.suspicious_categories', []):
                 level = "suspicious"
             elif r == "Not Rated":
                 level = "info"