#172 Update configuration items for all analyzers

analyzers/Abuse_Finder/Abuse_Finder.json

@@ -4,10 +4,10 @@
   "author": "CERT-BDF",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",
-  "baseConfig": "Abuse_Finder",
   "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
   "dataTypeList": ["ip", "domain", "url", "mail"],
   "command": "Abuse_Finder/abusefinder.py",
+  "baseConfig": "Abuse_Finder",
   "config": {},
   "configurationItems": [
     {

analyzers/C1fApp/C1fApp_osint.json

@@ -6,12 +6,27 @@
     "license": "AGPL-V3",
     "description": "Query C1fApp OSINT Aggregator for IPs, domains and URLs",
     "dataTypeList": ["url", "domain", "ip"],
+    "command": "C1fApp/cifquery.py",
     "baseConfig": "C1fApp",
     "config": {
-        "check_tlp":true,
-        "max_tlp": 2,
         "service": "query"
-
     },
-    "command": "C1fApp/cifquery.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
 }

analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json

@@ -4,9 +4,27 @@
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
     "version": "2.0",
-    "baseConfig": "CERTatPassiveDNS",
-    "config": {},
     "description": "Checks CERT.at Passive DNS for a given domain.",
     "dataTypeList": ["domain", "fqdn"],
-    "command": "CERTatPassiveDNS/certat_passivedns.py"
+    "command": "CERTatPassiveDNS/certat_passivedns.py",
+    "baseConfig": "CERTatPassiveDNS",
+    "config": {},
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 3
+    }
+  ]
 }

analyzers/CIRCLPassiveDNS/CIRCLPassiveDNS.json

@@ -4,9 +4,27 @@
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
     "version": "2.0",
-    "baseConfig": "CIRCLPassiveDNS",
-    "config": {},
     "description": "Check CIRCL's Passive DNS for a given domain or URL.",
     "dataTypeList": ["domain", "url", "ip"],
-    "command": "CIRCLPassiveDNS/circl_passivedns.py"
+    "command": "CIRCLPassiveDNS/circl_passivedns.py",
+    "baseConfig": "CIRCLPassiveDNS",
+    "config": {},
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 3
+    }
+  ]
 }

analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json

@@ -4,9 +4,27 @@
     "license": "AGPL-V3",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
     "version": "2.0",
-    "baseConfig": "CIRCLPassiveSSL",
-    "config": {},
     "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.",
     "dataTypeList": ["ip", "certificate_hash", "hash"],
-    "command": "CIRCLPassiveSSL/circl_passivessl.py"
+    "command": "CIRCLPassiveSSL/circl_passivessl.py",
+    "baseConfig": "CIRCLPassiveSSL",
+    "config": {},
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 3
+    }
+  ]
 }

analyzers/Censys/Censys.json

@@ -4,9 +4,28 @@
   "license": "AGPL-V3",
   "url": "https://github.com/BSI-CERT-Bund/censys-analyzer",
   "version": "1.0",
-  "baseConfig": "Censys",
-  "config": {},
   "description": "Check IPs, certificate hashes or domains against censys.io.",
   "dataTypeList": ["ip", "hash", "domain"],
-  "command": "Censys/censys_analyzer.py"
+  "command": "Censys/censys_analyzer.py",
+  "baseConfig": "Censys",
+  "config": {},
+  "configurationItems": [
+  {
+    "name": "check_tlp",
+    "description": "Define if the analyzer should check TLP of data before running",
+    "type": "boolean",
+    "multi": false,
+    "required": true,
+    "defaultValue": false
+  },
+  {
+    "name": "max_tlp",
+    "description": "Define the maximum TLP level autorized",
+    "type": "number",
+    "multi": false,
+    "required": true,
+    "defaultValue": 3
+  }
+]
+
 }

analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json

@@ -4,13 +4,29 @@
     "author": "Andrea Garavaglia, LDO-CERT",
     "url": "https://github.com/garanews/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Cuckoo Sandbox file analysis with Internet access.",
+    "dataTypeList": ["file"],
+    "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
     "baseConfig": "CuckooSandbox",
     "config": {
-        "check_tlp": true,
-        "max_tlp":1,
         "service": "file_analysis"
     },
-    "description": "Cuckoo Sandbox file analysis with Internet access.",
-    "dataTypeList": ["file"],
-    "command": "CuckooSandbox/cuckoosandbox_analyzer.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
 }

analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json

@@ -4,13 +4,30 @@
     "author": "Andrea Garavaglia, LDO-CERT",
     "url": "https://github.com/garanews/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Cuckoo Sandbox URL analysis.",
+    "dataTypeList": ["url"],
+    "command": "CuckooSandbox/cuckoosandbox_analyzer.py",
     "baseConfig": "CuckooSandbox",
     "config": {
-        "check_tlp": true,
-        "max_tlp":1,
         "service": "url_analysis"
     },
-    "description": "Cuckoo Sandbox URL analysis.",
-    "dataTypeList": ["url"],
-    "command": "CuckooSandbox/cuckoosandbox_analyzer.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
+
 }

analyzers/DNSDB/DNSDB_DomainName.json

@@ -4,14 +4,29 @@
     "author": "CERT-BDF",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Use DNSDB to fetch historical records for a domain.",
+    "dataTypeList": ["domain", "fqdn"],
+    "command": "DNSDB/dnsdb.py",
     "baseConfig": "DNSDB",
     "config": {
-        "check_tlp": true,
-        "max_tlp": 1,
         "service": "domain_name"
-
     },
-    "description": "Use DNSDB to fetch historical records for a domain.",
-    "dataTypeList": ["domain", "fqdn"],
-    "command": "DNSDB/dnsdb.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
 }

analyzers/DNSDB/DNSDB_IPHistory.json

@@ -4,13 +4,29 @@
     "author": "CERT-BDF",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Use DNSDB to fetch historical records for an IP address.",
+    "dataTypeList": ["ip"],
+    "command": "DNSDB/dnsdb.py",
     "baseConfig": "DNSDB",
     "config": {
-        "check_tlp": true,
-        "max_tlp": 1,
         "service": "ip_history"
     },
-    "description": "Use DNSDB to fetch historical records for an IP address.",
-    "dataTypeList": ["ip"],
-    "command": "DNSDB/dnsdb.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
 }

analyzers/DNSDB/DNSDB_NameHistory.json

@@ -4,13 +4,30 @@
     "author": "CERT-BDF",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Use DNSDB to fetch historical records for a fully-qualified domain name.",
+    "dataTypeList": ["domain","fqdn"],
+    "command": "DNSDB/dnsdb.py",
     "baseConfig": "DNSDB",
     "config": {
-        "check_tlp": true,
-        "max_tlp": 1,
         "service": "name_history"
     },
-    "description": "Use DNSDB to fetch historical records for a fully-qualified domain name.",
-    "dataTypeList": ["domain","fqdn"],
-    "command": "DNSDB/dnsdb.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
+
 }

analyzers/DomainTools/DomainTools_ReverseIP.json

@@ -4,13 +4,30 @@
     "author": "CERT-BDF",
     "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
     "license": "AGPL-V3",
+    "description": "Use DomainTools to get a list of domain names sharing the same IP address.",
+    "dataTypeList": ["ip", "domain", "fqdn"],
+    "command": "DomainTools/domaintools.py",
     "baseConfig": "DomainTools",
     "config": {
-        "check_tlp": true,
-        "max_tlp": 1,
         "service": "reverse-ip"
     },
-    "description": "Use DomainTools to get a list of domain names sharing the same IP address.",
-    "dataTypeList": ["ip", "domain", "fqdn"],
-    "command": "DomainTools/domaintools.py"
+    "configurationItems": [
+    {
+      "name": "check_tlp",
+      "description": "Define if the analyzer should check TLP of data before running",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "max_tlp",
+      "description": "Define the maximum TLP level autorized",
+      "type": "number",
+      "multi": false,
+      "required": true,
+      "defaultValue": 1
+    }
+  ]
+
 }