Skip to content

Commit

Permalink
#386 Update the config file
Browse files Browse the repository at this point in the history
  • Loading branch information
@nadouani
nadouani committed Dec 6, 2018
1 parent 1934175 commit 9fabf27
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 37 deletions.
2 changes: 0 additions & 2 deletions analyzers/Patrowl/.gitignore
View file

This file was deleted.

19 changes: 15 additions & 4 deletions analyzers/Patrowl/Patrowl_GetReport.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@
"dataTypeList": ["fqdn", "domain", "ip"],
"baseConfig": "Patrowl",
"config": {
"url": "http://my.patrowl.io:8000",
"service": "getreport",
"username": "cortex",
"password": "Bonjour1!"
"service": "getreport"
},
"configurationItems": [
{
Expand All @@ -20,6 +17,20 @@
"type": "string",
"multi": false,
"required": true
},
{
"name": "username",
"description": "Define the PatrOwl username",
"type": "string",
"multi": false,
"required": true
},
{
"name": "password",
"description": "Define the PatrOwl password",
"type": "string",
"multi": false,
"required": true
}
],
"command": "Patrowl/patrowl.py"
Expand Down
10 changes: 0 additions & 10 deletions analyzers/Patrowl/README.md
View file

This file was deleted.

40 changes: 19 additions & 21 deletions analyzers/Patrowl/patrowl.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
#!/usr/bin/env python
# encoding: utf-8
"""Patrowl Analyzer for Cortex."""

import requests
from cortexutils.analyzer import Analyzer

Expand All @@ -12,10 +10,10 @@ class PatrowlAnalyzer(Analyzer):
def __init__(self):
"""Initialize the Analyzer."""
Analyzer.__init__(self)
self.service = self.getParam('config.service', None, 'Patrowl service is missing')
self.url = self.getParam('config.url', None, 'Patrowl URL is missing').rstrip("/")
self.username = self.getParam('config.username', None, 'Patrowl Username is missing')
self.password = self.getParam('config.password', None, 'Patrowl Password is missing')
self.service = self.get_param('config.service', None, 'Patrowl service is missing')
self.url = self.get_param('config.url', None, 'Patrowl URL is missing').rstrip('/')
self.username = self.get_param('config.username', None, 'Patrowl Username is missing')
self.password = self.get_param('config.password', None, 'Patrowl Password is missing')

def summary(self, raw):
"""Parse, format and return scan summary."""
Expand All @@ -26,45 +24,45 @@ def summary(self, raw):
# getreport service
if self.service == 'getreport':
if 'risk_level' in raw and raw['risk_level']:
risk_level = raw['risk_level']

# Grade
if raw['risk_level']['grade'] in ["A", "B"]:
if risk_level['grade'] in ["A", "B"]:
level = "safe"
else:
level = "suspicious"
taxonomies.append(self.build_taxonomy(
level, namespace, "Grade", raw['risk_level']['grade']))

taxonomies.append(self.build_taxonomy(level, namespace, "Grade", risk_level['grade']))

# Findings
if raw['risk_level']['high'] > 0:
if risk_level['high'] > 0:
level = "malicious"
elif raw['risk_level']['medium'] > 0 or raw['risk_level']['low'] > 0:
elif risk_level['medium'] > 0 or risk_level['low'] > 0:
level = "suspicious"
else:
level = "info"

taxonomies.append(self.build_taxonomy(
level, namespace, "Findings", "{}/{}/{}/{}".format(
raw['risk_level']['high'],
raw['risk_level']['medium'],
raw['risk_level']['low'],
raw['risk_level']['info']
risk_level['high'],
risk_level['medium'],
risk_level['low'],
risk_level['info']
)))
#todo: add_asset service

return {"taxonomies": taxonomies}

def run(self):
"""Run the analyzer."""
Analyzer.run(self)
data = self.getData()

try:
if self.service == 'getreport':
service_url = self.url+"/assets/api/v1/details/"+data
if self.service == 'getreport':
service_url = '{}/assets/api/v1/details/{}'.format(
self.url, self.get_data())

response = requests.get(service_url, auth=requests.auth.HTTPBasicAuth(self.username, self.password))

self.report(response.json())

else:
self.error('Unknown Patrowl service')

Expand Down
0 ...owl/templates/Patrowl_GetReport_long.html → ...templates/Patrowl_GetReport_1_0/long.html
View file
File renamed without changes.
0 ...wl/templates/Patrowl_GetReport_short.html → ...emplates/Patrowl_GetReport_1_0/short.html
View file
File renamed without changes.

0 comments on commit 9fabf27

Please sign in to comment.