#172 add base configs

TheHive-Project · Mar 2, 2018 · fffe93f · fffe93f
1 parent f7918a7
commit fffe93f
Show file tree

Hide file tree

Showing 29 changed files with 29 additions and 0 deletions.
diff --git a/analyzers/Abuse_Finder/Abuse_Finder.json b/analyzers/Abuse_Finder/Abuse_Finder.json
@@ -6,5 +6,6 @@
   "license": "AGPL-V3",
   "description": "Find abuse contacts associated with domain names, URLs, IPs and email addresses.",
   "dataTypeList": ["ip", "domain", "url", "mail"],
+  "baseConfig": "Abuse_Finder",
   "command": "Abuse_Finder/abusefinder.py"
 }
diff --git a/analyzers/Bluecoat/Bluecoat_Categorization.json b/analyzers/Bluecoat/Bluecoat_Categorization.json
@@ -10,5 +10,6 @@
     "fqdn"
   ],
   "license": "AGPL-V3",
+  "baseConfig": "Bluecoat",
   "command": "Bluecoat/categorization.py"
 }
diff --git a/analyzers/C1fApp/C1fApp_osint.json b/analyzers/C1fApp/C1fApp_osint.json
@@ -6,6 +6,7 @@
     "license": "AGPL-V3",
     "description": "Query C1fApp OSINT Aggregator for IPs, domains and URLs",
     "dataTypeList": ["url", "domain", "ip"],
+    "baseConfig": "C1fApp",
     "command": "C1fApp/cifquery.py",
     "configurationItems": [
     {

diff --git a/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json b/analyzers/CERTatPassiveDNS/CERTatPassiveDNS.json
@@ -6,6 +6,7 @@
   "version": "2.0",
   "description": "Checks CERT.at Passive DNS for a given domain.",
   "dataTypeList": ["domain", "fqdn"],
+  "baseConfig": "CERTatPassiveDNS",
   "command": "CERTatPassiveDNS/certat_passivedns.py",
   "configurationItems": [
     {

diff --git a/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json b/analyzers/CIRCLPassiveSSL/CIRCLPassiveSSL.json
@@ -6,6 +6,7 @@
   "version": "2.0",
   "description": "Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.",
   "dataTypeList": ["ip", "certificate_hash", "hash"],
+  "baseConfig": "CIRCLPassiveSSL",
   "command": "CIRCLPassiveSSL/circl_passivessl.py",
   "configurationItems": [
     {

diff --git a/analyzers/Censys/Censys.json b/analyzers/Censys/Censys.json
@@ -6,6 +6,7 @@
   "version": "1.0",
   "description": "Check IPs, certificate hashes or domains against censys.io.",
   "dataTypeList": ["ip", "hash", "domain"],
+  "baseConfig": "Censys",
   "command": "Censys/censys_analyzer.py",
   "configurationItems": [
     {

diff --git a/analyzers/File_Info/File_Info.json b/analyzers/File_Info/File_Info.json
@@ -6,5 +6,6 @@
   "license": "AGPL-V3",
   "description": "Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...",
   "dataTypeList": ["file"],
+  "baseConfig": "File_Info",
   "command": "File_Info/fileinfo_analyzer.py"
 }
diff --git a/analyzers/FireHOLBlocklists/FireHOLBlocklists.json b/analyzers/FireHOLBlocklists/FireHOLBlocklists.json
@@ -6,6 +6,7 @@
   "version": "2.0",
   "description": "Check IP addresses against the FireHOL blocklists",
   "dataTypeList": ["ip"],
+  "baseConfig": "FireHOLBlocklists",
   "command": "FireHOLBlocklists/firehol_blocklists.py",
   "configurationItems": [
     {

diff --git a/analyzers/Fortiguard/Fortiguard_URLCategory.json b/analyzers/Fortiguard/Fortiguard_URLCategory.json
@@ -6,5 +6,6 @@
   "license": "AGPL-V3",
   "dataTypeList": ["domain", "url"],
   "description": "Check the Fortiguard category of a URL or a domain.",
+  "baseConfig": "Fortiguard",
   "command": "Fortiguard/urlcategory.py"
 }
diff --git a/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json b/analyzers/GoogleSafebrowsing/GoogleSafebrowsing.json
@@ -6,6 +6,7 @@
   "version": "2.0",
   "description": "Use Google Safebrowing to check URLs and domain names.",
   "dataTypeList": ["url", "domain"],
+  "baseConfig": "GoogleSafebrowsing",
   "command": "GoogleSafebrowsing/safebrowsing_analyzer.py",
   "configurationItems": [
     {

diff --git a/analyzers/MISP/MISP.json b/analyzers/MISP/MISP.json
@@ -6,6 +6,7 @@
   "version": "2.0",
   "description": "Query multiple MISP instances for events containing an observable.",
   "dataTypeList": ["domain", "ip", "url", "fqdn", "uri_path","user-agent", "hash", "email", "mail", "mail_subject" , "registry", "regexp", "other", "filename"],
+  "baseConfig": "MISP",
   "command": "MISP/misp.py",
   "configurationItems": [
       {

diff --git a/analyzers/MISPWarningLists/MISPWarningLists.json b/analyzers/MISPWarningLists/MISPWarningLists.json
@@ -6,6 +6,7 @@
   "version": "1.0",
   "description": "Check IoCs/Observables against MISP Warninglists to filter false positives.",
   "dataTypeList": ["ip", "hash", "domain", "fqdn", "url"],
+  "baseConfig": "MISPWarningLists",
   "command": "MISPWarningLists/mispwarninglists.py",
   "configurationItems": [
     {

diff --git a/analyzers/Malpedia/Malpedia.json b/analyzers/Malpedia/Malpedia.json
@@ -6,6 +6,7 @@
   "version": "1.0",
   "description": "Check files against Malpedia YARA rules.",
   "dataTypeList": ["file"],
+  "baseConfig": "Malpedia",
   "command": "Malpedia/malpedia_analyzer.py",
   "configurationItems": [
     {

diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json
@@ -6,5 +6,6 @@
   "license": "AGPL-V3",
   "description": "Use MaxMind to geolocate an IP address.",
   "dataTypeList": ["ip"],
+  "baseConfig": "MaxMind",
   "command": "MaxMind/geo.py"
 }
diff --git a/analyzers/MsgParser/Msg_Parser.json b/analyzers/MsgParser/Msg_Parser.json
@@ -6,5 +6,6 @@
   "license": "AGPL-V3",
   "description": "Parse Outlook MSG files and extract the main artifacts.",
   "dataTypeList": ["file"],
+  "baseConfig": "MsgParser",
   "command": "MsgParser/parse.py"
 }
diff --git a/analyzers/Nessus/Nessus.json b/analyzers/Nessus/Nessus.json
@@ -6,6 +6,7 @@
   "license": "AGPL-V3",
   "description": "Use Nessus Professional to scan hosts.",
   "dataTypeList": ["ip", "fqdn"],
+  "baseConfig": "Nessus",
   "command": "Nessus/nessus.py",
   "configurationItems": [
     {

diff --git a/analyzers/OTXQuery/OTXQuery.json b/analyzers/OTXQuery/OTXQuery.json
@@ -6,6 +6,7 @@
   "license": "AGPL-V3",
   "description": "Query AlienVault OTX for IPs, domains, URLs, or file hashes.",
   "dataTypeList": ["url", "domain", "file", "hash", "ip"],
+  "baseConfig": "OTXQuery",
   "command": "OTXQuery/otxquery.py",
   "configurationItems": [
     {

diff --git a/analyzers/PhishTank/PhishTank_CheckURL.json b/analyzers/PhishTank/PhishTank_CheckURL.json
@@ -6,6 +6,7 @@
     "license": "AGPL-V3",
     "description": "Use PhishTank to check if a URL is a verified phishing site.",
     "dataTypeList": ["url"],
+    "baseConfig": "PhishTank",
     "command": "PhishTank/phishtank_checkurl.py",
     "configurationItems": [
     {

diff --git a/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json b/analyzers/PhishingInitiative/PhishingInitiative_Lookup.json
@@ -6,6 +6,7 @@
     "license": "AGPL-V3",
     "description": "Use Phishing Initiative to check if a URL is a verified phishing site.",
     "dataTypeList": ["url"],
+    "baseConfig": "PhishingInitiative",
     "command": "PhishingInitiative/phishinginitiative_lookup.py",
     "configurationItems": [
     {

diff --git a/analyzers/Robtex/Robtex_Forward_PDNS_Query.json b/analyzers/Robtex/Robtex_Forward_PDNS_Query.json
@@ -6,6 +6,7 @@
   "license": "AGPL-V3",
   "description": "Check domains/fqdns using the Robtex passive dns API",
   "dataTypeList": ["domain", "fqdn"],
+  "baseConfig": "Robtex",
   "command": "Robtex/robtex.py",
   "config": {
     "service": "fpdnsquery"

diff --git a/analyzers/Robtex/Robtex_IP_Query.json b/analyzers/Robtex/Robtex_IP_Query.json
@@ -6,6 +6,7 @@
   "license": "AGPL-V3",
   "description": "Check IPs using the Robtex IP API",
   "dataTypeList": ["ip"],
+  "baseConfig": "Robtex",
   "command": "Robtex/robtex.py",
   "config": {
     "service": "ipquery"

diff --git a/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json b/analyzers/Robtex/Robtex_Reverse_PDNS_Query.json
@@ -6,6 +6,7 @@
   "license": "AGPL-V3",
   "description": "Check IPs using the Robtex reverse passive dns API",
   "dataTypeList": ["ip"],
+  "baseConfig": "Robtex",
   "command": "Robtex/robtex.py",
   "config": {
     "service": "rpdnsquery"

diff --git a/analyzers/SinkDB/SinkDB.json b/analyzers/SinkDB/SinkDB.json
@@ -7,6 +7,7 @@
   "description": "Check if ip is sinkholed via sinkdb.abuse.ch",
   "dataTypeList": ["ip"],
   "command": "SinkDB/sinkdb.py",
+  "baseConfig": "SinkDB",
   "configurationItems": [
     {
       "name": "key",

diff --git a/analyzers/TorBlutmagie/TorBlutmagie.json b/analyzers/TorBlutmagie/TorBlutmagie.json
@@ -7,6 +7,7 @@
   "description": "Query http://torstatus.blutmagie.de/query_export.php/Tor_query_EXPORT.csv for TOR exit nodes IP addresses or names.",
   "dataTypeList": ["ip", "domain", "fqdn"],
   "command": "TorBlutmagie/tor_blutmagie_analyzer.py",
+  "baseConfig": "TorBlutmagie",
   "configurationItems": [
     {
       "name": "cache.duration",

diff --git a/analyzers/TorProject/TorProject.json b/analyzers/TorProject/TorProject.json
@@ -7,6 +7,7 @@
   "description": "Query https://check.torproject.org/exit-addresses for TOR exit nodes IP addresses.",
   "dataTypeList": ["ip"],
   "command": "TorProject/tor_project_analyzer.py",
+  "baseConfig": "TorProject",
   "configurationItems": [
     {
       "name": "ttl",

diff --git a/analyzers/VMRay/VMRay.json b/analyzers/VMRay/VMRay.json
@@ -7,6 +7,7 @@
   "description": "VMRay Sandbox file analysis.",
   "dataTypeList": ["hash", "file"],
   "command": "VMRay/vmray.py",
+  "baseConfig": "VMRay",
   "configurationItems": [
     {
       "name": "url",

diff --git a/analyzers/Virusshare/Virusshare.json b/analyzers/Virusshare/Virusshare.json
@@ -7,6 +7,7 @@
   "description": "Search for MD5 hashes in Virusshare.com hash list",
   "dataTypeList": ["hash", "file"],
   "command": "Virusshare/virusshare.py",
+  "baseConfig": "Virusshare",
   "configurationItems": [
     {
       "name": "path",

diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json
@@ -7,6 +7,7 @@
   "description": "Check files against YARA rules.",
   "dataTypeList": ["file"],
   "command": "Yara/yara_analyzer.py",
+  "baseConfig": "Yara",
   "configurationItems": [
     {
       "name": "rules",

diff --git a/analyzers/Yeti/Yeti.json b/analyzers/Yeti/Yeti.json
@@ -7,6 +7,7 @@
   "description": "Fetch observable details from a YETI instance.",
   "dataTypeList": ["domain", "fqdn", "ip", "url", "hash"],
   "command": "Yeti/yeti.py",
+  "baseConfig": "Yeti",
   "configurationItems": [
     {
       "name": "url",