Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIRCL.lu PassiveDNS Analyzer #11

Closed
saadkadhi opened this issue Feb 18, 2017 · 8 comments
Closed

CIRCL.lu PassiveDNS Analyzer #11

saadkadhi opened this issue Feb 18, 2017 · 8 comments
Labels
scope:analyzer Issue is analyzer related
Milestone
1.3.0

Comments

@saadkadhi
Copy link
Contributor

Request Type

Analyzer Request

Work Environment

NA

Analyzer Description

Create an analyzer to tap into CIRCL.lu PassiveDNS service.
@saadkadhi
Copy link
Contributor Author

@3c7 has proposed to create it.

@saadkadhi saadkadhi added the scope:analyzer Issue is analyzer related label Feb 18, 2017
@saadkadhi saadkadhi mentioned this issue Feb 18, 2017
Closed
@saadkadhi
Copy link
Contributor Author

@3c7 any update on this one and the other few analyzers you would be contributing? Do you need any help from us?

@3c7
Copy link
Contributor

3c7 commented Mar 22, 2017
edited
Loading

Hey @saadkadhi, currently working on google safebrowsing analyzer. Hope I'm able to publish the analyzers next week.
Analyzers
(Malwr.com uses ReCaptcha for the login and searching for hashes is not allowed through the API, so that analyzer is not ready to use at the moment)

Updated cortexutils to python 3, except for the artifacts part, because I don't know for what it is used.

Edit: Will publish them under https://github.com/BSI-CERT-Bund/cortex-analyzers

@nadouani
Copy link
Contributor

Hi @3c7,

just for information, the artifacts part will be used in the upcoming versions of TheHive to allow user to import observables coming from an analyzer report.

cortexutils comps with a default implementation which is using ioc-parser to extract observables from the report, but you can implement your own artifacts() method (it will override the default method provided by cortexutils.Analyzersuper class.

That said, we will upgrade cortexutils to make sure it uses a fork of ioc-parser that is python3 compatible

Thanks

@nadouani
Copy link
Contributor

@3c7 could you please share the updates you made to cortexutils? we can include the in the next release ;)
If so, just create a pull request.

Thanks

@3c7
Copy link
Contributor

3c7 commented Mar 22, 2017

@nadouani Ah, thank you. My cortexutils-implementation is basically a clone of yours without the ioc-parser dependent artifacts function plus have the raw report as standard summary. ;)
I will review my code and create a pull request after that.

@saadkadhi
Copy link
Contributor Author

Thanks a lot @3c7. We are looking forward to your contributions. If you also use TheHive and feel comfortable with AngularJS, we'd appreciate it if you submit short and long report templates for your analyzer set. Otherwise we'll take care of those.

@3c7
Copy link
Contributor

3c7 commented Mar 23, 2017

I've created templates for all of my analyzers, but maybe you can improve them. I'm not that familiar with Angular.

@jeromeleonard jeromeleonard added this to the 1.3.0 milestone May 7, 2017
@nadouani nadouani closed this as completed May 7, 2017
jeromeleonard added a commit that referenced this issue May 12, 2017
@jeromeleonard
#11 add cortexutils in requirements
ffb4108
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope:analyzer Issue is analyzer related
Projects
None yet
Milestone
1.3.0
Development

No branches or pull requests
4 participants
@nadouani @3c7 @saadkadhi @jeromeleonard