Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513

Closed
MichaelDwucet opened this issue Jul 10, 2019 · 0 comments
Closed

[Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513

MichaelDwucet opened this issue Jul 10, 2019 · 0 comments
Assignees
@3c7
Labels
category:bug Issue is related to a bug

Comments

@MichaelDwucet
Copy link

MichaelDwucet commented Jul 10, 2019
edited
Loading

Request Type

Bug

Work Environment

Cortex Version: 3.0.0-RC3
Analyzer PassiveTotal_Ssl_Certificate_History_2_0

Problem Description

Even when the PT SSL History Analyzer has no data for a hashsum , it will return: "PT:SSLCertHistory="1 record(s)" in the info box.
This is because the analyzer returns an array with one entry, even if there is no data.
This is irritating, because you will see for every hash sum that there is a PT:SSL record, even if there isn't one.

Raw data looks like:
{
"results": [
{
"firstSeen": "N/A",
"sha1": "SHA1SUM",
"lastSeen": "N/A",
"ipAddresses": "N/A"
}
],
"success": true
}

Possible Solutions

Analyzer should test if the return value from PT is just N/A and then return an empty array.
@MichaelDwucet MichaelDwucet added the category:bug Issue is related to a bug label Jul 10, 2019
@3c7 3c7 self-assigned this Jul 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@3c7 3c7

Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@3c7 @MichaelDwucet