TheHive-Project · nusantara-self · Feb 11, 2025 · Feb 7, 2025 · Feb 7, 2025 · Feb 10, 2025
diff --git a/analyzers/Abuse_Finder/Dockerfile b/analyzers/Abuse_Finder/Dockerfile
diff --git a/analyzers/Abuse_Finder/abusefinder.py b/analyzers/Abuse_Finder/abusefinder.py
@@ -6,8 +6,8 @@
 """
 
 from cortexutils.analyzer import Analyzer
-from abuse_finder import domain_abuse, ip_abuse, \
-    email_abuse, url_abuse
+from abuse_finder import domain_abuse, ip_abuse, email_abuse, url_abuse
+
 import logging
 logging.getLogger("tldextract").setLevel(logging.CRITICAL)
 

diff --git a/analyzers/Autofocus/Dockerfile b/analyzers/Autofocus/Dockerfile
diff --git a/analyzers/Autofocus/requirements.txt b/analyzers/Autofocus/requirements.txt
@@ -1,2 +1,2 @@
 cortexutils
-git+https://github.com/PaloAltoNetworks/autofocus-client-library
+autofocus-client-library
diff --git a/analyzers/CISMCAP/Dockerfile b/analyzers/CISMCAP/Dockerfile
diff --git a/analyzers/Capa/Dockerfile b/analyzers/Capa/Dockerfile
@@ -1,17 +1,20 @@
-FROM python:3
+FROM python:3-alpine
 WORKDIR /worker
-COPY . Capa
-
 # Install required tools
-RUN apt-get update && apt-get install -y \
+RUN apk add --no-cache \
     curl \
     jq \
-    unzip && \
-    rm -rf /var/lib/apt/lists/*
+    unzip \
+    bash && \
+    rm -rf /var/cache/apk/*
+
+COPY requirements.txt Capa/
+RUN test ! -e Capa/requirements.txt || pip install --no-cache-dir -r Capa/requirements.txt
 
 # Add a script to fetch the latest capa release and extract it
 COPY fetch_capa.sh /worker/fetch_capa.sh
 RUN chmod +x /worker/fetch_capa.sh && /worker/fetch_capa.sh
 
-RUN test ! -e Capa/requirements.txt || pip install --no-cache-dir -r Capa/requirements.txt
-ENTRYPOINT "Capa/CapaAnalyze.py"
+COPY . Capa/
+
+ENTRYPOINT ["python", "Capa/CapaAnalyze.py"]
diff --git a/analyzers/Censys/Dockerfile b/analyzers/Censys/Dockerfile
diff --git a/analyzers/Censys/censys_analyzer.py b/analyzers/Censys/censys_analyzer.py
@@ -2,11 +2,7 @@
 from cortexutils.analyzer import Analyzer
 from censys.search import CensysHosts, CensysCerts
 
-from censys.common.exceptions import (
-    CensysNotFoundException,
-    CensysRateLimitExceededException,
-    CensysUnauthorizedException,
-)
+from censys.common.exceptions import CensysNotFoundException, CensysRateLimitExceededException, CensysUnauthorizedException
 
 import iocextract
 

diff --git a/analyzers/CheckPhish/Dockerfile b/analyzers/CheckPhish/Dockerfile
diff --git a/analyzers/Cluster25/Dockerfile b/analyzers/Cluster25/Dockerfile
diff --git a/analyzers/Crtsh/Dockerfile b/analyzers/Crtsh/Dockerfile
diff --git a/analyzers/Cylance/requirements.txt b/analyzers/Cylance/requirements.txt
@@ -1,2 +1,3 @@
 cortexutils
 cyapi
+setuptools
diff --git a/analyzers/DNSDB/Dockerfile b/analyzers/DNSDB/Dockerfile
diff --git a/analyzers/DShield/Dockerfile b/analyzers/DShield/Dockerfile
diff --git a/analyzers/EchoTrail/Dockerfile b/analyzers/EchoTrail/Dockerfile
diff --git a/analyzers/Elasticsearch/requirements.txt b/analyzers/Elasticsearch/requirements.txt
@@ -2,3 +2,4 @@ elasticsearch
 cortexutils
 pytz
 requests
+python-dateutil
diff --git a/analyzers/FalconSandbox/Dockerfile b/analyzers/FalconSandbox/Dockerfile
diff --git a/analyzers/GRR/requirements.txt b/analyzers/GRR/requirements.txt
@@ -1,2 +1,3 @@
 cortexutils
 grr-api-client
+setuptools
diff --git a/analyzers/GoogleDNS/Dockerfile b/analyzers/GoogleDNS/Dockerfile
diff --git a/analyzers/Malwares/malwares.py b/analyzers/Malwares/malwares.py
@@ -6,10 +6,7 @@
 from malwares_api import Api
 from cortexutils.analyzer import Analyzer
 
-try:
-    from StringIO import StringIO
-except ImportError:
-    from io import StringIO
+from io import StringIO
 
 
 class MalwaresAnalyzer(Analyzer):

diff --git a/analyzers/OpenCTI/Dockerfile b/analyzers/OpenCTI/Dockerfile
@@ -0,0 +1,11 @@
+FROM python:3-alpine
+WORKDIR /worker
+
+# Install libmagic (development package provides libmagic.so symlink)
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt OpenCTI/
+RUN test ! -e OpenCTI/requirements.txt || pip install --no-cache-dir -r OpenCTI/requirements.txt
+COPY . OpenCTI/
+
+ENTRYPOINT ["python", "OpenCTI/opencti.py"]
diff --git a/analyzers/PaloAltoWildFire/Dockerfile b/analyzers/PaloAltoWildFire/Dockerfile
diff --git a/analyzers/QrDecode/Dockerfile b/analyzers/QrDecode/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3
+FROM python:3-slim
 WORKDIR /worker
 COPY . QrDecode
 RUN test ! -e QrDecode/requirements.txt || pip install --no-cache-dir -r QrDecode/requirements.txt

diff --git a/analyzers/Splunk/Dockerfile b/analyzers/Splunk/Dockerfile
diff --git a/analyzers/Threatcrowd/Dockerfile b/analyzers/Threatcrowd/Dockerfile
diff --git a/analyzers/Verifalia/Dockerfile b/analyzers/Verifalia/Dockerfile
diff --git a/analyzers/VirusTotal/Dockerfile b/analyzers/VirusTotal/Dockerfile
@@ -1,11 +1,15 @@
-FROM python:3.9
+FROM python:3-alpine
 
 WORKDIR /worker
-COPY . VirusTotal
-RUN apt update
-RUN apt install -y -q libimage-exiftool-perl       && \
-    rm -rf /var/lib/apt/lists/*
 
-RUN pip install --no-cache-dir -r VirusTotal/requirements.txt
+# install runtime dependencies.
+RUN apk add --no-cache perl-image-exiftool file-dev
+
+COPY requirements.txt VirusTotal/
+
+# Install Python dependencies from requirements.txt
+RUN test ! -e VirusTotal/requirements.txt || pip install --no-cache-dir -r VirusTotal/requirements.txt
+
+COPY . VirusTotal
 
-ENTRYPOINT VirusTotal/virustotal.py
+ENTRYPOINT ["python", "VirusTotal/virustotal.py"]
diff --git a/analyzers/Yeti/Dockerfile b/analyzers/Yeti/Dockerfile
@@ -0,0 +1,10 @@
+FROM python:3-alpine
+WORKDIR /worker
+
+RUN apk add --no-cache git
+
+COPY requirements.txt Yeti/
+RUN test ! -e Yeti/requirements.txt || pip install --no-cache-dir -r Yeti/requirements.txt
+COPY . Yeti/
+
+ENTRYPOINT ["python", "Yeti/yeti.py"]
diff --git a/analyzers/Yeti/requirements.txt b/analyzers/Yeti/requirements.txt
@@ -1,2 +1,2 @@
 cortexutils
-git+https://github.com/yeti-platform/pyeti
+git+https://github.com/yeti-platform/pyeti
diff --git a/responders/AWSLambda/Dockerfile b/responders/AWSLambda/Dockerfile
diff --git a/analyzers/BinalyzeAIR/README.md → responders/BinalyzeAIR/README.md b/analyzers/BinalyzeAIR/README.md → responders/BinalyzeAIR/README.md
diff --git a/...zers/BinalyzeAIR/assets/binalyze-logo.png → ...ders/BinalyzeAIR/assets/binalyze-logo.png b/...zers/BinalyzeAIR/assets/binalyze-logo.png → ...ders/BinalyzeAIR/assets/binalyze-logo.png
diff --git a/analyzers/BinalyzeAIR/binalyze.py → responders/BinalyzeAIR/binalyze.py b/analyzers/BinalyzeAIR/binalyze.py → responders/BinalyzeAIR/binalyze.py
diff --git a/...BinalyzeAIR/binalyze_air_acquisition.json → ...BinalyzeAIR/binalyze_air_acquisition.json b/...BinalyzeAIR/binalyze_air_acquisition.json → ...BinalyzeAIR/binalyze_air_acquisition.json
diff --git a/...s/BinalyzeAIR/binalyze_air_isolation.json → ...s/BinalyzeAIR/binalyze_air_isolation.json b/...s/BinalyzeAIR/binalyze_air_isolation.json → ...s/BinalyzeAIR/binalyze_air_isolation.json
@@ -8,7 +8,7 @@
     "dataTypeList": [
         "thehive:case_artifact"
     ],
-    "command": "BinalyzeAIR/air.py",
+    "command": "BinalyzeAIR/binalyze.py",
     "config": {
         "service": "air_isolate"
     },

diff --git a/analyzers/BinalyzeAIR/requirements.txt → responders/BinalyzeAIR/requirements.txt b/analyzers/BinalyzeAIR/requirements.txt → responders/BinalyzeAIR/requirements.txt
diff --git a/responders/CheckPoint/requirements.txt b/responders/CheckPoint/requirements.txt
@@ -1,3 +1,4 @@
 cortexutils
+cp-mgmt-api-sdk
 # -e git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk#egg=cpapi cpapi
-git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
+#git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
diff --git a/responders/FalconCustomIOC/Dockerfile b/responders/FalconCustomIOC/Dockerfile
diff --git a/responders/Gmail/Dockerfile b/responders/Gmail/Dockerfile
@@ -1,6 +1,11 @@
-FROM python:3
-
+FROM python:3-alpine
 WORKDIR /worker
-COPY . Gmail
-RUN pip install --no-cache-dir -r Gmail/requirements.txt
-ENTRYPOINT Gmail/Gmail.py
+
+# Install libmagic (development package provides libmagic.so symlink)
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt Gmail/
+RUN test ! -e Gmail/requirements.txt || pip install --no-cache-dir -r Gmail/requirements.txt
+COPY . Gmail/
+
+ENTRYPOINT ["python", "Gmail/Gmail.py"]
diff --git a/responders/KnowBe4/Dockerfile b/responders/KnowBe4/Dockerfile
diff --git a/responders/MSDefenderEndpoints/Dockerfile b/responders/MSDefenderEndpoints/Dockerfile
diff --git a/responders/MailIncidentStatus/Dockerfile b/responders/MailIncidentStatus/Dockerfile
@@ -0,0 +1,15 @@
+FROM python:3-alpine
+
+WORKDIR /worker
+
+# install runtime dependencies
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt MailIncidentStatus/
+
+# Install Python dependencies from requirements.txt
+RUN test ! -e MailIncidentStatus/requirements.txt || pip install --no-cache-dir -r MailIncidentStatus/requirements.txt
+
+COPY . MailIncidentStatus
+
+ENTRYPOINT ["python", "MailIncidentStatus/mailincidentstatus.py"]
diff --git a/responders/Netcraft/Dockerfile b/responders/Netcraft/Dockerfile
diff --git a/responders/PaloAltoCortexXDR/Dockerfile b/responders/PaloAltoCortexXDR/Dockerfile
diff --git a/responders/PaloAltoNGFW/requirements.txt b/responders/PaloAltoNGFW/requirements.txt
@@ -1,4 +1,5 @@
 cortexutils
 requests
 pan-os-python
-thehive4py~=1.8.1
+thehive4py~=1.8.1
+setuptools
diff --git a/responders/SendGrid/requirements.txt b/responders/SendGrid/requirements.txt
@@ -1 +1,2 @@
 sendgrid
+cortexutils
diff --git a/responders/SentinelOne/Dockerfile b/responders/SentinelOne/Dockerfile
diff --git a/responders/Telegram/requirements.txt b/responders/Telegram/requirements.txt
@@ -1 +1,2 @@
-cortexutils
+cortexutils
+requests