diff --git a/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json b/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json
index b73469e..60599fc 100644
--- a/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json
+++ b/analyzers/EmergingThreats/EmergingThreats_DomainInfo.json
@@ -16,5 +16,24 @@
"multi": false,
"required": true
}
+ ],
+ "config": {
+ "check_tlp": true,
+ "max_tlp": 2,
+ "auto_extract": false
+ },
+ "registration_required": true,
+ "subscription_required": true,
+ "free_subscription": false,
+ "service_homepage": "https://threatintel.proofpoint.com/",
+ "service_logo": {
+ "path": "assets/proofpoint.png",
+ "caption": "logo"
+ },
+ "screenshots": [
+ {
+ "path": "assets/long_report_domain.png",
+ "caption": "EmergingThreats: domain long report"
+ }
]
-}
+}
\ No newline at end of file
diff --git a/analyzers/EmergingThreats/EmergingThreats_IPInfo.json b/analyzers/EmergingThreats/EmergingThreats_IPInfo.json
index 17f83b0..0ba301c 100644
--- a/analyzers/EmergingThreats/EmergingThreats_IPInfo.json
+++ b/analyzers/EmergingThreats/EmergingThreats_IPInfo.json
@@ -16,5 +16,24 @@
"multi": false,
"required": true
}
+ ],
+ "config": {
+ "check_tlp": true,
+ "max_tlp": 2,
+ "auto_extract": false
+ },
+ "registration_required": true,
+ "subscription_required": true,
+ "free_subscription": false,
+ "service_homepage": "https://threatintel.proofpoint.com/",
+ "service_logo": {
+ "path": "assets/proofpoint.png",
+ "caption": "logo"
+ },
+ "screenshots": [
+ {
+ "path": "assets/long_report_ip.png",
+ "caption": "EmergingThreats: IP long report"
+ }
]
-}
+}
\ No newline at end of file
diff --git a/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json b/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json
index cb10965..2eb41d4 100644
--- a/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json
+++ b/analyzers/EmergingThreats/EmergingThreats_MalwareInfo.json
@@ -16,5 +16,24 @@
"multi": false,
"required": true
}
+ ],
+ "config": {
+ "check_tlp": true,
+ "max_tlp": 2,
+ "auto_extract": false
+ },
+ "registration_required": true,
+ "subscription_required": true,
+ "free_subscription": false,
+ "service_homepage": "https://threatintel.proofpoint.com/",
+ "service_logo": {
+ "path": "assets/proofpoint.png",
+ "caption": "logo"
+ },
+ "screenshots": [
+ {
+ "path": "assets/long_report_hash.png",
+ "caption": "EmergingThreats: hash long report"
+ }
]
-}
+}
\ No newline at end of file
diff --git a/analyzers/EmergingThreats/README.md b/analyzers/EmergingThreats/README.md
new file mode 100644
index 0000000..75ca342
--- /dev/null
+++ b/analyzers/EmergingThreats/README.md
@@ -0,0 +1,12 @@
+### EmergingThreats
+[EmergingThreats](https://www.proofpoint.com/us/products/advanced-threat-protection/et-intelligence) intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.
+
+The analyzer is available in 3 flavors:
+- EmergingThreats_DomainInfo: retrieve ET reputation, related malware, and IDS requests for a given domain.
+- EmergingThreats_IPInfo: retrieve ET reputation, related malware, and IDS requests for a given IP address.
+- EmergingThreats_MalwareInfo: retrieve ET details and info related to a malware hash.
+
+#### Requirements
+You need a valid EmergingThreats API subscription to use the analyzer:
+
+- Provide your API key as a value for the `key` parameter.
diff --git a/analyzers/EmergingThreats/assets/long_report_domain.png b/analyzers/EmergingThreats/assets/long_report_domain.png
new file mode 100644
index 0000000..ab73e68
Binary files /dev/null and b/analyzers/EmergingThreats/assets/long_report_domain.png differ
diff --git a/analyzers/EmergingThreats/assets/long_report_hash.png b/analyzers/EmergingThreats/assets/long_report_hash.png
new file mode 100644
index 0000000..a1d8f76
Binary files /dev/null and b/analyzers/EmergingThreats/assets/long_report_hash.png differ
diff --git a/analyzers/EmergingThreats/assets/long_report_ip.png b/analyzers/EmergingThreats/assets/long_report_ip.png
new file mode 100644
index 0000000..0587535
Binary files /dev/null and b/analyzers/EmergingThreats/assets/long_report_ip.png differ
diff --git a/analyzers/EmergingThreats/assets/proofpoint.png b/analyzers/EmergingThreats/assets/proofpoint.png
new file mode 100644
index 0000000..9b2e10c
Binary files /dev/null and b/analyzers/EmergingThreats/assets/proofpoint.png differ
diff --git a/thehive-templates/EmergingThreats_DomainInfo_1_0/long.html b/thehive-templates/EmergingThreats_DomainInfo_1_0/long.html
index e7b6754..bec3640 100644
--- a/thehive-templates/EmergingThreats_DomainInfo_1_0/long.html
+++ b/thehive-templates/EmergingThreats_DomainInfo_1_0/long.html
@@ -1,5 +1,5 @@
-
-
+
+
@@ -79,22 +79,22 @@
var lat = $(".geo_lat").map(function(){return parseInt($(this).text());}).get();
var lon = $(".geo_lon").map(function(){return parseInt($(this).text());}).get();
- var mymap = L.map('mapid').setView([0, 0], 3);
- L.tileLayer('https://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+ var mymap = L.map('mapid', {center:[0,0], zoom:3});
+ L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+ tileSize: 512,
maxZoom: 18,
- id: 'mapbox.streets'
+ zoomOffset: -1,
+ id: 'mapbox/streets-v11'
}).addTo(mymap);
-
+
+ var group = new L.featureGroup().addTo(mymap);
+
$.each( lon, function( index, value ){
- L.marker([lat[index] , lon[index]]).addTo(mymap);
- });
-
- var mark_list = $.map( lon, function( index, value ){
- return L.marker([lat[index] , lon[index]]);
+ marker = L.marker([lat[index] , lon[index]]);
+ marker.addTo(group);
});
- var group = new L.featureGroup(mark_list);
- mymap.fitBounds(group.getBounds(),{maxZoom: 3});
+ mymap.fitBounds(group.getBounds(),{maxZoom: 4});
}, 3000);
});
diff --git a/thehive-templates/EmergingThreats_IPInfo_1_0/long.html b/thehive-templates/EmergingThreats_IPInfo_1_0/long.html
index 41269c8..5cf330c 100644
--- a/thehive-templates/EmergingThreats_IPInfo_1_0/long.html
+++ b/thehive-templates/EmergingThreats_IPInfo_1_0/long.html
@@ -1,5 +1,5 @@
-
-
+
+
@@ -79,23 +79,22 @@
var lat = $(".geo_lat").map(function(){return parseInt($(this).text());}).get();
var lon = $(".geo_lon").map(function(){return parseInt($(this).text());}).get();
- var mymap = L.map('mapid').setView([0, 0], 3);
- L.tileLayer('https://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+ var mymap = L.map('mapid', {center:[0,0], zoom:3});
+ L.tileLayer('https://api.mapbox.com/styles/v1/{id}/tiles/{z}/{x}/{y}?access_token=pk.eyJ1IjoibWFwYm94IiwiYSI6ImNpejY4NXVycTA2emYycXBndHRqcmZ3N3gifQ.rJcFIG214AriISLbB6B5aw', {
+ tileSize: 512,
maxZoom: 18,
- id: 'mapbox.streets'
+ zoomOffset: -1,
+ id: 'mapbox/streets-v11'
}).addTo(mymap);
-
+
+ var group = new L.featureGroup().addTo(mymap);
+
$.each( lon, function( index, value ){
- L.marker([lat[index] , lon[index]]).addTo(mymap);
- });
-
- var mark_list = $.map( lon, function( index, value ){
- return L.marker([lat[index] , lon[index]]);
+ marker = L.marker([lat[index] , lon[index]]);
+ marker.addTo(group);
});
- var group = new L.featureGroup(mark_list);
- mymap.fitBounds(group.getBounds(),{maxZoom: 3});
-
+ mymap.fitBounds(group.getBounds(),{maxZoom: 4});
}, 3000);
});