#56 VMRay summary() and short reports + bump version

analyzers/VMRay/VMRay.json

@@ -3,7 +3,7 @@
     "license": "AGPL-V3", 
     "author": "Nils Kuhnert, CERT-Bund",
     "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
-    "version": "1.0",
+    "version": "2.0",
     "baseConfig": "VMRay",
     "config": {
         "cert": false,

analyzers/VMRay/vmray.py

@@ -42,18 +42,45 @@ class VMRayAnalyzer(Analyzer):
             self.error('Data type currently not supported')
 
     def summary(self, raw):
-        result = {
+
+        taxonomy = {"level": "info", "namespace": "VMRay", "predicate": "Scan", "value": 0}
+        taxonomies = []
+
+        r = {
             'reports': []
         }
 
         if raw.get('scanreport', None) and len(raw.get('scanreport').get('data')) > 0:
             for scan in raw.get('scanreport').get('data'):
-                result['reports'].append({
+                r['reports'].append({
                     'score': scan.get('sample_score'),
                     'sample_severity': scan.get('sample_severity'),
                     'sample_last_reputation_severity': scan.get('sample_last_reputation_severity'),
                     'url': scan.get('sample_webif_url')
                 })
+
+        if len(r["reports"]) == 0:
+            taxonomy["value"] = "No Scan"
+            taxonomy["level"] = "info"
+            taxonomies.append(taxonomy)
+        else:
+            for s in r["reports"]:
+                i = 1
+                if s["sample_severity"] == "not_suspicious":
+                    taxonomy["level"] = "safe"
+                elif s["sample_severity"] == "malicious" :
+                    taxonomy["level"] = "suspicious"
+                else:
+                    taxonomy["level"] = "safe"
+
+                if r["reports"] > 1:
+                    taxonomy["value"] = "\"{}( from scan {})\"".format(s["score"], i)
+                else:
+                    taxonomy["value"] = "{}".format(s["score"])
+                taxonomies.append(taxonomy)
+                i += 1
+
+        result = {"taxonomies": taxonomies}
         return result
 
 if __name__ == '__main__':

thehive-templates/VMRay_1_0/short.html

@@ -1,16 +0,0 @@
-<span ng-if="content.reports.length == 0" class="label label-info">VMRay:Scans= No scan</span>&nbsp;
-<span ng-if="content.reports.length > 0" class="label label-info">VMRay:Scans= {{content.reports.length}} scan(s)</span>&nbsp;
-<!-- For each report -->
-<div style="display: inline-block;" ng-repeat="s in content.reports">
-	<span class="label"
-		ng-class="{'label-info': s.score===0,
-			'label-warning': s.score>0 && s.score<50,
-			'label-danger': s.score >= 50}">
-		VMRay:Score= {{s.score}}
-	</span></a>&nbsp;
-	<span class="label" ng-class="{'label-success':s.sample_severity === 'not_suspicious',
-					'label-danger': s.sample_severity==='malicious',
-					'label-info':s.sample_severity!='malicious' && s.sample_severity === 'not_suspicious'}">
-		VMRay:Severity= {{s.sample_severity}}
-	</span>
-</div>

thehive-templates/VMRay_2_0/short.html

@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;