#56 Phishtank() and short reports + bump version

2024-11-06 17:15:21 +00:00 · 2017-06-20 08:57:07 +02:00 · 2017-06-20 08:57:07 +02:00 · c10ac23a36
commit c10ac23a36
parent 6e00de7d9f
5 changed files with 16 additions and 18 deletions
--- a/analyzers/PhishTank/PhishTank_CheckURL.json
+++ b/analyzers/PhishTank/PhishTank_CheckURL.json
@ -1,6 +1,6 @@
 {
    "name": "PhishTank_CheckURL",
-    "version": "1.0",
+    "version": "2.0",
    "author": "Eric Capuano",
    "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
    "license": "AGPL-V3",
--- a/analyzers/PhishTank/phishtank_checkurl.py
+++ b/analyzers/PhishTank/phishtank_checkurl.py
@ -26,10 +26,19 @@ class phishtankAnalyzer(Analyzer):
    	return json.loads(r.content)

    def summary(self,raw):
+
+		taxonomy = {"level": "safe", "namespace": "PhishTank", "predicate": "In_Database", "value": "False"}
+		taxonomies = []
+
        if ('in_database' in raw) :
-            return {'in_database':raw['in_database'],
-            'verified':raw['verified'],
-            'verified_at':raw['verified_at']}
+			taxonomy['value'] = "\"{}\"".format(raw['in_database'])
+			if raw['verified']:
+				taxonomy['level'] = "malicious"
+			else:
+				taxonomy['level'] = "suspicious"
+			taxonomies.append(taxonomy)
+			return {"taxonomies":taxonomies}
+

    def run(self):
        if self.service == 'query':
--- a/thehive-templates/PhishTank_CheckURL_1_0/short.html
+++ b/thehive-templates/PhishTank_CheckURL_1_0/short.html
@ -1,14 +0,0 @@
-<span ng-if="content.in_database">
-	<span ng-if="content.verified_at">
-		<span class="label" ng-class="{'false':'label-warning', 'true':'label-danger'}[content.in_database]">
-			PhishTank:
-				<timer interval="30000" start-time="gtime(content.verified_at)">
-					{{millis  | amDurationFormat : 'milliseconds'}}
-				</timer>
-		</span>
-		<span ng-if="content.verified == false" class="label label-warning">
-			PhishTank: {{content.in_database}}&nbsp;
-		</span>
-	</span>
-</span>
-<!--  Change short report to give the age of url in database if it has been verified as a phishing site -->
--- a/thehive-templates/PhishTank_CheckURL_2_0/long.html
+++ b/thehive-templates/PhishTank_CheckURL_2_0/long.html
--- a/thehive-templates/PhishTank_CheckURL_2_0/short.html
+++ b/thehive-templates/PhishTank_CheckURL_2_0/short.html
@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;