valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-07 01:25:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

#56 Phishtank() and short reports + bump version

Browse Source
This commit is contained in:
Jerome Leonard 2017-06-20 08:57:07 +02:00
parent 6e00de7d9f
commit c10ac23a36
5 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
analyzers/PhishTank/PhishTank_CheckURL.json
View File

@ -1,6 +1,6 @@
{ {
"name": "PhishTank_CheckURL", "name": "PhishTank_CheckURL",
"version": "1.0", "version": "2.0",
"author": "Eric Capuano", "author": "Eric Capuano",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers", "url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3", "license": "AGPL-V3",

15
analyzers/PhishTank/phishtank_checkurl.py
View File

@ -26,10 +26,19 @@ class phishtankAnalyzer(Analyzer):
return json.loads(r.content) return json.loads(r.content)
def summary(self,raw): def summary(self,raw):
taxonomy = {"level": "safe", "namespace": "PhishTank", "predicate": "In_Database", "value": "False"}
taxonomies = []
if ('in_database' in raw) : if ('in_database' in raw) :
return {'in_database':raw['in_database'], taxonomy['value'] = "\"{}\"".format(raw['in_database'])
'verified':raw['verified'], if raw['verified']:
'verified_at':raw['verified_at']} taxonomy['level'] = "malicious"
else:
taxonomy['level'] = "suspicious"
taxonomies.append(taxonomy)
return {"taxonomies":taxonomies}
def run(self): def run(self):
if self.service == 'query': if self.service == 'query':

14
thehive-templates/PhishTank_CheckURL_1_0/short.html
View File

@ -1,14 +0,0 @@
<span ng-if="content.in_database">
<span ng-if="content.verified_at">
<span class="label" ng-class="{'false':'label-warning', 'true':'label-danger'}[content.in_database]">
PhishTank:
<timer interval="30000" start-time="gtime(content.verified_at)">
{{millis | amDurationFormat : 'milliseconds'}}
</timer>
</span>
<span ng-if="content.verified == false" class="label label-warning">
PhishTank: {{content.in_database}}&nbsp;
</span>
</span>
</span>
<!-- Change short report to give the age of url in database if it has been verified as a phishing site -->

0
thehive-templates/PhishTank_CheckURL_1_0/long.html → thehive-templates/PhishTank_CheckURL_2_0/long.html
View File

3
thehive-templates/PhishTank_CheckURL_2_0/short.html Normal file
View File

@ -0,0 +1,3 @@
<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}={{t.value}}
</span>&nbsp;