#56 fixed format of summary() output and short reports

analyzers/CERTatPassiveDNS/certat_passivedns.py

@@ -22,16 +22,19 @@ class CERTatPassiveDNSAnalyzer(Analyzer):
         return {'hits': len(results)}
 
     def summary(self, raw):
-
-        result = {"level":"info", "taxonomy":{"namespace": "CERT.at", "predicate": "PassiveDNS", "value":0}}
+        taxonomy = {"level":"info", "namespace": "CERT.at", "predicate": "PassiveDNS", "value":0}
+        taxonomies = []
 
         results = raw.get('results')
         r = len(results)
 
         if r == 0 or r == 1:
-            result["taxonomy"]["value"] = "\"{} hit\"".format(r)
+            taxonomy["value"] = "\"{} hit\"".format(r)
         else:
-            result["taxonomy"]["value"] = "\"{} hits\"".format(r)
+            taxonomy["value"] = "\"{} hits\"".format(r)
+
+        taxonomies.append(taxonomy)
+        result = {"taxonomies": taxonomies}
 
         return result
 

analyzers/CIRCLPassiveDNS/circl_passivedns.py

@@ -38,17 +38,19 @@ class CIRCLPassiveDNSAnalyzer(Analyzer):
 
     def summary(self, raw):
 
-        result = {"level": "info", "taxonomy": {"namespace": "CIRCL", "predicate": "PassiveDNS", "value": 0}}
+        taxonomy = {"level": "info", "namespace": "CIRCL", "predicate": "PassiveDNS", "value": 0}
+        taxonomies = []
 
         if ("results" in raw):
             r = len(raw.get('results'))
 
         if r == 0 or r == 1:
-            result["taxonomy"]["value"] = "\"{} hit\"".format(r)
+            taxonomy["value"] = "\"{} hit\"".format(r)
         else:
-            result["taxonomy"]["value"] = "\"{} hits\"".format(r)
-
+            taxonomy["value"] = "\"{} hits\"".format(r)
 
+        taxonomies.append(taxonomy)
+        result = {"taxonomies": taxonomies}
         return result
 
 

analyzers/CIRCLPassiveSSL/circl_passivessl.py

@@ -68,7 +68,8 @@ class CIRCLPassiveSSLAnalyzer(Analyzer):
 
 
     def summary(self, raw):
-        result = {"level": "info", "taxonomy": {"namespace": "CIRCL", "predicate": "PassiveSSL", "value": 0}}
+        taxonomy = {"level": "info", "namespace": "CIRCL", "predicate": "PassiveSSL", "value": 0}
+        taxonomies = []
 
         if (self.data_type == 'hash') and ("query" in raw):
             r = raw.get('query', 0).get('hits', 0)
@@ -76,10 +77,12 @@ class CIRCLPassiveSSLAnalyzer(Analyzer):
             r = len(raw['certificates'])
 
         if r == 0 or r == 1:
-            result["taxonomy"]["value"] = "\"{} hit\"".format(r)
+            taxonomy["value"] = "\"{} hit\"".format(r)
         else:
-            result["taxonomy"]["value"] = "\"{} hits\"".format(r)
+            taxonomy["value"] = "\"{} hits\"".format(r)
+        taxonomies.append(taxonomy)
 
+        result = {"taxonomies": taxonomies}
         return result
 
 

analyzers/DNSDB/dnsdb.py

@@ -40,15 +40,19 @@ class DnsDbAnalyzer(Analyzer):
         return row
 
     def summary(self, raw):
-        result = {"level": "info", "taxonomy": {"namespace": "Farsight", "predicate": "DNSDB", "value": 0}}
+        taxonomy = {"level": "info", "namespace": "Farsight", "predicate": "DNSDB", "value": 0}
+        taxonomies = []
 
         if ("records" in raw):
             r = len(raw["records"])
 
         if r == 0 or r == 1:
-            result["taxonomy"]["value"] = "\"{} record\"".format(r)
+            taxonomy["value"] = "\"{} record\"".format(r)
         else:
-            result["taxonomy"]["value"] = "\"{} records\"".format(r)
+            taxonomy["value"] = "\"{} records\"".format(r)
+        taxonomies.append(taxonomy)
+
+        result = {'taxonomies': taxonomies}
 
         return result
 

thehive-templates/CERTatPassiveDNS_1_0/short.html

@@ -1,3 +1,3 @@
-<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
     {{t.namespace}}:{{t.predicate}}={{t.value}}
-</span>
+</span>&nbsp;

thehive-templates/CIRCLPassiveDNS_1_0/short.html

@@ -1,3 +1,3 @@
-<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
     {{t.namespace}}:{{t.predicate}}={{t.value}}
 </span>&nbsp;

thehive-templates/CIRCLPassiveSSL_1_0/short.html

@@ -1,3 +1,3 @@
-<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
     {{t.namespace}}:{{t.predicate}}={{t.value}}
 </span>&nbsp;

thehive-templates/DNSDB_IPHistory_1_0/short.html

@@ -1,3 +1,3 @@
-<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
     {{t.namespace}}:{{t.predicate}}={{t.value}}
 </span>&nbsp;

thehive-templates/DNSDB_NameHistory_1_0/short.html

@@ -1,3 +1,3 @@
-<span class="label" ng-init="t = content.taxonomy" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[content.level]">
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
     {{t.namespace}}:{{t.predicate}}={{t.value}}
 </span>&nbsp;