#56 update FileInfo summary() and short reports

2024-11-08 01:48:53 +00:00 · 2017-06-16 13:33:24 +02:00 · 2017-06-16 13:33:24 +02:00 · fcd8197a8a
commit fcd8197a8a
parent ee94e1ef92
2 changed files with 31 additions and 15 deletions
--- a/analyzers/File_Info/fileinfo_analyzer.py
+++ b/analyzers/File_Info/fileinfo_analyzer.py
@ -138,18 +138,38 @@ class FileAnalyzer(Analyzer):

    # SUMMARY
    def summary(self, fullReport):
+
+        taxonomy = {"level": "info", "namespace": "FileInfo", "predicate": "Filetype", "value": 0}
+        taxonomies = []
+
        if fullReport['Mimetype'] in ['application/x-dosexec']:
-            return self.PE_Summary(fullReport)
-        if fullReport['Mimetype'] in ['application/pdf']:
-            return self.PDF_Summary(fullReport)
-        if (fullReport['filetype'] in ['DOC','DOCM','DOCX',
+            pereport = self.PE_Summary(fullReport)
+            taxonomy["value"] = pereport['filetype']
+            taxonomies.append(taxonomy)
+        elif fullReport['Mimetype'] in ['application/pdf']:
+            pdfreport = self.PDF_Summary(fullReport)
+            taxonomy['value'] = pdfreport['filetype']
+            if pdfreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        elif (fullReport['filetype'] in ['DOC','DOCM','DOCX',
                                    'XLS', 'XLSM', 'XLSX',
                                    'PPT', "PPTM", 'PPTX']):
-            return self.MSOffice_Summary(fullReport)
+            msreport = self.MSOffice_Summary(fullReport)
+            taxonomy['value'] = msreport['filetype']
+            if msreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        else:
+            taxonomy['value'] = fullReport['filetype']
+            taxonomies.append(taxonomy)
+
+        result = {'taxonomies': taxonomies}
+        return result
+
+
+

-        return {
-            'filetype': fullReport['filetype']
-        }

    def SpecificInfo(self,report):
        # run specific program for PE
--- a/thehive-templates/File_Info_1_0/short.html
+++ b/thehive-templates/File_Info_1_0/short.html
@ -1,7 +1,3 @@
-<span class="label label-info" ng-if="!content.suspicious">
-    File_Info:filetype={{content.filetype}}
-</span>
-
-<span class="label label-warning" ng-if="content.suspicious">
-    File_Info:Suspicious
-</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;