valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 09:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,228 Commits 22 Branches 83 Tags 66 MiB
075ae7646e
Commit Graph

207 Commits

Author SHA1 Message Date
Jérôme Leonard
4de696c9b0 #873 minemeld 2020-11-18 17:22:27 +01:00
strassi
6a563384b4 changed to delete API call acccording to discussion in pull request #891 2020-11-12 18:23:39 +01:00
dadokkio
890b40ca4c fix case id, error if type is not guessed 2020-11-11 12:02:05 +01:00
Arcuri Davide
1f0a04ae51
Merge pull request #893 from colin-stubbs/master 
[Bug] MineMeld responder domain IOC incorrect type #892
 2020-11-11 08:19:21 +01:00
Colin Stubbs
623f331be2
Update minemeld.py 2020-11-11 10:45:43 +10:00
staf711
2cb53cff90 Add custom rules and save attributes 
New version response scripts for save attributes in rules
 2020-11-08 21:20:24 +03:00
strassi
5ec1563a64 extended author to OSCD twitter handle 2020-11-07 19:12:13 +01:00
strassi
fc84e08b72 newline at the end! 2020-11-06 17:59:55 +01:00
strassi
a85366f9c1 bumped version number and fixed service descriptoin 2020-11-06 17:50:26 +01:00
strassi
6b4ee03f01 implemented readme for responder explanation 2020-11-06 17:43:33 +01:00
strassi
f79ce835d6 remove useless service configuration file 2020-11-06 17:11:25 +01:00
strassi
be935fb520 fixed git case-sensitivity issue 2020-11-06 12:05:56 +01:00
strassi
1dc39fcdb9 handle error if no messages found 2020-11-04 19:19:45 +01:00
strassi
a5465487d3 untracked venv 2020-11-04 19:11:10 +01:00
strassi
127f29cabc deleted testing file 2020-11-04 19:07:19 +01:00
strassi
eef66ba6f5 added urllib to requirements.txt 2020-11-04 19:06:57 +01:00
strassi
7b7c32b85e added docker file 2020-11-04 19:06:48 +01:00
strassi
58688d323e fixed general tag 2020-11-02 20:27:03 +01:00
strassi
3d819c8edc implemented bulk delete via query 2020-11-02 20:15:18 +01:00
strassi
99c0b635f9 removed some unessassary function overload 2020-11-02 20:07:53 +01:00
strassi
8407623482 implemented two dimensional tags for saving the filters 2020-11-02 20:06:48 +01:00
strassi
4949512f28 fixed case observable creation 2020-11-02 19:38:44 +01:00
strassi
a73bae0de5 added functionality for custom gsuite domains 2020-10-29 21:04:45 +01:00
strassi
f67f108d0b changed function descriptoin 2020-10-29 21:04:09 +01:00
strassi
79609a1fe2 changed to quote because it takes single string and urlencodes 2020-10-29 21:03:57 +01:00
strassi
962cdb6fb3 fixed private key to be compliant with PEM format 2020-10-29 21:03:24 +01:00
strassi
50b2c5742f added gmail domain config 2020-10-29 21:02:54 +01:00
strassi
97248f7464 added gsuite domain configurationitem 2020-10-29 21:01:34 +01:00
strassi
cce8357dda implemented service file configurationitems 2020-10-29 19:46:47 +01:00
strassi
1ee33908f8 fixed naming convention 2020-10-29 19:46:23 +01:00
strassi
9b2941df57 implemented thehive authentication 2020-10-29 19:40:27 +01:00
strassi
401c46e7be implemented gmail auth 2020-10-29 19:38:06 +01:00
staf711
c45961fa0a Add Responder for port with rules 
Add Responder for:
1. Block internal port
2. Block external port
3. Unblock internal port
4. Unblock external port
 2020-10-29 18:37:56 +03:00
strassi
0ad4459e02 credentails get valid with the first request; patched gmail_auth 2020-10-28 20:46:16 +01:00
staf711
456bf91c26 Add response with security rules 
Response with rules for:
1. IP address
2. domains
3. users

This response contain security rules with default name, for use need add setting PaloAltoNGFW and the hive.
 2020-10-26 11:53:27 +03:00
strassi
b5edcd44e9 implemented servicec account info for gmail auth 2020-10-20 20:14:27 +02:00
staf711
1a8dfc338b Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00
strassi
f2496cefa1 removed custom filter field of case 2020-10-20 19:59:44 +02:00
strassi
d16e0b3557 implemeted helper function for tag and deleted useless comments 2020-10-20 19:57:01 +02:00
strassi
e9c7c923ca added comment for dynamic call part 2020-10-20 19:37:04 +02:00
strassi
de99000c8d changed the hive auth 2020-10-20 19:30:46 +02:00
strassi
4570ebe6c3 replaced variable to fit new helper functions 2020-10-20 19:28:15 +02:00
strassi
d1866f5614 implemeted helper functions for auth and observable requests 2020-10-20 19:27:08 +02:00
strassi
729f9a3ab0 implemeted deletemessage service 2020-10-20 19:13:12 +02:00
strassi
bc5f4e9e44 implemeted error message if gmail auth fails 2020-10-20 19:09:28 +02:00
strassi
2d57010567 added trash message function and deleted some code 2020-10-20 19:05:01 +02:00
strassi
4723ef15dd implemented blocking/unblocking 2020-10-19 20:21:05 +02:00
strassi
ecd92c7af2 added some comments and fixes 2020-10-16 19:09:52 +02:00
strassi
682849a9bf implemented blocksender (fake n dirty) 2020-10-16 19:06:12 +02:00
strassi
64c364eeb6 implemented unblock of domain (dirty and fake data) 2020-10-16 19:01:53 +02:00
strassi
8a2621c802 implemented blockdomain (with mock block action) 2020-10-16 18:46:07 +02:00
strassi
8282fdc285 implemented service files 2020-10-16 17:36:56 +02:00
strassi
26bdc4bcbe pseudo implemented blocking mechanisms 2020-10-15 19:31:19 +02:00
strassi
a4de4decb2 implemented initial thehive connection 2020-10-15 19:01:20 +02:00
Arcuri Davide
8ad6342822
Merge pull request #848 from jan4401/patch-1 
TheHive4: equal signs instead of colons for tags
 2020-10-14 12:17:19 +02:00
Daniel Weiner
0400dd37f5
Add files via upload 2020-10-11 14:15:03 -04:00
strassi
aa77a4af86 changed authenticate function 2020-10-09 11:10:48 +02:00
strassi
b95cbba496 added trashing cap and fixed some comments 2020-10-09 11:08:56 +02:00
strassi
2b758ec040 implemented blocking and unblocking of messages 2020-10-09 11:00:41 +02:00
strassi
f138f1ee0b implemented basic responder body 2020-10-09 10:07:20 +02:00
strassi
ef5fa25b17 added initial files for gmail responder 2020-10-06 18:18:00 +02:00
Arcuri Davide
1fdf89dd6f
Merge pull request #845 from weslambert/fix/wazuh_error_message 
Fix verbiage for error messages
 2020-10-02 08:19:10 +02:00
jan4401
9e51263d2d
Compatibility for TheHive 3 and 4 
Check ist made for "mail:" or "mail="
Same for "mailto"
 2020-09-17 16:24:22 +02:00
jan4401
60115aa293
TheHive4: equal signs instead of colons for tags 
TheHive4 does use equal signs instead of colons for tags
See issue: https://github.com/TheHive-Project/Cortex-Analyzers/issues/847
 2020-09-08 14:14:11 +02:00
weslambert
c3059ccfc3
Fix verbiage for error messages 2020-09-04 13:42:15 -04:00
frikky
271d023679 Added Shuffle workflow execution responder 2020-08-27 12:03:47 +02:00
Jérôme Leonard
44392c64d6 #803 include documentation 2020-08-12 09:45:44 +00:00
Jérôme Leonard
6c9d3e29d8 Merge branch 'feature/Velociraptor-Responder' of https://github.com/weslambert/Cortex-Analyzers into weslambert-feature/Velociraptor-Responder 2020-08-12 09:42:34 +00:00
Davide Arcuri
b2965c4235 fix description field in mailer responder #835 2020-08-10 12:03:55 +02:00
Jérôme Leonard
e3cc2672ef
#834 build docker image successfully 2020-08-03 14:01:38 +02:00
weslambert
b638621eea
Add grpcio-tools 2020-07-25 09:31:59 -04:00
Jérôme Leonard
ad61e8e0f6
#820 cant build image with space in name 2020-07-15 17:27:35 +02:00
Jérôme Leonard
1b98f4437b
#801 without +x perm, analyzer can't be run 2020-07-02 09:04:38 +02:00
Jérôme Leonard
a243336a63
#587 test 2020-06-30 11:58:24 +02:00
Jerome Leonard
c2c993713d
Merge pull request #766 from hariomenkel/master 
Add new responder VirustotalDownloader #765
 2020-06-26 17:31:41 +02:00
Wes Lambert
50f475b17d
Initial Velociraptor Responder 2020-06-23 02:57:41 +00:00
Jérôme Leonard
f5daf3b144 #789 catalogs removed 2020-06-19 11:19:10 +02:00
Michael Davis
c71ecf0da9 update "Applies To" section 2020-06-19 11:19:10 +02:00
Michael Davis
8c866e0979 Add v1 files 2020-06-19 11:19:10 +02:00
weslambert
1e4dd360c3 Import ipaddress 2020-06-17 10:56:46 +02:00
Jerome Leonard
342131dc54
Merge pull request #775 from TheHive-Project/dadokkio-patch-2 
add requests to requirements
 2020-06-14 10:48:20 +02:00
Jerome Leonard
067310680e
Merge pull request #764 from TheHive-Project/feature/Mailer 
Add auth to Mailer and support for tasks
 2020-06-14 10:10:42 +02:00
Arcuri Davide
96f1c84e5e
add requests to requirements 
Fixes #774
 2020-05-25 12:45:43 +02:00
thehive
7c00750986 Add new responder VirustotalDownloader #765 2020-05-13 14:01:38 +00:00
Davide Arcuri
ff97a4ac4b keep mail: as before 2020-05-12 16:43:10 +02:00
Davide Arcuri
5a1c550f8e add auth & support for tasks 2020-05-12 16:25:39 +02:00
Jérôme Leonard
7380650ce4 Merge branch 'feature/rt4-responder' of https://github.com/mdavis332/Cortex-Analyzers into mdavis332-feature/rt4-responder 2020-04-30 16:00:25 +02:00
colin-stubbs
29fe2991a0 Initial commit for SendGrid responder 2020-04-04 01:11:28 +10:00
Jérôme Leonard
80e9decaa6
#727 #726 #714 merged on the right release branch 2020-03-23 10:18:45 +01:00
Jerome Leonard
383847cab8
Revert "Revert "DomainToolsIris config cleanup"" 2020-03-23 09:59:35 +01:00
Jerome Leonard
26174fec18
Revert "DomainToolsIris config cleanup" 2020-03-23 09:56:55 +01:00
Arcuri Davide
b209fbdf17
fix some code for python3 compatibility 2020-03-16 15:25:52 +01:00
Chuck Woodraska
871fdf6575 Small changes to the json config files that clean up extraneous config values that could be confusing. 2020-03-10 11:22:05 -07:00
Jérôme Leonard
4652cc28f7 Merge branch 'DT-addriskydnstag_responder' of https://github.com/DomainTools/Cortex-Analyzers into DT-addriskydnstag_responder 2020-03-10 14:07:40 +01:00
Jérôme Leonard
0bb5550f5e Merge branch 'DT-checkmalicioustags_responder' of https://github.com/DomainTools/Cortex-Analyzers into DT-checkmalicioustags_responder 2020-03-10 11:50:06 +01:00
garanews
9f04be6a33
Merge pull request #711 from TheHive-Project/cortexutils_in_requirements 
cortexutils in all requirements.txt
 2020-03-06 17:01:34 +01:00
garanews
228c26f0db cortexutils in all requirements.txt 
added cortexutils in all requirements.txt
 2020-03-06 16:56:17 +01:00
garanews
da200e1e50
Merge pull request #547 from arnydo/update_umbrellablacklister 
Update UmbrellaBlacklister
 2020-03-05 14:42:16 +01:00
Arcuri Davide
6f930a36b8
Keep ioc_types in list instead of dict 2020-03-05 14:38:47 +01:00
Jérôme Leonard
0fba4d5ae7 Merge branch 'release/2.5.0' 2020-02-24 11:57:40 +01:00