valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 09:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,228 Commits 22 Branches 83 Tags 66 MiB
075ae7646e
Commit Graph

207 Commits

Author SHA1 Message Date
strassi
8a2621c802 implemented blockdomain (with mock block action) 2020-10-16 18:46:07 +02:00
strassi
8282fdc285 implemented service files 2020-10-16 17:36:56 +02:00
strassi
26bdc4bcbe pseudo implemented blocking mechanisms 2020-10-15 19:31:19 +02:00
strassi
a4de4decb2 implemented initial thehive connection 2020-10-15 19:01:20 +02:00
Arcuri Davide
8ad6342822
Merge pull request #848 from jan4401/patch-1 
TheHive4: equal signs instead of colons for tags
 2020-10-14 12:17:19 +02:00
Daniel Weiner
0400dd37f5
Add files via upload 2020-10-11 14:15:03 -04:00
strassi
aa77a4af86 changed authenticate function 2020-10-09 11:10:48 +02:00
strassi
b95cbba496 added trashing cap and fixed some comments 2020-10-09 11:08:56 +02:00
strassi
2b758ec040 implemented blocking and unblocking of messages 2020-10-09 11:00:41 +02:00
strassi
f138f1ee0b implemented basic responder body 2020-10-09 10:07:20 +02:00
strassi
ef5fa25b17 added initial files for gmail responder 2020-10-06 18:18:00 +02:00
Arcuri Davide
1fdf89dd6f
Merge pull request #845 from weslambert/fix/wazuh_error_message 
Fix verbiage for error messages
 2020-10-02 08:19:10 +02:00
jan4401
9e51263d2d
Compatibility for TheHive 3 and 4 
Check ist made for "mail:" or "mail="
Same for "mailto"
 2020-09-17 16:24:22 +02:00
jan4401
60115aa293
TheHive4: equal signs instead of colons for tags 
TheHive4 does use equal signs instead of colons for tags
See issue: https://github.com/TheHive-Project/Cortex-Analyzers/issues/847
 2020-09-08 14:14:11 +02:00
weslambert
c3059ccfc3
Fix verbiage for error messages 2020-09-04 13:42:15 -04:00
frikky
271d023679 Added Shuffle workflow execution responder 2020-08-27 12:03:47 +02:00
Jérôme Leonard
44392c64d6 #803 include documentation 2020-08-12 09:45:44 +00:00
Jérôme Leonard
6c9d3e29d8 Merge branch 'feature/Velociraptor-Responder' of https://github.com/weslambert/Cortex-Analyzers into weslambert-feature/Velociraptor-Responder 2020-08-12 09:42:34 +00:00
Davide Arcuri
b2965c4235 fix description field in mailer responder #835 2020-08-10 12:03:55 +02:00
Jérôme Leonard
e3cc2672ef
#834 build docker image successfully 2020-08-03 14:01:38 +02:00
weslambert
b638621eea
Add grpcio-tools 2020-07-25 09:31:59 -04:00
Jérôme Leonard
ad61e8e0f6
#820 cant build image with space in name 2020-07-15 17:27:35 +02:00
Jérôme Leonard
1b98f4437b
#801 without +x perm, analyzer can't be run 2020-07-02 09:04:38 +02:00
Jérôme Leonard
a243336a63
#587 test 2020-06-30 11:58:24 +02:00
Jerome Leonard
c2c993713d
Merge pull request #766 from hariomenkel/master 
Add new responder VirustotalDownloader #765
 2020-06-26 17:31:41 +02:00
Wes Lambert
50f475b17d
Initial Velociraptor Responder 2020-06-23 02:57:41 +00:00
Jérôme Leonard
f5daf3b144 #789 catalogs removed 2020-06-19 11:19:10 +02:00
Michael Davis
c71ecf0da9 update "Applies To" section 2020-06-19 11:19:10 +02:00
Michael Davis
8c866e0979 Add v1 files 2020-06-19 11:19:10 +02:00
weslambert
1e4dd360c3 Import ipaddress 2020-06-17 10:56:46 +02:00
Jerome Leonard
342131dc54
Merge pull request #775 from TheHive-Project/dadokkio-patch-2 
add requests to requirements
 2020-06-14 10:48:20 +02:00
Jerome Leonard
067310680e
Merge pull request #764 from TheHive-Project/feature/Mailer 
Add auth to Mailer and support for tasks
 2020-06-14 10:10:42 +02:00
Arcuri Davide
96f1c84e5e
add requests to requirements 
Fixes #774
 2020-05-25 12:45:43 +02:00
thehive
7c00750986 Add new responder VirustotalDownloader #765 2020-05-13 14:01:38 +00:00
Davide Arcuri
ff97a4ac4b keep mail: as before 2020-05-12 16:43:10 +02:00
Davide Arcuri
5a1c550f8e add auth & support for tasks 2020-05-12 16:25:39 +02:00
Jérôme Leonard
7380650ce4 Merge branch 'feature/rt4-responder' of https://github.com/mdavis332/Cortex-Analyzers into mdavis332-feature/rt4-responder 2020-04-30 16:00:25 +02:00
colin-stubbs
29fe2991a0 Initial commit for SendGrid responder 2020-04-04 01:11:28 +10:00
Jérôme Leonard
80e9decaa6
#727 #726 #714 merged on the right release branch 2020-03-23 10:18:45 +01:00
Jerome Leonard
383847cab8
Revert "Revert "DomainToolsIris config cleanup"" 2020-03-23 09:59:35 +01:00
Jerome Leonard
26174fec18
Revert "DomainToolsIris config cleanup" 2020-03-23 09:56:55 +01:00
Arcuri Davide
b209fbdf17
fix some code for python3 compatibility 2020-03-16 15:25:52 +01:00
Chuck Woodraska
871fdf6575 Small changes to the json config files that clean up extraneous config values that could be confusing. 2020-03-10 11:22:05 -07:00
Jérôme Leonard
4652cc28f7 Merge branch 'DT-addriskydnstag_responder' of https://github.com/DomainTools/Cortex-Analyzers into DT-addriskydnstag_responder 2020-03-10 14:07:40 +01:00
Jérôme Leonard
0bb5550f5e Merge branch 'DT-checkmalicioustags_responder' of https://github.com/DomainTools/Cortex-Analyzers into DT-checkmalicioustags_responder 2020-03-10 11:50:06 +01:00
garanews
9f04be6a33
Merge pull request #711 from TheHive-Project/cortexutils_in_requirements 
cortexutils in all requirements.txt
 2020-03-06 17:01:34 +01:00
garanews
228c26f0db cortexutils in all requirements.txt 
added cortexutils in all requirements.txt
 2020-03-06 16:56:17 +01:00
garanews
da200e1e50
Merge pull request #547 from arnydo/update_umbrellablacklister 
Update UmbrellaBlacklister
 2020-03-05 14:42:16 +01:00
Arcuri Davide
6f930a36b8
Keep ioc_types in list instead of dict 2020-03-05 14:38:47 +01:00
Jérôme Leonard
0fba4d5ae7 Merge branch 'release/2.5.0' 2020-02-24 11:57:40 +01:00
Davide
7ed76b717c Merge branch 'feature/RedmineResponder' into release/2.5.0 2020-02-19 12:01:52 +01:00
Jérôme Leonard
57cce95823
#596 force python3 2020-02-14 17:06:52 +01:00
Jérôme Leonard
3feb910147 Merge branch 'develop' of https://github.com/maugertg/Cortex-Analyzers into release/2.5.0 2020-02-14 17:05:25 +01:00
Jérôme Leonard
a46ebfcb58
#614 ensure analyzers and responders programs can be executed 2020-02-11 11:02:44 +01:00
Jérôme Leonard
e7b640be2d
#608 #609 responders postponed 2020-02-09 10:49:47 +01:00
Jérôme Leonard
5d49d28536
#604 force python3 in all analyzers and responders 2020-02-09 10:47:57 +01:00
Michael Auger
c844fa60eb
Fix unlock code validation 
When no unlock code was provided the validation would still execute resulting in an exception
 2020-01-26 05:22:55 -05:00
Michael Auger
dee7530fed
Cisco AMP for Endpoints Responder 
Initial Release of the Cisco AMP for Endpoints Responder
 2020-01-24 18:36:46 -05:00
weslambert
eec68eaf5b Add Minemeld Responder (#581) 2020-01-14 09:49:40 +01:00
Chuck Woodraska
9e12508a96 DomainTools add risky DNS tag to artifact and case depending on risk score tag from DomainTools. (#587) 2020-01-13 15:31:01 +01:00
Chuck Woodraska
c7337b1ee0 DomainTools check for malicious tags depending on iris tags from DomainTools and add a tag to artifact and case. (#588) 2020-01-13 15:30:45 +01:00
weslambert
801a7b4042 Add Wazuh responder (#582) 2020-01-09 17:15:55 +01:00
Kyle Parrish
a155548f20 New Responder KnowBe4 (#549) 
* Create KnowBe4.json

* Create KnowBe4.py

* Create requirements.txt

* Create Dockerfile

* Move KnowBe4 to responders dir

* Add additional payload params

Co-authored-by: Jerome Leonard <jeromeleonard@users.noreply.github.com>
 2020-01-08 21:58:39 +01:00
Chuck Woodraska
a195d7d28f DomainTools check for malicious tags depending on iris tags from DomainTools and add a tag to artifact and case. 2019-12-10 08:15:04 -08:00
Chuck Woodraska
9876423f0d DomainTools add risky DNS tag to artifact and case depending on risk score tag from DomainTools. 2019-12-10 08:06:41 -08:00
Nils Kuhnert
f953b74430
Merge pull request #517 from github-pba/fix-509 
removed python builtins from requirements.txt
 2019-11-16 23:53:45 +01:00
To-om
ea9bcb9836 #561 Add missing dependencies in requirements.txt 2019-11-04 16:32:36 +01:00
Kyle Parrish
7c09aa308c
Update minor version 2019-10-18 16:28:38 -04:00
Kyle Parrish
9990c391bc
Update UmbrellaBlacklister to include FQDN and URL data_types. 2019-10-18 16:28:05 -04:00
Michael Davis
bc6fa5978e
update "Applies To" section 2019-10-10 08:39:00 -05:00
Michael Davis
fba2c76b17
Add v1 files 2019-10-10 08:34:17 -05:00
Jérôme Leonard
558674335a
#540 cant build docker containers due to spaces in the name of this responder 2019-10-09 15:55:19 +02:00
Jérôme Leonard
ef51e9f29d
Merge branch 'master' of https://github.com/cyberpescadito/Cortex-Analyzers into cyberpescadito-master 2019-10-01 08:11:40 +02:00
Jérôme Leonard
dac4d2c358
Merge branch 'dns-rpz-feature' of https://github.com/mhexp/Cortex-Analyzers into mhexp-dns-rpz-feature 2019-10-01 08:02:16 +02:00
Jérôme Leonard
52da152b51
#531 fix baseConfig 2019-09-11 18:00:55 +02:00
Jérôme Leonard
fa9b600788
#532 Zerofox request for takedown 2019-09-11 18:00:05 +02:00
Jérôme Leonard
b50de48af6
#531 Close Zerofox Alert 2019-09-11 17:53:34 +02:00
github-pba
74e98576c9 fix for issue 509 2019-07-26 09:36:46 +02:00
Nils Kuhnert
4dd2ed6c65
Fixed if statement, requirements and indentation 2019-04-16 08:56:26 +02:00
cyberpescadito
e4cf1320a4
Update README.md 2019-04-15 14:46:43 +02:00
CyberPescadito
e07ca42450 Fixing requirements files 2019-04-15 12:45:12 +00:00
Soc User
38200441d8 Adding QRadarAutoClose responder 2019-04-15 12:34:54 +00:00
To-om
5bfa0e61e5 #450 Add docker image catalogs 2019-04-05 12:01:18 +02:00
To-om
53950b5810 #450 Add custom Dockerfiles 2019-04-05 12:01:17 +02:00
Mike Hornung
348b8f7060 Added DNS-RPZ responder 2019-03-26 18:46:46 -07:00
Jérôme Leonard
2b2dd371f2
Merge branch 'master' of https://github.com/ag-michael/Cortex-Analyzers into ag-michael-master 2019-03-23 08:44:49 +01:00
To-om
32c72dacea
Fix default value type for smtp port 2019-03-22 15:52:54 +01:00
michael
b8696866fc update FalconcustomIOC responder to set the case title for the source parameter 2019-02-17 23:55:16 +00:00
michael
855cdc7761 Add operations method. Tidy up regex 2019-02-12 15:12:14 +00:00
michael
8559d684eb Merge remote-tracking branch 'upstream/master' 2019-02-12 15:11:01 +00:00
michael
520ea9a08c set the url to a crowdstrike blog about the api 2019-02-10 20:20:32 +00:00
michael
4fce057e27 revert newline change* 2019-02-10 20:18:16 +00:00
michael
563b405f9c Crowdstrike Falcon custom IOC api responder added 2019-02-10 20:15:24 +00:00
root
b9eabb3a4a Crowdstrike Falcon custom IOC api responder added 2019-02-10 20:13:31 +00:00
Nabil Adouani
9f9ee97cd7 #416 Fix title and description encoding 2019-02-06 10:57:57 +01:00
arnydo
e4476ae699 Responder/umbrella blacklister (#383) 
* Initial Umbrella Blacklister Responder commit

* Initial Umbrella Blacklister Responder commit

* Modify required datatype

* Modify required datatype

* Add operation AddTagToArtifact
 2018-12-20 15:03:34 +01:00
arnydo
ab13a60cdd Improve/mailer (#376) 
* Add option for smtp_port

* Update Mailer.json

* Add smtp_port option
 2018-12-20 15:03:34 +01:00
arnydo
f042128670 Responder/umbrella blacklister (#383) 
* Initial Umbrella Blacklister Responder commit

* Initial Umbrella Blacklister Responder commit

* Modify required datatype

* Modify required datatype

* Add operation AddTagToArtifact
 2018-12-04 16:17:30 +01:00
arnydo
d69f850875 Improve/mailer (#376) 
* Add option for smtp_port

* Update Mailer.json

* Add smtp_port option
 2018-11-29 23:38:25 +01:00
srilumpa
688e8a475b Add configuration to allow closing tasks 2018-09-20 10:08:12 +02:00
srilumpa
d366b6057d Add capacity to add a custom field containing the craeted issue number 2018-09-20 09:59:24 +02:00
srilumpa
d4c79fcb36 Close task if responder is ran from task 2018-09-19 17:03:06 +02:00
srilumpa
7ccc0e83a2 Add support to open issue from TheHive tasks 2018-09-19 12:37:24 +02:00
srilumpa
887b7f2219 Better description of the Redmine server in responder output 2018-09-12 15:13:00 +02:00
srilumpa
eec1c385d8 Add Redmine responder 2018-09-11 10:34:34 +02:00
To-om
7bd33d7545 Responder Mailer: extract recipient address from alert artifact 2018-07-31 08:40:42 +02:00
To-om
c90b7440bb Add Mailer responder 2018-07-30 18:12:28 +02:00