Merge pull request #1216 from TonioRyo/fix/sekoiaio-analyzer

Fix/sekoiaio analyzer
TheHive-Project · Aug 28, 2023 · b761566 · b761566
2 parents bdf52f9 + d8d2350
commit b761566
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 17 deletions.
diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json
@@ -20,14 +20,14 @@
     "configurationItems": [
         {
             "name": "api_key",
-            "description": "Intelligence center API key",
+            "description": "API key",
             "type": "string",
             "multi": false,
             "required": true
         },
         {
             "name": "url",
-            "description": "Intelligence center URL",
+            "description": "Base URL (default to https://app.sekoia.io)",
             "type": "string",
             "multi": false,
             "required": false

diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json
@@ -20,14 +20,14 @@
     "configurationItems": [
         {
             "name": "api_key",
-            "description": "Intelligence center API key",
+            "description": "API key",
             "type": "string",
             "multi": false,
             "required": true
         },
         {
             "name": "url",
-            "description": "Intelligence center URL",
+            "description": "Base URL (default to https://app.sekoia.io)",
             "type": "string",
             "multi": false,
             "required": false

diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json
@@ -20,14 +20,14 @@
     "configurationItems": [
         {
             "name": "api_key",
-            "description": "Intelligence center API key",
+            "description": "API key",
             "type": "string",
             "multi": false,
             "required": true
         },
         {
             "name": "url",
-            "description": "Intelligence center URL",
+            "description": "Base URL (default to https://app.sekoia.io)",
             "type": "string",
             "multi": false,
             "required": false

diff --git a/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py b/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py
@@ -8,7 +8,6 @@
 
 
 class IntelligenceCenterAnalyzer(Analyzer):
-
     TYPES_MAPPING = {
         "url": "url",
         "domain": "domain-name",
@@ -22,15 +21,21 @@ class IntelligenceCenterAnalyzer(Analyzer):
     @property
     def url(self):
         if self.service == "observables":
-            return "{}/api/v2/inthreat/observables/search?with_indicated_threats=1".format(self.base_url)
+            return (
+                "{}/api/v2/inthreat/observables/search?with_indicated_threats=1".format(
+                    self.base_url
+                )
+            )
         path = ""
         if self.service == "context":
             path = "/context"
         return "{}/api/v2/inthreat/indicators{}".format(self.base_url, path)
 
     def __init__(self):
         Analyzer.__init__(self)
-        self.service = self.get_param("config.service", None, "Service parameter is missing")
+        self.service = self.get_param(
+            "config.service", None, "Service parameter is missing"
+        )
         self.api_key = self.get_param("config.api_key", None, "Missing Api Key")
         self.base_url = self.get_param("config.url", self.DEFAULT_URL)
         if not self.base_url:
@@ -48,15 +53,25 @@ def summary(self, raw):
 
         taxonomies = []
         if count == 0:
-            taxonomies.append(self.build_taxonomy("safe", "SEKOIA", self.service, value))
+            taxonomies.append(
+                self.build_taxonomy("safe", "SEKOIA", self.service, value)
+            )
         elif self.service == "observables":
-            has_threats = any(res.get("x_ic_indicated_threats") for res in raw["results"])
+            has_threats = any(
+                res.get("x_ic_indicated_threats") for res in raw["results"]
+            )
             if has_threats:
-                taxonomies.append(self.build_taxonomy("malicious", "SEKOIA", self.service, value))
-            else;
-                taxonomies.append(self.build_taxonomy("safe", "SEKOIA", self.service, value))
+                taxonomies.append(
+                    self.build_taxonomy("malicious", "SEKOIA", self.service, value)
+                )
+            else:
+                taxonomies.append(
+                    self.build_taxonomy("safe", "SEKOIA", self.service, value)
+                )
         else:
-            taxonomies.append(self.build_taxonomy("malicious", "SEKOIA", self.service, value))
+            taxonomies.append(
+                self.build_taxonomy("malicious", "SEKOIA", self.service, value)
+            )
 
         return {"taxonomies": taxonomies}
 
@@ -95,13 +110,17 @@ def perform_request(self, payload):
                 )
             if ex.response.status_code == 429:
                 self.error("Quota exhausted.")
-            self.error("API returned with the error code {}".format(str(ex.response.status_code)))
+            self.error(
+                "API returned with the error code {}".format(
+                    str(ex.response.status_code)
+                )
+            )
 
     def _send_request(self, payload):
         headers = {"Authorization": "Bearer {}".format(self.api_key)}
         if self.service == "observables":
             response = requests.post(self.url, json=payload, headers=headers)
-        else: 
+        else:
             response = requests.get(self.url, params=payload, headers=headers)
         response.raise_for_status()
         return response.json()["items"]