From 5455f97a365e5c08c5e33526ccedddfcd2d20663 Mon Sep 17 00:00:00 2001 From: Antoine Ryon Date: Mon, 28 Aug 2023 14:54:57 +0200 Subject: [PATCH 1/2] Fix syntax error in Sekoia.io analyzer --- .../sekoia_intelligence_center_analyzer.py | 41 ++++++++++++++----- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py b/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py index 506fbb764..125947584 100755 --- a/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py +++ b/analyzers/SEKOIAIntelligenceCenter/sekoia_intelligence_center_analyzer.py @@ -8,7 +8,6 @@ class IntelligenceCenterAnalyzer(Analyzer): - TYPES_MAPPING = { "url": "url", "domain": "domain-name", @@ -22,7 +21,11 @@ class IntelligenceCenterAnalyzer(Analyzer): @property def url(self): if self.service == "observables": - return "{}/api/v2/inthreat/observables/search?with_indicated_threats=1".format(self.base_url) + return ( + "{}/api/v2/inthreat/observables/search?with_indicated_threats=1".format( + self.base_url + ) + ) path = "" if self.service == "context": path = "/context" @@ -30,7 +33,9 @@ def url(self): def __init__(self): Analyzer.__init__(self) - self.service = self.get_param("config.service", None, "Service parameter is missing") + self.service = self.get_param( + "config.service", None, "Service parameter is missing" + ) self.api_key = self.get_param("config.api_key", None, "Missing Api Key") self.base_url = self.get_param("config.url", self.DEFAULT_URL) if not self.base_url: @@ -48,15 +53,25 @@ def summary(self, raw): taxonomies = [] if count == 0: - taxonomies.append(self.build_taxonomy("safe", "SEKOIA", self.service, value)) + taxonomies.append( + self.build_taxonomy("safe", "SEKOIA", self.service, value) + ) elif self.service == "observables": - has_threats = any(res.get("x_ic_indicated_threats") for res in raw["results"]) + has_threats = any( + res.get("x_ic_indicated_threats") for res in raw["results"] + ) if has_threats: - taxonomies.append(self.build_taxonomy("malicious", "SEKOIA", self.service, value)) - else; - taxonomies.append(self.build_taxonomy("safe", "SEKOIA", self.service, value)) + taxonomies.append( + self.build_taxonomy("malicious", "SEKOIA", self.service, value) + ) + else: + taxonomies.append( + self.build_taxonomy("safe", "SEKOIA", self.service, value) + ) else: - taxonomies.append(self.build_taxonomy("malicious", "SEKOIA", self.service, value)) + taxonomies.append( + self.build_taxonomy("malicious", "SEKOIA", self.service, value) + ) return {"taxonomies": taxonomies} @@ -95,13 +110,17 @@ def perform_request(self, payload): ) if ex.response.status_code == 429: self.error("Quota exhausted.") - self.error("API returned with the error code {}".format(str(ex.response.status_code))) + self.error( + "API returned with the error code {}".format( + str(ex.response.status_code) + ) + ) def _send_request(self, payload): headers = {"Authorization": "Bearer {}".format(self.api_key)} if self.service == "observables": response = requests.post(self.url, json=payload, headers=headers) - else: + else: response = requests.get(self.url, params=payload, headers=headers) response.raise_for_status() return response.json()["items"] From d8d235092323a2e77e35864966b3660b6f63f8f4 Mon Sep 17 00:00:00 2001 From: Antoine Ryon Date: Mon, 28 Aug 2023 14:57:11 +0200 Subject: [PATCH 2/2] Improve description of the configuration items --- .../SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json | 4 ++-- .../IntelligenceCenter_Indicators.json | 4 ++-- .../IntelligenceCenter_observables.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json index 358c16f47..ba11adb2f 100644 --- a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json +++ b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Context.json @@ -20,14 +20,14 @@ "configurationItems": [ { "name": "api_key", - "description": "Intelligence center API key", + "description": "API key", "type": "string", "multi": false, "required": true }, { "name": "url", - "description": "Intelligence center URL", + "description": "Base URL (default to https://app.sekoia.io)", "type": "string", "multi": false, "required": false diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json index b40ba9390..014ffa961 100644 --- a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json +++ b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_Indicators.json @@ -20,14 +20,14 @@ "configurationItems": [ { "name": "api_key", - "description": "Intelligence center API key", + "description": "API key", "type": "string", "multi": false, "required": true }, { "name": "url", - "description": "Intelligence center URL", + "description": "Base URL (default to https://app.sekoia.io)", "type": "string", "multi": false, "required": false diff --git a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json index ed23704e5..88bf40877 100644 --- a/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json +++ b/analyzers/SEKOIAIntelligenceCenter/IntelligenceCenter_observables.json @@ -20,14 +20,14 @@ "configurationItems": [ { "name": "api_key", - "description": "Intelligence center API key", + "description": "API key", "type": "string", "multi": false, "required": true }, { "name": "url", - "description": "Intelligence center URL", + "description": "Base URL (default to https://app.sekoia.io)", "type": "string", "multi": false, "required": false