Merge pull request #1242 from jimbobnet/develop

New ONYPHE Search, ASM and Vulnscan analyzers. Updated Summary Analyzer.

analyzers/Onyphe/ONYPHE_ASM.json

@@ -0,0 +1,65 @@
+{
+  "name": "ONYPHE_ASM",
+  "version": "1.0",
+  "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "description": "Retrieve results from ONYPHE Search API for a given ip, domain or fqdn from specified category",
+  "dataTypeList": ["ip", "domain", "fqdn", "hash"],
+  "command": "Onyphe/onyphe_analyzer.py",
+  "baseConfig": "Onyphe",
+  "config": {
+    "service": "asm"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "time_filter",
+      "description": "Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)",
+      "type": "string",
+      "multi": false,
+      "required": false,
+      "defaultValue": "-since:1M"
+    },
+    {
+      "name": "fields_filter",
+      "description": "[!!Advanced!!] Modify ONYPHE fields to return in raw data (see https://www.onyphe.io/docs/onyphe-query-language)",
+      "type": "string",
+      "multi": false,
+      "required": false,
+      "defaultValue": "ip,port,protocol,tag,tls,cpe,cve,hostname,domain,alternativeip,forward,url,organization,transport,organization,device.class,device.product,device.productvendor,device.productversion,product,productvendor,productversion"
+    },
+    {
+      "name": "auto_import",
+      "description": "Automatically import artifacts as observables (risks, cves, assets, ...)",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://www.onyphe.io",
+  "service_logo": {
+    "path": "assets/onyphe_logo.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/Onyphe_Summary_long.png",
+      "caption": "Onyphe_Summary long report sample"
+    },
+    {
+      "path": "assets/Onyphe_Summary_short.png",
+      "caption": "Onyphe_Summary mini report sample"
+    }
+  ]
+}

analyzers/Onyphe/ONYPHE_Search.json

@@ -0,0 +1,65 @@
+{
+  "name": "ONYPHE_Search",
+  "version": "1.0",
+  "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "description": "Retrieve results from ONYPHE Search API for a given ip, domain, fqdn or hash (sha256 TLS fingerprint) from specified category",
+  "dataTypeList": ["ip", "domain", "fqdn", "hash"],
+  "command": "Onyphe/onyphe_analyzer.py",
+  "baseConfig": "Onyphe",
+  "config": {
+    "service": "search"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "category",
+      "description": "Specify ONYPHE category to be used for search API (default datascan)",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "datascan"
+    },
+    {
+      "name": "time_filter",
+      "description": "Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "-since:1M"
+    },
+    {
+      "name": "auto_import",
+      "description": "Automatically import artifacts as observables (risks, cves, assets, ...)",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": false
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://www.onyphe.io",
+  "service_logo": {
+    "path": "assets/onyphe_logo.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/Onyphe_Summary_long.png",
+      "caption": "Onyphe_Summary long report sample"
+    },
+    {
+      "path": "assets/Onyphe_Summary_short.png",
+      "caption": "Onyphe_Summary mini report sample"
+    }
+  ]
+}

analyzers/Onyphe/ONYPHE_Summary.json

@@ -0,0 +1,49 @@
+{
+  "name": "ONYPHE_Summary",
+  "version": "1.1",
+  "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "description": "Retrieve summary information Onyphe has for given ip, domain, or fqdn.",
+  "dataTypeList": ["ip", "domain", "fqdn"],
+  "command": "Onyphe/onyphe_analyzer.py",
+  "baseConfig": "Onyphe",
+  "config": {
+    "service": "summary"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "verbose_taxonomies",
+      "description": "Set true if you want detailed taxonomies for port, subnet, geoloc, domain",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": false
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://www.onyphe.io",
+  "service_logo": {
+    "path": "assets/onyphe_logo.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/Onyphe_Summary_long.png",
+      "caption": "Onyphe_Summary long report sample"
+    },
+    {
+      "path": "assets/Onyphe_Summary_short.png",
+      "caption": "Onyphe_Summary mini report sample"
+    }
+  ]
+}

analyzers/Onyphe/ONYPHE_Vulnscan.json

@@ -0,0 +1,65 @@
+{
+  "name": "ONYPHE_Vulnscan",
+  "version": "1.0",
+  "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "description": "Retrieve vulnerability data from ONYPHE vulnscan category for a given ip, domain, fqdn or hash (sha256 TLS fingerprint)",
+  "dataTypeList": ["ip", "domain", "fqdn", "hash"],
+  "command": "Onyphe/onyphe_analyzer.py",
+  "baseConfig": "Onyphe",
+  "config": {
+    "service": "vulnscan"
+  },
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "Define the API key to use to connect the service",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "time_filter",
+      "description": "Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)",
+      "type": "string",
+      "multi": false,
+      "required": true,
+      "defaultValue": "-since:1M"
+    },
+    {
+      "name": "only_vulnerable",
+      "description": "Only return results where a CVE exists (-exists:cve)",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "auto_import",
+      "description": "Automatically import artifacts as observables (risks, cves, assets, ...)",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": false
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "free_subscription": true,
+  "service_homepage": "https://www.onyphe.io",
+  "service_logo": {
+    "path": "assets/onyphe_logo.png",
+    "caption": "logo"
+  },
+  "screenshots": [
+    {
+      "path": "assets/Onyphe_Summary_long.png",
+      "caption": "Onyphe_Summary long report sample"
+    },
+    {
+      "path": "assets/Onyphe_Summary_short.png",
+      "caption": "Onyphe_Summary mini report sample"
+    }
+  ]
+}