New Analyzer: Investigate

[yasty]

Request Type

Analyzer

Work Environment

N/A

Description

Hey guys, I work on Cisco Umbrella's security research team. I've written an analyzer for our Investigate service to check the security and content categorizations for domains and FQDNs, and to lookup sample hashes in our ThreatGrid database.

[yasty]

PR: #310

[garanews]

Hello,
we were working on the same functionality without using the investigate library.
Do you consider your PR a "work in progress" where in the future you will add the search for IP and or will expand the search capabilities? For example about the domains search we are doing more than 1 query:

domain_score = self._session.get('%s/domains/score/%s' % (self.url, data))
domain_risk_score = self._session.get('%s/domains/risk-score/%s' % (self.url, data))
domain_samples = self._session.get('%s/samples/%s' % (self.url, data))
domain_volume = self._session.get('%s/domains/volume/%s' % (self.url, data))
domain_security = self._session.get('%s/security/name/%s' % (self.url, data))
domain_timeline = self._session.get('%s/timeline/%s' % (self.url, data))
domain_history = self._session.get('%s/dnsdb/name/a/%s' % (self.url, data))

We are stuck on long template because we would visualize the timeline with a graph and not with a table but it seems complicated to pass values to an external libraries (like d3).

[jeromeleonard]

see comment in #310