Skip to content

Commit

Permalink
#190 Update the long report and add more summary taxonomies
Browse files Browse the repository at this point in the history
  • Loading branch information
@nadouani
nadouani committed Dec 20, 2018
1 parent ab13a60 commit a85570b
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 52 deletions.
18 changes: 9 additions & 9 deletions analyzers/HIBP_Query/HIBP_Query.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@
},
"command": "HIBP_Query/hibpquery_analyzer.py",
"configurationItems": [
{
"name": "unverified",
"description": "Include unverified breaches",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": true
}
]
{
"name": "unverified",
"description": "Include unverified breaches",
"type": "boolean",
"multi": false,
"required": true,
"defaultValue": true
}
]
}
49 changes: 29 additions & 20 deletions analyzers/HIBP_Query/hibpquery_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,9 @@ class HIBPQueryAnalyzer(Analyzer):

def __init__(self):
Analyzer.__init__(self)
self.service = self.getParam(
'config.service', None, 'Service parameter is missing')
self.api_url = self.getParam('config.url', None, 'Missing API URL')
self.unverified = self.getParam('config.unverified', None, 'Missing Unverified option')
self.service = self.get_param('config.service', None, 'Service parameter is missing')
self.api_url = self.get_param('config.url', None, 'Missing API URL')
self.unverified = self.get_param('config.unverified', None, 'Missing Unverified option')

@staticmethod
def cleanup(return_data):
Expand All @@ -27,7 +26,8 @@ def cleanup(return_data):
for entry in return_data:
found = True
x = ast.literal_eval(str(entry))
matches.append(x)
matches.append(x)

response['CompromisedAccounts'] = matches

return response
Expand All @@ -36,14 +36,15 @@ def hibp_query(self, data):
results = dict()

try:
if self.unverified == True:
if self.unverified == True:
unverified = '?includeUnverified=true'
else:
unverified = ''
hibpurl = self.api_url + data + unverified
headers = {

hibpurl = self.api_url + data + unverified
headers = {
'User-Agent': 'HIBP-Cortex-Analyzer'
}
}

_query = requests.get(hibpurl, headers=headers)
if _query.status_code == 200:
Expand All @@ -66,30 +67,38 @@ def summary(self, raw):
level = "info"
namespace = "HIBP"
predicate = "Compromised"
if len(raw) == 0:

breach_count = len(raw)

if breach_count == 0:
level = "safe"
namespace = "HIBP"
predicate = "Compromised"
value = "False"
elif len(raw) > 0:
elif breach_count > 0:
level = "malicious"
namespace = "HIBP"
predicate = "Compromised"
value = "True"

taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))

# Add taxonomy for breach counts
if len(raw) > 0:
accounts = raw.get('CompromisedAccounts', [])

verified = len([a for a in accounts if a.get('IsVerified', None) == True])
if verified > 0:
taxonomies.append(self.build_taxonomy('info', 'HIBP', 'Verified', verified))

unverified = len([a for a in accounts if a.get('IsVerified', None) == False])
if unverified > 0:
taxonomies.append(self.build_taxonomy('info', 'HIBP', 'Unverified',unverified))

return {"taxonomies": taxonomies}

def run(self):

if self.service == 'query':
if self.data_type == 'mail':
data = self.getParam('data', None, 'Data is missing')

rep = self.hibp_query(data)
self.report(rep)

data = self.get_param('data', None, 'Data is missing')
self.report(self.hibp_query(data))
else:
self.error('Invalid data type')
else:
Expand Down
8 changes: 0 additions & 8 deletions analyzers/HIBP_Query/input
View file

This file was deleted.

30 changes: 15 additions & 15 deletions thehive-templates/HIBP_Query_1_0/long.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,42 +4,43 @@
</div>
<div class="panel-body">
<!-- Domain details -->
<p ng-if="content.CompromisedAccounts.length == 0">
<p ng-if="!content.CompromisedAccounts || content.CompromisedAccounts.length == 0">
Account was not Compromised.
</p>
<!-- Accounts -->
<p ng-if="content.CompromisedAccounts.length != 0">
Compromised Accounts:
<p ng-if="content.CompromisedAccounts.length > 0">
Compromised Accounts: {{content.CompromisedAccounts.length}}
</p>
<table class="table" ng-if="content.CompromisedAccounts.length != 0">
<table class="table" ng-if="content.CompromisedAccounts && content.CompromisedAccounts.length > 0">
<thead>
<th width="120px">IsVerified</th>
<th>PwnCNT</th>
<th>Domain</th>
<th>IsSensitive</th>
<th>Name</th>
<th>Title</th>
<th>Title</th>
<th>DataClasses</th>
<th>AddedDate</th>
<th>IsVerified</th>
<th>Description</th>
</thead>
<tbody ng-repeat="r in content.CompromisedAccounts">
<tr>
<td align="center">
<span><i class="fa" ng-class="{true: 'fa-check-circle text-success', false: 'fa-times-circle text-danger'}[r.IsVerified]"></i></span>
</td>
<td>{{r.PwnCount}}</td>
<td>{{r.Domain}}</td>
<td>{{r.Domain}}</td>
<td>{{r.IsSensitive}}</td>
<td>{{r.Name}}</td>
<td>{{r.Title}}</td>
<td>{{r.Title}}</td>
<td><p ng-repeat="x in r.DataClasses">{{x}}</p></td>
<td>{{r.AddedDate}}</td>
<td>{{r.IsVerified}}</td>
<td>{{r.Description}}</td>
</tr>
<tr>
<td colspan="8"><p>{{r.Description}}</p></td>
</tr>
</tbody>
</table>
</div>


</div>
</div>

<div class="panel panel-danger" ng-if="!success">
Expand All @@ -50,4 +51,3 @@
{{content.errorMessage}}
</div>
</div>

0 comments on commit a85570b

Please sign in to comment.