Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Fortiguard: Category parsing does not handle "-" #493

Closed
srilumpa opened this issue Jun 4, 2019 · 1 comment
Closed

[Bug] Fortiguard: Category parsing does not handle "-" #493

srilumpa opened this issue Jun 4, 2019 · 1 comment
Labels
category:bug Issue is related to a bug
Milestone
2.3.0

Comments

@srilumpa
Copy link
Contributor

srilumpa commented Jun 4, 2019

Describe the bug
Categories such as "Web-based Applications" or "Web-based Email" are not properly pared and identified by the Fortiguard_URLCategory analyzer.

To Reproduce
Steps to reproduce the behavior:

  1. execute ./urlcategory.py <<< '{"data":"http://trello.com","dataType":"url"}'

result is:

{
  "artifacts": [],
  "full": {
    "category": "Web"
  },
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "predicate": "URLCat",
        "namespace": "Fortiguard",
        "value": "Web",
        "level": "info"
      }
    ]
  }
}

Expected behavior

The result should be:

{
  "artifacts": [],
  "full": {
    "category": "Web-based Applications"
  },
  "success": true,
  "summary": {
    "taxonomies": [
      {
        "predicate": "URLCat",
        "namespace": "Fortiguard",
        "value": "Web-based Applications",
        "level": "info"
      }
    ]
  }
}

Work environment

  • Server OS: Debian stretch
  • Cortex version: N/A
  • Cortex Analyzer/Responder name: Fortiguard_URLCategory
  • Cortex Analyzer/Responder version: 2.1

Possible solutions

  • use regex [-\w\s]+ instead of [\w\s]+ to parse URL category from the API response
@srilumpa srilumpa added the category:bug Issue is related to a bug label Jun 4, 2019
@srilumpa srilumpa mentioned this issue Jun 4, 2019
Merged
phpsystems added a commit to phpsystems/Cortex-Analyzers that referenced this issue Oct 9, 2019
@phpsystems
Fix for issue TheHive-Project#493
3bae7fe
@phpsystems phpsystems mentioned this issue Oct 9, 2019
Merged
@jeromeleonard
Copy link
Contributor

fixed by #494

@jeromeleonard jeromeleonard modified the milestones: 2.2.1, 2.3.0 Nov 26, 2019
nadouani pushed a commit that referenced this issue Dec 25, 2019
@phpsystems @nadouani
Fix for the Abuse_Finder and Fortiguard (#541)
9b35265 
* Fix for issue #493

* Adding FQDN support to Abuse Finder #350

* Addition of FQDN to C1fApp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
2.3.0
Development

No branches or pull requests
2 participants
@srilumpa @jeromeleonard