Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated JSB analyzer #1022

Merged
merged 4 commits into from Jan 25, 2022
Merged

Updated JSB analyzer #1022

merged 4 commits into from Jan 25, 2022

Conversation

iamELG
Copy link
Contributor

@iamELG iamELG commented Aug 10, 2021

I added some feature to the JSB analyzer:

  • Two new flavor for the JSB analyzer(JoeSandbox_Full_Report_File_Analysis_Noinet and JoeSandbox_Full_Report_File_Analysis_Inet), this flavor allow you to get the HTML report from JSB. The HTML report is seen as an artifact and can be imported as an observable.
  • Images are added to the JSON response, which mean that with the right report template you can display the image from the JSB analysis in TheHive.

@iamELG iamELG changed the title 2 new flavor for the JSB analyzer, images are added to the json Updated JSB analyzer Aug 10, 2021
@jeromeleonard jeromeleonard added this to the 3.1.0 milestone Aug 12, 2021
@jeromeleonard jeromeleonard added category:enhancement Issue is related to an existing feature to improve scope:analyzer Issue is analyzer related labels Aug 12, 2021
@jeromeleonard jeromeleonard changed the base branch from master to develop August 12, 2021 06:30
@jeromeleonard jeromeleonard self-requested a review August 30, 2021 15:26
jeromeleonard
jeromeleonard reviewed Aug 30, 2021
View reviewed changes
analyzers/JoeSandbox/JoeSandbox_File_Analysis_Inet.json
"multi": false,
"required": true,
"defaultValue": false
}
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc for Analyzers and Responders is generated automatically, based upon json files, readme.md file and pictures. Can you update the analyzer with the missing content, please ?
You can look at the documentation here: https://thehive-project.github.io/Cortex-Analyzers/dev_guides/analyzers_definition/.
You can also get inspired from one of existing analyzers like https://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/EmlParser and see the result here: https://thehive-project.github.io/Cortex-Analyzers/analyzers/EmlParser/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello,
I've updated my pull request with some documentation.
Let me know if I need to add or change anything else :-)

jeromeleonard
jeromeleonard reviewed Aug 30, 2021
View reviewed changes
analyzers/JoeSandbox/JoeSandbox_File_Analysis_Noinet.json
"multi": false,
"required": true,
"defaultValue": false
}
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similar comment.

jeromeleonard
jeromeleonard reviewed Aug 30, 2021
View reviewed changes
analyzers/JoeSandbox/JoeSandbox_Full_Report_File_Analysis_Inet.json Outdated
"defaultValue": 30
}
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similar comment.

jeromeleonard
jeromeleonard reviewed Aug 30, 2021
View reviewed changes
analyzers/JoeSandbox/JoeSandbox_Full_Report_File_Analysis_Noinet.json Outdated
"defaultValue": 30
}
]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similar comment.

jeromeleonard added a commit that referenced this pull request Jan 25, 2022
@jeromeleonard
#1022 update templates
87034f7 
Signed-off-by: Jérôme Leonard <jerome@thehive-project.org>
jeromeleonard added a commit that referenced this pull request Jan 25, 2022
@jeromeleonard
#1022 update templates
b2b6fc6 
Signed-off-by: Jérôme Leonard <jerome@thehive-project.org>
@jeromeleonard jeromeleonard merged commit 9a5fab8 into TheHive-Project:develop Jan 25, 2022
jeromeleonard added a commit that referenced this pull request Jan 25, 2022
@jeromeleonard
#1022 fix doc
7b58f77 
Signed-off-by: Jérôme Leonard <jerome@thehive-project.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeromeleonard jeromeleonard jeromeleonard left review comments

Assignees
No one assigned
Labels
category:enhancement Issue is related to an existing feature to improve scope:analyzer Issue is analyzer related
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@iamELG @jeromeleonard