Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New analyzer: Talos Reputation #427

Merged
merged 3 commits into from May 7, 2019

Conversation

Projects
None yet
3 participants
@mgabriel-silva
Copy link

commented Feb 14, 2019

Fixes #426
Created an analyzer to query Cisco Talos Intelligence for IP spam reputation

@saadkadhi saadkadhi requested review from jeromeleonard and 3c7 Feb 14, 2019

@saadkadhi saadkadhi added this to the 1.16.0 milestone Feb 14, 2019

@mgabriel-silva mgabriel-silva changed the title Created an analyzer for Talos Reputation New analyzer: Talos Reputation Feb 19, 2019

@jeromeleonard jeromeleonard changed the base branch from master to develop Mar 23, 2019

@jeromeleonard

This comment has been minimized.

Copy link
Contributor

commented Mar 23, 2019

I get this error when running this analyzer : {"success": false, "input": {"tlp": 1, "dataType": "ip", "data": "8.8.8.8"}, "errorMessage": "Failed to query Talos. Status_code 403"}

Looking at the response from Talosintelligence site, I get this :
Screen Shot 2019-03-23 at 2 32 47 PM

@mgabriel-silva

This comment has been minimized.

Copy link
Author

commented Mar 25, 2019

I've analyzed the issue. Seems that Talos team don't want their endpoint used by APIs.
They've added a new cookie called '_talos_website_session' to prevent connections from external APIs.

@jeromeleonard jeromeleonard modified the milestones: 1.16.0, 1.17.0 Mar 26, 2019

@jeromeleonard

This comment has been minimized.

Copy link
Contributor

commented Mar 26, 2019

Thx for the info.
Moving it to the release 1.17.0 waiting for more info about what we can do with this analyzer.

@mgabriel-silva

This comment has been minimized.

Copy link
Author

commented Apr 24, 2019

Problem solved.
Now it works again.

@jeromeleonard jeromeleonard merged commit a271710 into TheHive-Project:develop May 7, 2019

jeromeleonard added a commit that referenced this pull request May 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.