Issue #521 Fix - Talos Analyzer No Longer Works

[colin-stubbs]

Perform initial request using requests.Session() in order to obtain initial session cookie, subsequent API requests will use cookie and store response cookie which rolls with each request.

[LaZyDK]

Working as intended on TheHive 3.4.0-1 and Cortex 3.0.0-1.

[KRUXLEX]

I have version: 3.0.0-1. And don't working :)

{
  "errorMessage": "Failed to query Talos details. Status_code 403",
  "input": "{\"data\":\"74.220.215.103\",\"dataType\":\"ip\",\"tlp\":2,\"message\":\"20\",\"parameters\":{},\"config\":{\"proxy_https\":\"",\"cacerts\":null,\"max_pap\":2,\"proxy\":{\"http\":\"h",\"https\":\""},\"jobTimeout\":30,\"check_tlp\":true,\"proxy_http\":\"",\"max_tlp\":2,\"auto_extract_artifacts\":true,\"jobCache\":10,\"check_pap\":true},\"pap\":1}",
  "success": false
}

[romarito90]

Perform initial request using requests.Session() in order to obtain initial session cookie, subsequent API requests will use cookie and store response cookie which rolls with each request.

Hello @colin-stubbs or anyone @KRUXLEX @LaZyDK What I need to change in my code to get the data from talosintelligence or you can show me how to do it ?? this is my code:

#!/usr/bin/env python3

#encoding: utf-8

import cfscrape
from cortexutils.analyzer import Analyzer

class TalosReputation(Analyzer):

def init(self):
Analyzer.init(self)

def summary(self, raw):
taxonomies = []
level = 'info' # If there's a change of naming, will be presented as info
namespace = 'Talos'
predicate = 'Reputation'
value = raw.get('email_score_name')
if value == 'Good':
level = 'safe'
elif value == 'Poor':
level = 'malicious'
elif value == 'Neutral':
level = 'suspicious'
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {'taxonomies': taxonomies}

def run(self):
Analyzer.run(self)
if self.data_type == 'ip':
try:
data = self.get_data()

        scraper = cfscrape.CloudflareScraper()

        headers = {
            'Host': '[talosintelligence.com](http://talosintelligence.com/)',
            'Referer': '[https://talosintelligence.com/reputation_center/lookup?search={}'.format(data)](https://talosintelligence.com/reputation_center/lookup?search=%7B%7D%27.format(data)),
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
            'Accept': 'application/json'
          
        }


        response_details = scraper.get('https://talosintelligence.com/sb_api/query_lookup',
            headers = headers,
            params = {
                'query': '/api/v2/details/ip/',
                'query_entry': data
                }
           
            )

        response_location = scraper.get('https://talosintelligence.com/sb_api/query_lookup',
            headers = headers,
            params = {
                'query': '/api/v2/location/ip/',
                'query_entry': data
                }
     
            )

        if response_details.status_code == 200 | 201:
            if response_location.status_code == 200 | 201:
                result = response_details.json()
                result['country'] = response_location.json().get('country', None)
                self.report(result if len(result) > 0 else {})
            else:
                self.error('Failed to query Talos location. Status_code {}'.format(response_location.status_code))
        else:
            self.error('Failed to query Talos details. Status_code {}'.format(response_details.status_code))
    except Exception as e:
        self.unexpectedError(e)
else:
    self.notSupported()

if name == 'main':
TalosReputation().run()

with this code I get this error