TheHive4py icon indicating copy to clipboard operation
TheHive4py copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

Query cortex analyzers via API

Open InsanesTheName opened this issue 6 years ago • 2 comments

Request Type

Feature Request

Description

Using the run_analyzer() function implemented in #40, I would like to be able to query the analyzers in Cortex. My use case is as follows:

  • Create a case (from email using Synapse)
  • Extract IP(s) from the email and add it as an observable (in my fork of Synapse, I've mimicked the addFileObservable() functionality in a new function, addIPObservable())
  • Call run_analyzer() on that new observable

For the call to run_analyzer(), basically, I would like to be able to iterate/search through all available analyzers in Cortex. This would prevent having to hard-code the cortex_id and analyzer_id parameters, which would allow multiple analyzers to be run (depending on what is available), as well as prevent it from breaking when analyzers are updated.

InsanesTheName avatar Dec 17 '18 21:12 InsanesTheName

Hello,

this feature could be added to TheHive4py 2.0.0

If you want it to be included in the 1.x version, please submit a PR on top of 1.x branch

Thanks

nadouani avatar Dec 18 '18 09:12 nadouani

This means, adding something like a get_analyzers() method.

nadouani avatar Nov 15 '20 05:11 nadouani

We are closing this issue as it pertains to the 1.x version of thehive4py, which is no longer supported. We recommend upgrading to the latest release for continued support or issue resolution.

Kamforka avatar Oct 03 '23 17:10 Kamforka