Cortex-Analyzers icon indicating copy to clipboard operation
Cortex-Analyzers copied to clipboard
verified publisher icon TheHive-Project

Unit777/analyzers

Open bullerdude opened this issue 8 years ago • 5 comments

New analysers for Cortex:, initial versions:

  • WhoisXMLAPI (Tool: https://www.whoisxmlapi.com/whois-api-doc.php)
  • IRMA (Tool: http://irma.quarkslab.com/

bullerdude avatar May 10 '17 07:05 bullerdude

Hi guys, I've just tested the IRMA analyzer with an IRMA 1.5.2 VM:

  • Since Cortex 1.1, analyzers require 3 more information: author (author name or org name), license and url.
  • I don't have any experience with IRMA, and I'm wordering if one could enable an authentication mechanism to protect the IRMA APIs, and in this case the analyzer should allow the users to provide at least creads for basic authentication (that was my case, since I've got access to the demo instance demo quarkslab)

Please let know if you want me to add the basic authentication support, otherwise the analyzer is OK, we just need to review the summary() method to produce a taxonomy for mini reports

nadouani avatar Jul 05 '17 16:07 nadouani

Hi @nadouani, we can update the IRMA analyser when we get some time, unless someone else is happy to take over development of it as it is no longer in use for us.

BrevilleBro avatar Jul 09 '17 10:07 BrevilleBro

@BrevilleBro that's fine, I'll add what I was talking about. I've reviewed the analyzer and it sounds fine. We're just missing the author information ;)

nadouani avatar Jul 09 '17 18:07 nadouani

Hey @bullerdude @BrevilleBro, how is the status on this one?

3c7 avatar Dec 14 '17 08:12 3c7

Hi @3c7 ,

We are no longer using these and therefore have ceased development of them. They should however, be compatible with the current versions of Cortex, as @nadouani has kindly cleaned them up.

BrevilleBro avatar Dec 22 '17 01:12 BrevilleBro