Cortex-Analyzers
Cortex-Analyzers copied to clipboard
TheHive-Project
Zscaler Analyzer
Zscaler Analyzer
Request Type
Analyzer
Work Environment
NA
| Question | Answer |
|---|---|
| OS version (server) | NA |
| OS version (client) | NA |
| Cortex Analyzer Name | Zscaler Analyzer |
| Cortex Analyzer Version | 1.2 |
| Cortex Version | 1.14.x |
| Browser type & version | NA |
Description
Beta version of a Zscaler Analyzer released. This analyzer requires a valid Zscaler subscription, ZIA API key and user account. Attempted to keep the analyzer inline with the Fortinet Analyzer where malicious and suspicious categories are configurable.
Supports the following dataTypes:
- domain
- fqdn
- ip
Complementary information
https://github.com/xg5-simon/Zscaler-Cortex-Analyzer
Whats the possibility we could get this merged in? Does it need any work or changes? Be happy to make it happen
Needs to be tested with the latest version of Cortex. Feel free to submit it to the official repo. The only thing I can change it it right now is the license.
Sent from my iPhone
On 20 Apr 2020, at 08:33, kx499 [email protected] wrote:
Whats the possibility we could get this merged in? Does it need any work or changes? Be happy to make it happen
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Hi,
I tested it today and I reach an "Invalid output" error message: I tried using a domain name and an IP address too.
I'm using Cortex v2.1.3-1 in a Docker. Files permissions are OK.
Did you face this issue? Thanks in advance. Kind regards,
Hi,
I have verified this analyser running Cortex 3.1.1.
It works very well!
I did however make 3 very small changes
- Zscaler.json: edit the "command" row to look like this: "Zscaler-Cortex-Analyzer/zscaler_analyzer.py"
- zscaler_analyzer.py: edit the first row from "python" to "python3"
- zscaler_analyzer.py: edit the row with "now = str(long(time.time() * 1000))" to look like this: "now = str(int(time.time() * 1000))"
So with these changes, maybe it's time to commit this analyzer =)
I can send a PR for the updates if needed, just let me know
Feel free to fork and submit the analyser to TheHive project. I’m not working in this space anymore. Glad it works for you!
On 6 Apr 2021, at 21:46, Mikael Keri @.***> wrote:
Hi,
I have verified this analyser running Cortex 3.1.1.
It works very well!
I did however make 3 very small changes
Zscaler.json: edit the "command" row to look like this: "Zscaler-Cortex-Analyzer/zscaler_analyzer.py" zscaler_analyzer.py: edit the first row from "python" to "python3" zscaler_analyzer.py: edit the row with "now = str(long(time.time() * 1000))" to look like this: "now = str(int(time.time() * 1000))" So with these changes, maybe it's time to commit this analyzer =)
I can send a PR for the updates if needed, just let me know
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
I’ll dig up the responder to block/allow urls for you.
On 7 Apr 2021, at 17:28, Mikael Keri @.***> wrote:
@xg5-simon Ok will do, thank you for writing it in the first place =)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
I’ll dig up the responder to block/allow urls for you. … On 7 Apr 2021, at 17:28, Mikael Keri @.***> wrote: @xg5-simon Ok will do, thank you for writing it in the first place =) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Hi xg5-simon. Apols for jumping in on this thread but were you able to track down the responder? Would be great to get that added. Thanks
