weslambert
@dadokkio , this is almost ready to PR, but was just curious about the best approach for including the Capa binary. I haven't contributed a Docker-based analyzer/responder yet, so any...
This should be wrapped up very soon. Apologies for the delay.
@Passimist @m5050 This has been in my backlog, but given the interest, I'll see if I can re-test and get it wrapped up by the end of this week.
@Passimist Correct, it is using the Python 3 version. I believe I just needed to adjust the format of the results/template(s) to get it finished up.
PR: https://github.com/TheHive-Project/Cortex-Analyzers/pull/1027
Example templated report: 
https://github.com/TheHive-Project/Cortex-Analyzers/issues/822
Thanks for the detailed answer, @ethack ! I'll do some testing, and report back to confirm the procedure, or let you know if there I run into anything.
Here is a quick artifact to compute this hash from a file: https://gist.github.com/weslambert/ab98195cec7575a29d4013948acad05a You could call it with something like: `SELECT * from Artifact.Custom.Windows.Enrichment.TLSH(File=$YOURFILE)`
https://github.com/Security-Onion-Solutions/securityonion/pull/12652