add templates and small fixes

TheHive-Project · Jul 7, 2020 · 73a2776 · 73a2776
1 parent 964da3b
commit 73a2776
Show file tree

Hide file tree

Showing 6 changed files with 157 additions and 36 deletions.
diff --git a/analyzers/DomainMailSPFDMARC/assets/DomainMailSPFDMARC_long.png b/analyzers/DomainMailSPFDMARC/assets/DomainMailSPFDMARC_long.png
diff --git a/analyzers/DomainMailSPFDMARC/assets/DomainMailSPFDMARC_short.png b/analyzers/DomainMailSPFDMARC/assets/DomainMailSPFDMARC_short.png
diff --git a/analyzers/DomainMailSPFDMARC/domainMailSPFDMARC.py b/analyzers/DomainMailSPFDMARC/domainMailSPFDMARC.py
@@ -6,44 +6,43 @@
 import checkdmarc
 
 class DomainMailSPFDMARC(Analyzer):
-        def __init__(self):
-                Analyzer.__init__(self)
-                self.name = "DomainMailSPFDMARC"
-        def summary(self, raw):
-                taxonomies = []
-                level = "malicious"
-                level_s = "suspicious"
-                level_sa = "safe"
-                namespace = "DomainMailSPF_DMARC"
-                predicate = "tag"
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.name = "DomainMailSPFDMARC"
 
-                if 'error' in raw['DomainMailSPFDMARC_info']['DomainMailSPFDMARC']['dmarc']:
-                        if 'error' in raw['DomainMailSPFDMARC_info']['DomainMailSPFDMARC']['spf']:
-                                taxonomies.append(self.build_taxonomy(level, namespace,"DMARC","no"))
-                                taxonomies.append(self.build_taxonomy(level, namespace,"SPF","no"))
-                        else:
-                                taxonomies.append(self.build_taxonomy(level_sa, namespace,"SPF","yes"))
-                                taxonomies.append(self.build_taxonomy(level_s, namespace,"DMARC","no"))
-                else:
-                        if 'error' in raw['DomainMailSPFDMARC_info']['DomainMailSPFDMARC']['spf']:
-                                taxonomies.append(self.build_taxonomy(level_s, namespace,"SPF","no"))
-                                taxonomies.append(self.build_taxonomy(level_sa, namespace,"DMARC","yes"))
-                        else:
-                                taxonomies.append(self.build_taxonomy(level_sa, namespace,"SPF","yes"))
-                                taxonomies.append(self.build_taxonomy(level_sa, namespace,"DMARC","yes"))
+    def summary(self, raw):
+        taxonomies = []
+        namespace = "DomainMailSPF_DMARC"
 
-                return {'taxonomies': taxonomies}
-        def get_info(self, data):
-                try:
-                        result = checkdmarc.check_domains(data.split()) 
-                except ValueError:
-                        print("Explotioooooooo")
-                return {"DomainMailSPFDMARC": dict(result)}
+        if 'error' in raw['DomainMailSPFDMARC']['dmarc']:
+            if 'error' in raw['DomainMailSPFDMARC']['spf']:
+                taxonomies.append(self.build_taxonomy("malicious", namespace,"DMARC","no"))
+                taxonomies.append(self.build_taxonomy("malicious", namespace,"SPF","no"))
+            else:
+                taxonomies.append(self.build_taxonomy("safe", namespace,"SPF","yes"))
+                taxonomies.append(self.build_taxonomy("suspicious", namespace,"DMARC","no"))
+        else:
+            if 'error' in raw['DomainMailSPFDMARC']['spf']:
+                taxonomies.append(self.build_taxonomy("suspicious", namespace,"SPF","no"))
+                taxonomies.append(self.build_taxonomy("safe", namespace,"DMARC","yes"))
+            else:
+                taxonomies.append(self.build_taxonomy("safe", namespace,"SPF","yes"))
+                taxonomies.append(self.build_taxonomy("safe", namespace,"DMARC","yes"))
+
+        return {'taxonomies': taxonomies}
+
+    def get_info(self, data):
+        try:
+            result = checkdmarc.check_domains(data.split()) 
+        except Exception as e :
+            self.error(e)
+        return {"DomainMailSPFDMARC": dict(result)}
 
-        def run(self):
-                if self.data_type == 'domain' or self.data_type == 'fqdn':
-                        data = self.get_data()
-                        self.report({"DomainMailSPFDMARC_info": self.get_info(data)})
+    def run(self):
+        if self.data_type == 'domain' or self.data_type == 'fqdn':
+            self.report(self.get_info(self.get_data()))
+        else:
+            self.error('Data type not supported. Please use this analyzer with data types domain or fqdn.')
 
 if __name__ == '__main__':
-        DomainMailSPFDMARC().run()
+    DomainMailSPFDMARC().run()
diff --git a/analyzers/DomainMailSPFDMARC/domainMailSPFDMARC_get_reports.json b/analyzers/DomainMailSPFDMARC/domainMailSPFDMARC_get_reports.json
@@ -12,5 +12,19 @@
     "service": "get"
   },
   "configurationItems": [
+  ],
+  "registration_required": false,
+  "subscription_required": false,
+  "free_subscription": false,
+  "screenshots": [
+    {
+      "path": "assets/DomainMailSPFDMARC_long.png",
+      "caption": "DomainMailSPFDMARC long report sample"
+    },
+    {
+      "path": "assets/DomainMailSPFDMARC_short.png",
+      "caption:": "DomainMailSPFDMARC mini report sample"
+    }
   ]
 }
+
diff --git a/thehive-templates/DomainMailSPFDMARC_1_1/long.html b/thehive-templates/DomainMailSPFDMARC_1_1/long.html
@@ -0,0 +1,105 @@
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        DomainMailSPF_DMARC information for <strong>{{artifact.data}}</strong>
+    </div>
+    <div class="panel-body">
+        <div>
+            <dl class="dl-horizontal">
+                <dt class="text-bold">Domain</dt>
+                <dd>{{content.DomainMailSPFDMARC.domain}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt class="text-bold">Base domain</dt>
+                <dd>{{content.DomainMailSPFDMARC.base_domain}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt class="text-bold">dnssec</dt>
+                <dd>{{content.DomainMailSPFDMARC.dnssec}}</dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.DomainMailSPFDMARC.ns.hostnames.length > 0">
+                <dt class="text-bold">[NS] Hostnames</dt>
+                <dd>{{content.DomainMailSPFDMARC.ns.hostnames.join(', ') }}</dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.DomainMailSPFDMARC.ns.warnings.length > 0">
+                <dt class="text-bold">[NS] Warnings</dt>
+                <dd>{{content.DomainMailSPFDMARC.ns.warnings.join('\n') }}</dd>
+            </dl>
+
+            <dl class="dl-horizontal" ng-if="content.DomainMailSPFDMARC.mx.hosts.length > 0">
+                <dt class="text-bold">[MX] Hosts</dt>
+                <dd>{{content.DomainMailSPFDMARC.mx.hosts.join(', ') }}</dd>
+            </dl>
+            <dl class="dl-horizontal" ng-if="content.DomainMailSPFDMARC.mx.warnings.length > 0">
+                <dt class="text-bold">[MX] Warnings</dt>
+                <dd>{{content.DomainMailSPFDMARC.mx.warnings.join('\n')}}</dd>
+            </dl>
+        </div>
+    </div>
+</div>
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        SPF
+    </div>
+    <div class="panel-body">
+        <div>
+            <dl class="dl-horizontal">
+                <dt>Record</dt>
+                <dd>{{content.DomainMailSPFDMARC.spf.record}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>Valid</dt>
+                <dd>{{content.DomainMailSPFDMARC.spf.valid}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>Error</dt>
+                <dd>{{content.DomainMailSPFDMARC.spf.error}}</dd>
+            </dl>                        
+        </div>
+    </div>
+</div>
+<div class="panel panel-info" ng-if="success">
+    <div class="panel-heading">
+        DMARK
+    </div>
+    <div class="panel-body">
+        <div>
+            <h4 >Info</h4>
+            <dl class="dl-horizontal">
+                <dt>Record</dt>
+                <dd>{{content.DomainMailSPFDMARC.dmarc.record}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>Valid</dt>
+                <dd>{{content.DomainMailSPFDMARC.dmarc.valid}}</dd>
+            </dl>
+            <dl class="dl-horizontal">
+                <dt>Error</dt>
+                <dd>{{content.DomainMailSPFDMARC.dmarc.error}}</dd>
+            </dl>              
+            <dl class="dl-horizontal">
+                <dt>Location</dt>
+                <dd>{{content.DomainMailSPFDMARC.dmarc.location}}</dd>
+            </dl>                        
+            <dl class="dl-horizontal" ng-if="content.DomainMailSPFDMARC.dmarc.warnings.length > 0">
+                <dt class="text-bold">Warnings</dt>
+                <dd>{{content.DomainMailSPFDMARC.dmarc.warnings.join('\n')}}</dd>
+            </dl>      
+            <hr>
+            <h4 >Tags</h4>
+            <dl class="dl-horizontal" ng-repeat="(tag, value) in content.DomainMailSPFDMARC.dmarc.tags">
+                <dt>{{tag}}</dt>
+                <dd>{{value.value}} <span ng-if="value.explicit">[Explicit]</span></dd>
+            </dl>
+        </div>
+    </div>
+</div>
+
+<!-- General error -->
+<div class="panel panel-danger" ng-if="!success">
+    <div class="panel-heading">
+        <strong>{{artifact.data | fang}}</strong>
+    </div>
+    <div class="panel-body">
+        {{content.errorMessage}}
+    </div>
+</div>
diff --git a/thehive-templates/DomainMailSPFDMARC_1_1/short.html b/thehive-templates/DomainMailSPFDMARC_1_1/short.html
@@ -0,0 +1,3 @@
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>