Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] HybridAnalysis API V2 #1117

Merged
merged 6 commits into from
Oct 18, 2024
Merged

[FIX] HybridAnalysis API V2 #1117

merged 6 commits into from
Oct 18, 2024

Conversation

X0x1RG9f
Copy link
Contributor

@X0x1RG9f X0x1RG9f commented Aug 2, 2022

Fixing HybridAnalysis analyzer that was not working since API V2 :

  • Fix added
  • API Secret not needed anymore in configuration (only API Key)
  • Adding possibility to analyze URL or Domain

@X0x1RG9f
[FIX] HybridAnalysis API V2
836f869 
Fixing HybridAnalysis analyzer that was not working since API V2 :
 - Fix added
 - API Secret not needed anymore in configuration (only API Key)
 - Adding possibility to analyze URL or Domain
@X0x1RG9f X0x1RG9f mentioned this pull request Aug 2, 2022
Closed
X0x1RG9f added 3 commits August 2, 2022 16:50
@X0x1RG9f
Fix
c8c4ba8 
Fix some cases where HA reports with "No specific threat" in API response while on Webpage it is marked as malicious with AV detections
@X0x1RG9f
Update HybridAnalysis_analyzer.py
240b4fc
@X0x1RG9f
Better solution
23c694d 
Loop throught all the last verdicts (less than an hour from last one) and take the worst verdict
Kradma
Kradma suggested changes Sep 8, 2022
View reviewed changes
Copy link

@Kradma Kradma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
I'm using this commit as a patch for the outdated analyzer.
Just a small comment, to use the datetime libraries you have to add the line from datetime import datetime.

Otherwise, thank you very much for adapting the code.

@bcampru
Copy link

bcampru commented Sep 19, 2022

Hello @X0x1RG9f I didn't see that there was an oppened pull request for this bug and I also have written a fix, while I was checking the API V2 I've found that there is a field named threat_score that in my opinion would make more sense to map with cortex's value, here it is my solution if you want to check it: https://github.com/bcampru/Cortex-Analyzers/blob/master/analyzers/HybridAnalysis/HybridAnalysis_analyzer.py

@nadouani nadouani added the category:enhancement Issue is related to an existing feature to improve label Sep 28, 2022
@evan251
Copy link

evan251 commented Jan 4, 2024

Hello everyone,
Does anyone know if this fix is planned to be merged to the main branch ?
Our team would be glad to have this analyzer working again !
Best regards,
Evan

@nusantara-self nusantara-self changed the base branch from master to develop October 16, 2024 08:58
@nusantara-self nusantara-self merged commit 8401628 into TheHive-Project:develop Oct 18, 2024
@nusantara-self nusantara-self added this to the 3.3.8 milestone Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kradma Kradma Kradma requested changes

Assignees
No one assigned
Labels
category:enhancement Issue is related to an existing feature to improve
Projects
None yet
Milestone
3.3.8
Development

Successfully merging this pull request may close these issues.
6 participants
@X0x1RG9f @bcampru @evan251 @Kradma @nadouani @nusantara-self