add threatcrowd analyzer #244
Conversation
|
Hello @remiallain Thanks for the PR. Could you use HTTPS when calling the APIs |
|
Hello @nadouani , thanks for your comment, I've updated it . |
|
Thanks, concerning the long report, what information do you think useful to display? |
|
For all dataType :
For
For
For
|
|
Hey @remiallain, would you consider this analyzer as "completed"? |
3c7
added
category:enhancement
|
Hello @3c7 , yes it's completed ;) |
|
@remiallain perfect. :) |
| "version": "1.0", | ||
| "description": "Search for information on threatcrowd.org", | ||
| "dataTypeList": [ | ||
| "email", |
There was a problem hiding this comment.
Default e-mail data type is mail.
|
|
||
| if (self.data_type == 'domain' or self.data_type == 'ip' or self.data_type == 'email'): | ||
| try: | ||
| response = requests.get("{}/{}/report/".format(self.URI, self.data_type), {self.data_type: self.get_data()}) |
There was a problem hiding this comment.
As above: default e-mail datatype is mail.
Something like self.data_type if self.data_type != 'mail' else 'email' would be possible. Requests to threat crowd contains then email as a datatype.
|
|
||
| if 'votes' in raw: | ||
| r = raw.get('votes') | ||
| value = r |
There was a problem hiding this comment.
r is None if ThreatCrowd doesn't know an email. That should be catched somehow.
There was a problem hiding this comment.
(the level would be unspecified that way)
| Threatcrowd analysis for | ||
| <strong>{{artifact.data}}</strong> | ||
| </div> | ||
| <div class="panel-body"> |
There was a problem hiding this comment.
This should catch an empty result, because currently there would be an empty table.
No description provided.