diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json index 92bae01c8..a3e341565 100644 --- a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json +++ b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json @@ -16,6 +16,13 @@ "multi": false, "required": true }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, { "name": "verifyssl", "description": "Verify SSL certificate", @@ -23,6 +30,13 @@ "multi": false, "required": true, "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ] } diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json index 936fef88d..964a0f22a 100644 --- a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json +++ b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json @@ -16,6 +16,13 @@ "multi": false, "required": true }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, { "name": "verifyssl", "description": "Verify SSL certificate", @@ -23,6 +30,13 @@ "multi": false, "required": true, "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ] diff --git a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py index b68a3954a..074d97a5d 100755 --- a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py +++ b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py @@ -13,10 +13,11 @@ def __init__(self): Analyzer.__init__(self) self.url = self.get_param('config.url', None, 'CuckooSandbox url is missing') self.url = self.url + "/" if not self.url.endswith("/") else self.url + self.token = self.get_param('config.token', None, None) # self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None) # self.networktimeout = self.get_param('config.networktimeout', 30, None) - self.verify = self.get_param('config.verifyssl', True, None) - if not self.verify: + self.verify_ssl = self.get_param('config.verifyssl', True, None) + if not self.verify_ssl: from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) @@ -50,6 +51,9 @@ def run(self): Analyzer.run(self) try: + headers = dict() + if self.token and self.token != "": + headers['Authorization'] = "Bearer {0}".format(self.token) # file analysis if self.data_type == 'file': @@ -57,16 +61,26 @@ def run(self): filename = self.get_param('filename', basename(filepath)) with open(filepath, "rb") as sample: files = {"file": (filename, sample)} - response = requests.post(self.url + 'tasks/create/file', files=files, verify=self.verify) - task_id = response.json()['task_ids'][0] if 'task_ids' in response.json().keys() \ - else response.json()['task_id'] + response = requests.post(self.url + 'tasks/create/file', files=files, headers=headers, verify=self.verify_ssl) + if 'task_ids' in response.json().keys(): + task_id = response.json()['task_ids'][0] + elif 'task_id' in response.json().keys(): + task_id = response.json()['task_id'] + elif response.status_code == 401: + self.error("API token is required by this Cuckoo instance.") + else: + self.error(response.json()['message']) # url analysis elif self.data_type == 'url': data = {"url": self.get_data()} - response = requests.post( - self.url + 'tasks/create/url', data=data, verify=self.verify) - task_id = response.json()['task_id'] + response = requests.post(self.url + 'tasks/create/url', data=data, headers=headers, verify=self.verify_ssl) + if 'task_id' in response.json().keys(): + task_id = response.json()['task_id'] + elif response.status_code == 401: + self.error("API token is required by this Cuckoo instance.") + else: + self.error(response.json()['message']) else: self.error('Invalid data type !') @@ -75,8 +89,7 @@ def run(self): tries = 0 while not finished and tries <= 15: # wait max 15 mins time.sleep(60) - response = requests.get( - self.url + 'tasks/view/' + str(task_id), verify=self.verify) + response = requests.get(self.url + 'tasks/view/' + str(task_id), headers=headers, verify=self.verify_ssl) content = response.json()['task']['status'] if content == 'reported': finished = True @@ -85,8 +98,7 @@ def run(self): self.error('CuckooSandbox analysis timed out') # Download the report - response = requests.get( - self.url + 'tasks/report/' + str(task_id) + '/json', verify=self.verify) + response = requests.get(self.url + 'tasks/report/' + str(task_id) + '/json', headers=headers, verify=self.verify_ssl) resp_json = response.json() list_description = [x['description'] for x in resp_json['signatures']] if 'suricata' in resp_json.keys() and 'alerts' in resp_json['suricata'].keys(): @@ -148,7 +160,7 @@ def run(self): }) except requests.exceptions.RequestException as e: - self.error(e) + self.error(str(e)) except Exception as e: self.unexpectedError(e) diff --git a/analyzers/catalog-devel.json b/analyzers/catalog-devel.json index 2158f9a3e..bc71d756c 100644 --- a/analyzers/catalog-devel.json +++ b/analyzers/catalog-devel.json @@ -306,6 +306,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:devel" @@ -329,6 +351,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:devel" diff --git a/analyzers/catalog-stable.json b/analyzers/catalog-stable.json index 221c2002e..e4d9cfeb4 100644 --- a/analyzers/catalog-stable.json +++ b/analyzers/catalog-stable.json @@ -306,6 +306,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1.1" @@ -329,6 +351,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1.1" diff --git a/analyzers/catalog.json b/analyzers/catalog.json index c92be13ec..a8b9e4951 100644 --- a/analyzers/catalog.json +++ b/analyzers/catalog.json @@ -306,6 +306,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1" @@ -329,6 +351,28 @@ "type": "string", "multi": false, "required": true + }, + { + "name": "token", + "description": "API token", + "type": "string", + "multi": false, + "required": false + }, + { + "name": "cert_check", + "description": "Verify server certificate", + "type": "boolean", + "multi": false, + "required": true, + "defaultValue": true + }, + { + "name": "cert_path", + "description": "Path to the CA on the system used to check server certificate", + "type": "string", + "multi": false, + "required": false } ], "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1"