Adding some analyzers for common tools #86

alexgoedeke · 2017-08-03T11:29:13Z

This pull requests has the following analyzers:

Bluecoat: Check domains against Bluecoat's site reputation check
MailParser: Parser *.msg files and check IPs. URLs and attachments against MISP, also run the FileInfo analyzer against every attachment
ThreatCrowd: Run some basic checks against ThreatCrowd
ipvoid: Search ipvoid for information.
Th0r: Parse th0r reports and lookup outputs in MISP

co-devs · 2019-01-23T06:11:19Z

Any chance for review? An IPvoid analyzer would be a nice addition.

nadouani · 2019-02-20T13:20:15Z

Hello, I'm personally not a fan of calling a Cortex service and a MISP from the analyzer code.

nadouani · 2019-02-20T13:21:52Z

And since the PR is old, it depends on a Cortex v1 which has no authentication mechanism etc..

jeromeleonard · 2019-05-15T06:23:30Z

I agree. for IPvoid there is the #455 that could be in a future release.

alexgoedeke added 2 commits August 3, 2017 13:20

add services

693d522

delete unused code

2be47b0

alexgoedeke mentioned this pull request Aug 3, 2017

Feature/bluecoat #84

Merged

add report templates

ee830a7

nadouani requested a review from jeromeleonard August 25, 2017 10:21

alexgoedeke added 5 commits September 8, 2017 12:50

Delete readme.md

0b3a2d4

Delete readme.md

65b93c6

Delete readme.md

38bb9ca

Delete readme.md

d83c603

Delete readme.md

cfca0fb

3c7 added status:pr-submitted status:needs-review category:new-analyzer New analyzer submitted labels Jan 23, 2019

3c7 added this to the 1.16.0 milestone Jan 23, 2019

jeromeleonard modified the milestones: 1.16.0, 1.17.0 Mar 23, 2019

nadouani self-assigned this Apr 26, 2019

jeromeleonard removed this from the 2.1.0 milestone May 17, 2019

IFX-CDC closed this by deleting the head repository Feb 22, 2023

Provide feedback