Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzers for Valhalla and Thunderstorm #943

Merged
merged 7 commits into from
Feb 26, 2021
Merged

Analyzers for Valhalla and Thunderstorm #943

merged 7 commits into from
Feb 26, 2021

Conversation

Neo23x0
Copy link

@Neo23x0 Neo23x0 commented Feb 22, 2021
edited
Loading

Two analyzers for our products

  • Valhalla (hash)
  • Thunderstorm (file)

Valhalla is publicly accessible and can be queried with the demo key (default in configuration).
THOR Thunderstorm is a commercial on-premise web service that receives samples and returns a scan result as JSON. Some customers asked for that analyzer. Should I provide analyzers for commercial services separately in our companies repo? (https://github.com/NextronSystems/Cortex-Analyzers)

I hope I did everything right. It's the first time I submit an analyzer.
Both analyzers have been tested in a demo installation.

@dadokkio
Copy link
Contributor

Can you improve analyzer json info following this guidelines https://thehive-project.github.io/Cortex-Analyzers/analyzers_definition/ with README, logo and subscription info? thanks!
Meanwhile I'm going to test them.

@dadokkio dadokkio changed the base branch from master to develop February 23, 2021 10:56
@dadokkio
Copy link
Contributor

I was able to test valhalla, I had just to fix a little the template but it works fine 😄

image

@dadokkio
Copy link
Contributor

For Thunderstom it's ok to have here in the pull. If you can provide me a temporary key I'll test it otherwise we will release it in any case without test.

@Neo23x0
Copy link
Author

Neo23x0 commented Feb 23, 2021
edited
Loading

@dadokkio I cannot provide a key, but a source IP whitelisting
Could you DM me on Twitter, Keybase or LinkeIn?

--- or I'll send you an Email

@dadokkio
Copy link
Contributor

Ok, little fixes to template also here:
image

Now it's just missing info in the json, Readme and screenshots! Can you add them?

@Neo23x0
Copy link
Author

Neo23x0 commented Feb 23, 2021

So, what's missing is a README.md and a sub folder ./assets with some screenshots of analyzed samples? Could you point me to a README someone else wrote? I can't see one in the folders of the Cortex-Analyzers repo.
Is the content of the README something you include somewhere else?

Screenshot 2021-02-23 at 15 07 17

@dadokkio
Copy link
Contributor

If you switch to update_docs branch we are working to update documentation for all analyzer:
here some pulls with all modified analyzers

@Neo23x0
Copy link
Author

Neo23x0 commented Feb 23, 2021

Ah, I just noticed that the DomainToolsIris folder has that info even in the master branch.

@Neo23x0
Copy link
Author

Neo23x0 commented Feb 23, 2021

Do I need that favicon.svg as well?

@dadokkio
Copy link
Contributor

I never noticed that.. so I hope not 😄

@Neo23x0
Copy link
Author

Neo23x0 commented Feb 23, 2021

I've added the changes:

  • Updated JSON
  • README.md
  • Screenshots

@dadokkio dadokkio added this to the 3.0.0 milestone Feb 23, 2021
@dadokkio dadokkio merged commit de934a2 into TheHive-Project:develop Feb 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
category:new-analyzer New analyzer submitted
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Neo23x0 @dadokkio @garanews