Skip to content

Commit 48ec7d8

Browse files
jeromeleonardjeromeleonard
committed
#572 cleaning and merging
2 parents e7aeb0f + 302e352 commit 48ec7d8

File tree

6 files changed

+616
-4
lines changed

6 files changed

+616
-4
lines changed

analyzers/DomainToolsIris/DomainToolsIris_Investigate.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"name": "DomainToolsIris_Investigate",
3+
"version": "1.0",
4+
"author": "DomainTools",
5+
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
6+
"license": "AGPL-V3",
7+
"description": "Use DomainTools Iris API to investigate a domain.",
8+
"dataTypeList": ["domain"],
9+
"command": "DomainToolsIris/domaintoolsiris_analyzer.py",
10+
"baseConfig": "DomainToolsIris",
11+
"config": {
12+
"service": "investigate-domain"
13+
},
14+
"configurationItems": [
15+
{
16+
"name": "username",
17+
"description": "DomainTools Iris API credentials",
18+
"type": "string",
19+
"multi": false,
20+
"required": true
21+
},
22+
{
23+
"name": "key",
24+
"description": "DomainTools Iris API credentials",
25+
"type": "string",
26+
"multi": false,
27+
"required": true
28+
},
29+
{
30+
"name": "pivot_count_threshold",
31+
"description": "Pivot count threshold.",
32+
"type": "number",
33+
"multi": false,
34+
"required": false,
35+
"defaultValue": 500
36+
}
37+
]
38+
}

analyzers/DomainToolsIris/domaintoolsiris_analyzer.py

100755100644
Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -153,12 +153,12 @@ def format_single_domain(self, domain_data):
153153
] = DomainToolsAnalyzer.get_threat_level_class(
154154
domain_risk["tpm"]["value"]
155155
)
156-
threat_profile_phshing_data = DomainToolsAnalyzer.get_threat_component(
156+
threat_profile_phishing_data = DomainToolsAnalyzer.get_threat_component(
157157
risk_components, "threat_profile_phishing"
158158
)
159-
if threat_profile_phshing_data:
159+
if threat_profile_phishing_data:
160160
domain_risk["tpp"] = {}
161-
domain_risk["tpp"]["value"] = threat_profile_malware_data.get(
161+
domain_risk["tpp"]["value"] = threat_profile_phishing_data.get(
162162
"risk_score", 0
163163
)
164164
domain_risk["tpp"][
@@ -171,7 +171,7 @@ def format_single_domain(self, domain_data):
171171
)
172172
if threat_profile_spam_data:
173173
domain_risk["tps"] = {}
174-
domain_risk["tps"]["value"] = threat_profile_malware_data.get(
174+
domain_risk["tps"]["value"] = threat_profile_spam_data.get(
175175
"risk_score", 0
176176
)
177177
domain_risk["tps"][

analyzers/DomainToolsIris/screenshots/InvestigateLongSummary.png

147 KB
Loading

analyzers/DomainToolsIris/screenshots/InvestigateShortSummary.png

20.1 KB
Loading

0 commit comments

Comments
 (0)