The original ONYPHE Summary analyzer queries the ONYPHE Summary API for summary information (including threats) on a domain, ip or fqdn. The new analyzers use the ONYPHE Search API, which allows for full information on a domain, ip, fqdn or hash (TLS SHA256 fingerprint).
Summary of changes are :
Update of original Onyphe_Summary analyzer to fix a minor bug (this analyzer remains in the Analyzers repo)
Creation of ONYPHE_Search analyzer, allow for queries and full ONYPHE data for any category. TheHive template is optimised for Datascan, Onionscan and Riskscan. Others may work, but not all have been tested. ONYPHE in uppercase is company policy.
Creation of ONYPHE_Vulnscan analyzer, based on Search but with option allowing for only fetching vulnerable assets
Creation of ONYPHE_ASM analyzer, based on Search using 'riskscan' category. Fetches reduced data for a small TH database.
The original ONYPHE Summary analyzer queries the ONYPHE Summary API for summary information (including threats) on a domain, ip or fqdn. The new analyzers use the ONYPHE Search API, which allows for full information on a domain, ip, fqdn or hash (TLS SHA256 fingerprint).
Summary of changes are :