search

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository
https://TheHive-Project.github.io/Cortex-Analyzers/
GNU Affero General Public License v3.0
423 stars 372 forks source link

Recorded Future Sandbox Analyzer #1252

Open Tux-Panik opened 3 months ago

Tux-Panik commented 3 months ago

In July 2022, Recorded Future acquired Hatching Triage sandbox technology. Thus, the existing 'Triage' analyzer developed by @nsmfoo could be adapted to fit with Recorded Future's sandbox API and allow submission of files, URLs and IPs as well.

I've manage this adaptation, but to avoid any copyright infringements, I would prefer not to publish it prior to get validation. Original Analyzer is under GPLv3, so it shouldn't be an issue to have such light modification while we mention the source.

https://github.com/TheHive-Project/Cortex-Analyzers/issues/1237

rpitts-recordedfuture commented 2 months ago

Hello @Tux-Panik , thank you for making this suggestion to include the Recorded Future Sandbox. It's an improvement I was also planning to add and in addition to the Recorded Future sandbox API we could also add the public sandbox, https://tria.ge, URL as well.

From a maintainability perspective, I think it would be best to only have one Triage analyzer that is configurable to select between the 3 URL endpoints.

nadouani commented 4 weeks ago

Hi @Tux-Panik, how would you like to manage the comment from @rpitts-recordedfuture ? Thanks for the contribution.

I can see a screenshot showing the report template. Could you please include it in this PR?

rpitts-recordedfuture commented 3 weeks ago

Hi @nadouani and @Tux-Panik , I made the changes I was suggesting to the Triage analyzer to make it easier to maintain 1 analyzer instead of 3. In my pull request, the API URL is now a configurable field so that the user can set it up for Recorded Future Sandbox usage, private sandbox usage, and now free users can configure the public sandbox to make submissions.

Let me know how you would like to proceed. Thank you for considering my changes and suggestions.

Tux-Panik commented 3 weeks ago

Hi man,

Thanks for following-up on this topic and for implementing the changes we both wanted.

I'll take some time to test it on my own, especially if the code works in an environnement where it was not crafted.

Will give you my feedback and will let Nabil move forward. A topic that we could have been discussed face to face past week 😁

See ya Julien

Le ven. 14 juin 2024, 23:58, rpitts-recordedfuture @.***> a écrit :

Hi @nadouani https://github.com/nadouani and @Tux-Panik https://github.com/Tux-Panik , I made the changes I was suggesting to the Triage analyzer to make it easier to maintain 1 analyzer instead of 3. In my pull request https://github.com/TheHive-Project/Cortex-Analyzers/pull/1264, the API URL is now a configurable field so that the user can set it up for Recorded Future Sandbox usage, private sandbox usage, and now free users can configure the public sandbox to make submissions.

Let me know how you would like to proceed. Thank you for considering my changes and suggestions.

— Reply to this email directly, view it on GitHub https://github.com/TheHive-Project/Cortex-Analyzers/pull/1252#issuecomment-2168814658, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPKUL4XZLGKFFF67WATBWLZHNRRLAVCNFSM6AAAAABFLF7YYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRYHAYTINRVHA . You are receiving this because you were mentioned.Message ID: @.***>