search

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository
https://TheHive-Project.github.io/Cortex-Analyzers/
GNU Affero General Public License v3.0
422 stars 371 forks source link

New Analyzer: Symantec Content Analysis #380

Open yesOrMaybeWhatever opened 5 years ago

yesOrMaybeWhatever commented 5 years ago

Request Type

Analyzer

Description

Add Symantec Content Analysis.

https://support.symantec.com/en_US/article.DOC10634.html

nadouani commented 5 years ago

This analyzer needs to be contributed by the community because, we (core team) don't have access to a Symantec Content Analysis sandbox. If you have it, we can help you write the analyzer, or if someone else have it and can contribute than it's more than welcome

Thanks

yesOrMaybeWhatever commented 5 years ago

@nadouani Yes, we have one in our environment. "we can help you write the analyzer" how does this help look like ?

nadouani commented 5 years ago

An analyzer is a simple Python script usually calling some APIs.

First question: does that product (SCA) expose a HTTP API to submit files for analysis? We already made that with Joe Sandbox and we can make the same work.

yesOrMaybeWhatever commented 5 years ago

@nadouani please have a look at https://support.symantec.com/en_US/article.DOC10465.html I guess this is what you are asking about :)

yesOrMaybeWhatever commented 5 years ago

@nadouani Could you please assist me ? I look forward to your answer. Help is much appreciated!