Homogenize parameters for analyzers and responders

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository

https://TheHive-Project.github.io/Cortex-Analyzers/

GNU Affero General Public License v3.0

434 stars 374 forks source link

Homogenize parameters for analyzers and responders #617

Open jeromeleonard opened 4 years ago

jeromeleonard commented 4 years ago

Homogenize parameters in configuration of Analyzers and Responders. Different terms exist in analyzers when defining api for example (api, key, api_key, apikey, ...). same thing for usernames ...

[ ] review all analyzers and choose only one term for each need
[ ] bump version for analyzers that are updated
[ ] review all responders and choose only one term for each need
[ ] bump version for responders that are updated
[ ] Update Analyzers and Responders development guide
[ ] Update PR and issues templates

dadokkio commented 4 years ago

I made a little script to find all configurationItems

import pandas as pd
import json
from glob import glob
dd = {}
for file in glob("analyzers/*/*.json"):
    with open(file, 'r') as f:
        jj = json.loads(f.read())
    if 'configurationItems' in jj.keys():
        short = "/".join(file.split("/")[-2:])
        dd[short] = {}
        for item in jj['configurationItems']:
            dd[short][item['name']] = True

df = pd.DataFrame(dd)
df.to_csv('configuration.csv')

This is [part of] the result with some duplicated items highlighted

garanews commented 4 years ago

Also homogenize filename of Analyzers and Responders (underscore Y/N, capital letters Y/N)