Jack28
commented
4 years ago Hi @hariomenkel
I'm interested in this analyzer. How far did you get? I can offer to help testing if you need a hand.
Best Felix
Open NexusFuzzy opened 4 years ago
Jack28
commented
4 years ago Hi @hariomenkel
I'm interested in this analyzer. How far did you get? I can offer to help testing if you need a hand.
Best Felix
NexusFuzzy
commented
4 years ago This one should work: https://github.com/hariomenkel/Cortex-Analyzers
One thing which needs improvement is the report shown in TheHive. I almost forgot about this analyzer, I'll fix these issues and create a PR so it gets integrated in Cortex-Analyzers. Feel free to contact me if you find any issues!
One thing: I decided that I don't want to support URL analysis but instead I'm using DL&Exec when submitting URLs since this is (at least for me) more useful in my day to day job.
Jack28
commented
4 years ago Is this meant for CAPEv2 (https://github.com/kevoreilly/CAPEv2)? I'm asking because to me it looks extremly similar to the CuckooSandbox analyser, which it probably should. I could only get it to work by step by step adaption of endpoints and have stopped just before I went into reworking the attribute extraction from the report.
I started the CAPEv2 API directly from utils/api.py without uwsgi btw which could make a difference.
Any ideas? thx
NexusFuzzy
commented
4 years ago Yes it works both with v1 and v2. I'm currently testing against my private CAPEv2 instance but the one under capesandbox.com should work, too if it allows to download the JSON report.
I started with the CuckooAnalyzer to adapt it but changed a lot in the last few days (not reflected in my repo yet). In fact, I'm passing the whole report back to Cortex without any special parsing and do the report styling with AngularJS etc. These are the results so far:
What I'm trying to achieve is that you don't have to leave TheHive to see all the informations available in the CAPE report so I'm basically "copying" it into the analyzer report. If I'm progressing like I am now it should be finished in about a week.
Jack28
commented
4 years ago The screenshots look great. How are you progressing? Can you update your repository with the latest code. I want to get going on this
dadokkio
commented
4 years ago hi @hariomenkel , any update?
RC810
commented
2 years ago Just stumbling across this now and this is quite a bit better than the existing Cuckoo analyzer and the display of data. I know it's been some time, but would you be able to update your repo @hariomenkel so we can continue your work? Even if it's not completed, what you already had was a great achievement and it'd be a waste to not get it out there for the broader community.
I'm working on an analyzer to submit files & URLs to CAPE Sandbox (https://capesandbox.com/) which is a fork of Cuckoo Sandbox.
Current Status: Submitting files and URLs is already working, reports still have some glitches which I plan to fix before releasing the analyzer