search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.57k stars 1.71k forks source link

MISP Export after Reporting #2251

Open tosto92 opened 6 years ago

tosto92 commented 6 years ago

MISP Export after Reporting

Feature Request

Sometimes I have to re-run some analysis with different configuration and after these multiple analysis I need to clean my MISP instance.

Would be very useful to be able to export an analysis to a MISP instance after the analysis, on demand wih a button (in the export page for example) instead of doing it automatically with the reporting module.

doomedraven commented 6 years ago

when you reprocess that is normal, you need to disable that in configuration, feel free to PR that funcionality

tosto92 commented 6 years ago

Is a good idea to:

add abutton in export.html

cuckoo/cuckoo/web/templates/analysis/export.html

add the function that calls the new api in export.js

cuckoo/cuckoo/web/static/js/cuckoo/analysis_export.js

add the new api route

cuckoo/cuckoo/web/analysis/urls.py

add MISP reporting as an api in the export.py (importing the RunProcessing from plugins.py)

cuckoo/cuckoo/web/controllers/analysis/export/export.py cuckoo/cuckoo/core/plugins.py

doomedraven commented 6 years ago

as i told feel free to provide pull request ;)

tosto92 commented 6 years ago

Thanks, I was just trying to undesrstand if there's some standard in the developement.

doomedraven commented 6 years ago

check the documentation there is part for that

RicoVZ commented 6 years ago

Hi tosto92,

If you are still looking, these are the code style rules we follow. https://cuckoo.sh/docs/development/code_style.html