本文整理汇总了Python中cortexutils.analyzer.Analyzer类的典型用法代码示例。如果您正苦于以下问题:Python Analyzer类的具体用法?Python Analyzer怎么用?Python Analyzer使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Analyzer类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: run
def run(self):
Analyzer.run(self)
if self.data_type == 'file':
hashes = self.get_param('attachment.hashes', None)
if hashes is None:
filepath = self.get_param('file', None, 'File is missing')
sha256 = hashlib.sha256()
with io.open(filepath, 'rb') as fh:
while True:
data = fh.read(4096)
if not data:
break
sha256.update(data)
hash = sha256.hexdigest()
else:
# find SHA256 hash
hash = next(h for h in hashes if len(h) == 64)
self.otx_query_file(hash)
elif self.data_type == 'url':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_url(data)
elif self.data_type == 'domain':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_domain(data)
elif self.data_type == 'ip':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_ip(data)
elif self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_file(data)
else:
self.error('Invalid data type')示例2: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param(
'config.service', None, 'Service parameter is missing')
self.url = self.get_param('config.url', None, 'Missing API url')
self.key = self.get_param('config.key', None, 'Missing API key')
self.pwd = self.get_param('config.pwd', None, 'Missing API password')示例3: __init__
def __init__(self):
Analyzer.__init__(self)
self.basic_url = 'https://www.hybrid-analysis.com/api/'
self.headers = {'User-Agent': 'VxStream'}
self.secret = self.get_param('config.secret', None, 'VxStream Sandbox secret key is missing')
self.api_key = self.get_param('config.key', None, 'VxStream Sandbox API key is missing')示例4: run
def run(self):
Analyzer.run(self)
if self.data_type == 'ip':
try:
data = self.get_data()
city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data)
self.report({
'city': self.dump_city(city.city),
'continent': self.dump_continent(city.continent),
'country': self.dump_country(city.country),
'location': self.dump_location(city.location),
'registered_country': self.dump_country(city.registered_country),
'represented_country': self.dump_country(city.represented_country),
'subdivisions': self.dump_country(city.subdivisions.most_specific),
'traits': self.dump_traits(city.traits)
})
except ValueError as e:
self.error('Invalid IP address')
except AddressNotFoundError as e:
self.error('Unknown IP address')
except Exception as e:
self.unexpectedError(type(e))
else:
self.notSupported()示例5: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param(
'config.service', None, 'Service parameter is missing')
self.key = self.get_param('config.key', None, 'Missing API key')
self.pwd = self.get_param('config.pwd', None, 'Missing API password')
self.request_handler = APIRequestHandler(self.key, self.pwd)示例6: run
def run(self):
Analyzer.run(self)
if self.service == 'domainsearch' and (self.data_type == 'domain' or self.data_type == 'fqdn'):
try:
offset = 0
firstResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(self.URI, self.get_data(), self.key, offset))
firstResponse = firstResponse.json()
if firstResponse.get('meta'):
meta = firstResponse.get('meta')
while meta.get('results') > offset:
offset = meta.get('limit') + meta.get('offset')
additionalResponse = requests.get("{}domain-search?domain={}&api_key={}&limit=100&offset={}".format(
self.URI, self.get_data(), self.key, offset))
additionalResponse = additionalResponse.json()
meta = additionalResponse.get('meta')
firstResponse['data']['emails'] += additionalResponse['data']['emails']
self.report(firstResponse)
except Exception as e:
self.unexpectedError(e)
else:
self.notSupported()示例7: run
def run(self):
Analyzer.run(self)
if self.data_type == 'file':
hashes = self.get_param('attachment.hashes', None)
if hashes is None:
filepath = self.get_param('file', None, 'File is missing')
hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest();
else:
# find SHA256 hash
hash = next(h for h in hashes if len(h) == 64)
self.otx_query_file(hash)
elif self.data_type == 'url':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_url(data)
elif self.data_type == 'domain':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_domain(data)
elif self.data_type == 'ip':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_ip(data)
elif self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
self.otx_query_file(data)
else:
self.error('Invalid data type')示例8: __init__
def __init__(self):
Analyzer.__init__(self)
self.filepath = self.get_param('file', None, 'File parameter is missing.')
self.filename = self.get_param('filename', None, 'Filename is missing.')
self.filetype = pyexifinfo.fileType(self.filepath)
self.mimetype = magic.Magic(mime=True).from_file(self.filepath)
# Check if manalyze submodule is enabled
if self.get_param('config.manalyze_enable', False, 'Parameter manalyze_enable not given.'
'Please enable or disable manalyze submodule explicitly.'):
binary_path = self.get_param('config.manalyze_binary_path',
'/opt/Cortex-Analyzers/utils/manalyze/bin/manalyze')
if self.get_param('config.manalyze_enable_docker', False):
available_submodules.append(
ManalyzeSubmodule(
use_docker=True
)
)
elif self.get_param('config.manalyze_enable_binary', False) \
and os.path.isfile(binary_path):
available_submodules.append(
ManalyzeSubmodule(
use_binary=True,
binary_path=binary_path
)
)
else:
self.error('Manalyze submodule is enabled, but either there is no method allowed (docker or binary)'
'or the path to binary is not correct.')示例9: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param(
"config.service", None, "SecurityTrails service is missing")
self.api_key = self.get_param(
"config.api_key", None, "SecurityTrails API key is missing")示例10: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param('config.service', None, 'Service parameter is missing')
self.api_key = self.get_param('config.api_key', None, 'api_key is missing')
self.api_secret = self.get_param('config.api_secret', None, 'api_secret is missing')
self.organization_id = self.get_param('config.organization_id', None, 'organization_id is missing')
self.query_limit = str(self.get_param('config.query_limit', None, 20))示例11: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param('config.service', None, 'Service parameter is missing')
self.virustotal_key = self.get_param('config.key', None, 'Missing VirusTotal API key')
self.polling_interval = self.get_param('config.polling_interval', 60)
self.proxies = self.get_param('config.proxy', None)
self.vt = VirusTotalPublicApi(self.virustotal_key, self.proxies)示例12: TestTlpConfig
class TestTlpConfig(unittest.TestCase):
def setUp(self):
load_test_fixture('fixtures/test-tlp-config.json')
self.analyzer = Analyzer()
def test_check_tlp_disabled(self):
self.analyzer.enable_check_tlp = False
# Using the _Analyzer__check_tlp notation to access managed method
# __check_tlp
self.assertEqual(self.analyzer._Analyzer__check_tlp(), True)
def test_check_tlp_ko(self):
self.analyzer.enable_check_tlp = True
self.analyzer.max_tlp = 1
self.analyzer.tlp = 3
# Using the _Analyzer__check_tlp notation to access managed method
# __check_tlp
self.assertEqual(self.analyzer._Analyzer__check_tlp(), False)
def test_check_tlp_ok(self):
self.analyzer.enable_check_tlp = True
self.analyzer.max_tlp = 3
self.analyzer.tlp = 3
# Using the _Analyzer__check_tlp notation to access managed method
# __check_tlp
self.assertEqual(self.analyzer._Analyzer__check_tlp(), True)示例13: __init__
def __init__(self):
Analyzer.__init__(self)
# Fixes #94. Instead of None, the string Unnamed should be passed to MISPClient constructor
name = self.get_param('config.name', None)
if not name or len(name) == 0:
name = 'Unnamed'
if self.get_param('config.cert_check', True):
ssl_path = self.get_param('config.cert_path', None)
if not ssl_path or ssl_path == '':
ssl = True
else:
ssl = ssl_path
else:
ssl = False
try:
self.misp = MISPClient(url=self.get_param('config.url', None, 'No MISP url given.'),
key=self.get_param('config.key', None, 'No MISP api key given.'),
ssl=ssl,
name=name,
proxies={'http': self.http_proxy, 'https': self.https_proxy})
except MISPClientError as e:
self.error(str(e))
except TypeError as te:
self.error(str(te))示例14: __init__
def __init__(self):
Analyzer.__init__(self)
self.service = self.get_param(
'config.service', None, 'Service parameter is missing')
self.dnsdb_server = self.get_param(
'config.server', None, 'Missing DNSDB server name')
self.dnsdb_key = self.get_param(
'config.key', None, 'Missing DNSDB API key')示例15: __init__
def __init__(self):
Analyzer.__init__(self)
self.data = self.get_data()
self.path = self.get_param('config.path', 'misp-warninglists')
if not exists(self.path):
self.error('Path to misp-warninglists does not exist.')
self.warninglists = self.readwarninglists()