diff --git a/plugins/hybrid_analysis/.CHECKSUM b/plugins/hybrid_analysis/.CHECKSUM index f649fb7608..a91b5943ac 100644 --- a/plugins/hybrid_analysis/.CHECKSUM +++ b/plugins/hybrid_analysis/.CHECKSUM @@ -1,27 +1,27 @@ { - "spec": "d7364a3ad4abbc7d723d2ef90599c4a6", - "manifest": "8005f921518aa9daeb890a7e49a9bb92", - "setup": "2d1c26dd9826a6a236fe3775345fd250", + "spec": "c569504135834cc0dfdf19930c76550d", + "manifest": "1238c8c2cf312650c481e886ecfc30fd", + "setup": "790a6a359b4a3c6147fc83fd01e6306a", "schemas": [ { "identifier": "lookup_hash/schema.py", - "hash": "dd3fdd0f5b4d1040e1b2697a63025e3e" + "hash": "3036ef62fa2397ca8bb2d115d1ba73f2" }, { "identifier": "lookup_terms/schema.py", - "hash": "1467514fbeafb9315a5c56528ca7597c" + "hash": "7bc9fa12e5743a5c4894390245565fd0" }, { "identifier": "report/schema.py", - "hash": "0348a4071f240dd0297be5a48bd48bd3" + "hash": "4e77e4c779ecb009ee438a90e10682e4" }, { "identifier": "submit/schema.py", - "hash": "3aaddba2cb02ad7d374a220200931e5f" + "hash": "6914955945cb644d1b86e873f7b62d9a" }, { "identifier": "connection/schema.py", - "hash": "b96f4b05bd8d995241cae66da176dec7" + "hash": "2743198e97cabc24ee44e4e000dd4c3c" } ] } \ No newline at end of file diff --git a/plugins/hybrid_analysis/Dockerfile b/plugins/hybrid_analysis/Dockerfile index 93242610e9..8ddd5a1d2e 100644 --- a/plugins/hybrid_analysis/Dockerfile +++ b/plugins/hybrid_analysis/Dockerfile @@ -1,28 +1,20 @@ -FROM rapid7/insightconnect-python-3-38-slim-plugin:4 -# The three supported python parent images are: -# - komand/python-2-plugin -# - komand/python-3-plugin -# - komand/python-pypy3-plugin -# -# Update the tag to a full semver version +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.4 -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt +LABEL organization=rapid7 +LABEL sdk=python -# End package dependencies - -# Add source code WORKDIR /python/src + ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src +ADD ./requirements.txt /python/src/requirements.txt -# Install pip dependencies RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi -# Install plugin +ADD . /python/src + RUN python setup.py build && python setup.py install # User to run plugin code. The two supported users are: root, nobody USER nobody -ENTRYPOINT ["/usr/local/bin/icon_hybrid_analysis"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/icon_hybrid_analysis"] diff --git a/plugins/hybrid_analysis/bin/icon_hybrid_analysis b/plugins/hybrid_analysis/bin/icon_hybrid_analysis index 746c7115c0..6c253ad560 100755 --- a/plugins/hybrid_analysis/bin/icon_hybrid_analysis +++ b/plugins/hybrid_analysis/bin/icon_hybrid_analysis @@ -1,12 +1,12 @@ #!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import os import json from sys import argv Name = "Hybrid Analysis" Vendor = "rapid7" -Version = "3.0.0" +Version = "3.0.1" Description = "Lookup file hashes to determine if they are malicious" @@ -23,7 +23,7 @@ def main(): monkey.patch_all() import insightconnect_plugin_runtime - from icon_hybrid_analysis import connection, actions, triggers + from icon_hybrid_analysis import connection, actions, triggers, tasks class ICONHybridAnalysis(insightconnect_plugin_runtime.Plugin): def __init__(self): @@ -35,13 +35,13 @@ def main(): connection=connection.Connection() ) self.add_action(actions.LookupHash()) - + self.add_action(actions.LookupTerms()) - - self.add_action(actions.Report()) - + self.add_action(actions.Submit()) - + + self.add_action(actions.Report()) + """Run plugin""" cli = insightconnect_plugin_runtime.CLI(ICONHybridAnalysis()) diff --git a/plugins/hybrid_analysis/help.md b/plugins/hybrid_analysis/help.md index 4f9ecdec4f..84549b9117 100644 --- a/plugins/hybrid_analysis/help.md +++ b/plugins/hybrid_analysis/help.md @@ -18,12 +18,12 @@ ## Setup -The connection configuration accepts the following parameters: +The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|api_key|credential_secret_key|None|True|API key|None|9de5069c5afe602b2ea0a04b66beb2c0| -|url|string|https://example.com|True|Hybrid-analysis API Server URL|None|https://example.com| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|api_key|credential_secret_key|None|True|API key|None|9de5069c5afe602b2ea0a04b66beb2c0|None|None| +|url|string|https://www.hybrid-analysis.com|True|Hybrid Analysis API server URL|None|https://www.hybrid-analysis.com|None|None| Example input: @@ -38,100 +38,88 @@ Example input: ### Actions -#### Retrieve Report - -This action is used to retrieve report by providing SHA256 hash. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|hash|string|None|True|SHA256 hash|None|275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f| - -Example input: - -``` -{ - "hash": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|error|string|False|An error that occurred during the analysis| -|error_origin|string|False|Error origin| -|error_type|string|False|Type of error that occurred| -|related_reports|[]related_reports|False|Related reports which contained analysis information on linked data| -|state|string|True|State in which the analysis is in| -Example output: - -``` -{ - "related_reports": [{ - "job_id": "61dc148b0cad612f7371d2d3", - "environment_id": 300, - "state": "SUCCESS", - "sha256": "275a021bbfb6489e54d411499f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" - }], - "state": "SUCCESS" -} -``` - -#### Submit File +#### Lookup by Hash -This action is used to submit file for analysis. +This action is used to get summary information for a given hash ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|custom_cmd_line|string|None|False|Optional command line that should be passed to the file analysis|None|command| -|document_password|string|None|False|Optional document password that will be used to fill-in Adobe/Office password prompts|None|somepassword| -|environment_id|string|Linux (Ubuntu 16.04, 64 bit)|False|Environment ID on which the analysis will be performed|['Linux (Ubuntu 16.04, 64 bit)', 'Android Static Analysis', 'Windows 7 64 bit', 'Windows 7 32 bit (HWP Support)', 'Windows 7 32 bit']|Linux (Ubuntu 16.04, 64 bit)| -|experimental_anti_evasion|boolean|True|False|When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor|None|True| -|file|file|None|True|File to be analyzed|None|{"filename": "setup.exe", "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg==" }| -|hybrid_analysis|boolean|True|False|When set to false, no memory dumps or memory dump analysis will take place|None|True| -|script_logging|boolean|False|False|When set to true, will set the in-depth script logging engine of the Kernelmode Monitor|None|True| -|submit_name|string|None|False|Optional property which will be used for file type detection and analysis|None|testName| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|hash|string|None|True|Hash to lookup. Must be MD5, SHA1, or SHA256|None|44d88612fea8a8f36de82e1278abb02f|None|None| + Example input: ``` { - "custom_cmd_line":"command", - "document_password":"somepassword", - "environment_id":"Linux (Ubuntu 16.04, 64 bit)", - "experimental_anti_evasion":true, - "file":{ - "filename":"setup.exe", - "content":"UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg==" - }, - "hybrid_analysis":true, - "script_logging":true, - "submit_name":"testName" + "hash": "44d88612fea8a8f36de82e1278abb02f" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|environment_id|integer|False|The environment that was used for analysis| -|job_id|string|False|Job ID which will be generated by server| -|sha256|string|False|SHA256 hash for report retrieval| -|submission_id|string|False|Submission ID which will be generated by server| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|found|boolean|False|True if found|True| +|reports|[]report|False|Reports|None| +|threatscore|integer|False|Threat Score (max found)|0| + Example output: ``` { - "sha256": "6617aa88a72e6b526b88cbceda388a7b52a0e856148a12d9b8...", - "submission_id": "61dc160cee840164931bd394", - "environment_id": 300, - "job_id": "61dc148b0cad612f7371d2d3" + "found": true, + "reports": [ + { + "analysis_start_time": "2021-11-09T19:12:21+00:00", + "av_detect": 0, + "certificates": [], + "classification_tags": [], + "compromised_hosts": [], + "domains": [], + "environment_description": "Static Analysis", + "extracted_files": [], + "hosts": [], + "interesting": false, + "machine_learning_models": [], + "md5": "40451f20371329b992fb1b85c754d062", + "mitre_attcks": [], + "network_mode": "default", + "processes": [], + "sha1": "89504d91c5539a366e153894c1bc17277116342b", + "sha256": "3919059a1e0d38d6116f24945b0bb2aa5e98b85ac688b3aba270d7997bb64a0d", + "sha512": "acfaca234c48f055c0f532e16bd5879f1637ecd639938c3d301b528b08af79988fcd6f0b61e4fd51901b250e72c90a48aca60d20d1b54036373aa6996baae326", + "size": 27298, + "state": "SUCCESS", + "submissions": [ + { + "created_at": "2021-11-10T20:09:28+00:00", + "filename": "file", + "submission_id": "618c26f8099c0e23c541f405" + }, + { + "created_at": "2021-11-09T19:12:21+00:00", + "filename": "file", + "submission_id": "618ac815742aee567341009c" + } + ], + "submit_name": "file", + "tags": [], + "threat_level": 0, + "total_network_connections": 0, + "total_processes": 0, + "total_signatures": 0, + "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", + "type_short": [ + "pedll", + "executable" + ], + "url_analysis": false, + "verdict": "no specific threat" + } + ], + "threatscore": 0 } ``` @@ -141,19 +129,19 @@ This action is used to search the database using API v2 provided at https://www. ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|country|string|None|False|Country must be specified in the ISO 3166-1 standard|None|AFG| -|domain|string|None|False|Domain which will be analyzed|None|example.com| -|filename|string|None|False|File name|None|setup.exe| -|filetype|string|None|False|File type|None|docx| -|host|string|None|False|Information about the host which will be analyzed|None|198.51.100.1| -|port|integer|8080|False|Port number which is associated with an IP address|None|8080| -|similar_to|string|None|False|SHA256 hash of the similar file|None|275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f| -|tag|string|None|False|Hashtag by which the analysis will be performed|None|ransomware| -|url|string|None|False|URL to analyze|None|https://example.com| -|verdict|string|whitelisted|False|A decision on a submitted term|['whitelisted', 'no verdict', 'no specific threat', 'suspicious', 'malicious']|whitelisted| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|country|string|None|False|Country must be specified in the ISO 3166-1 standard|None|AFG|None|None| +|domain|string|None|False|Domain which will be analyzed|None|example.com|None|None| +|filename|string|None|False|File name|None|setup.exe|None|None| +|filetype|string|None|False|File type|None|docx|None|None| +|host|string|None|False|Information about the host which will be analyzed|None|198.51.100.1|None|None| +|port|integer|8080|False|Port number which is associated with an IP address|None|8080|None|None| +|similar_to|string|None|False|SHA256 hash of the similar file|None|275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f|None|None| +|tag|string|None|False|Hashtag by which the analysis will be performed|None|ransomware|None|None| +|url|string|None|False|URL to analyze|None|https://example.com|None|None| +|verdict|string|whitelisted|False|A decision on a submitted term|["whitelisted", "no verdict", "no specific threat", "suspicious", "malicious"]|whitelisted|None|None| + Example input: ``` @@ -173,12 +161,12 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|count|integer|True|Number of results returned| -|result|[]result|False|List of results| -|search_terms|[]search_term|True|List of key value pairs. Where the key is the parameter specified and its value| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|count|integer|True|Number of results returned|1| +|result|[]result|False|List of results|None| +|search_terms|[]search_term|True|List of key value pairs. Where the key is the parameter specified and its value|None| + Example output: ``` @@ -196,7 +184,7 @@ Example output: "submit_name": "ew_usbccgpfilter.sys", "type_short": "64-bit service", "verdict": "whitelisted" - }, + } ], "search_terms": [ { @@ -209,108 +197,385 @@ Example output: } ] } - ``` -#### Lookup by Hash - -This action is used to get summary information for a given hash. Allowed hashes MD5/SHA1/SHA256. +#### Retrieve Report +This action is used to retrieve report by providing SHA256 hash. ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|hash|string|None|True|Hash to lookup. Must be MD5, SHA1, or SHA256|None|44d88612fea8a8f36de82e1278abb02f| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|hash|string|None|True|SHA256 hash|None|275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f|None|None| + Example input: ``` { - "hash": "44d88612fea8a8f36de82e1278abb02f" + "hash": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|found|boolean|False|True if found| -|reports|[]report|False|Reports| -|threatscore|integer|False|Threat Score (max found)| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|error|string|False|An error that occurred during the analysis|File \"testing.com.txt\" was detected as \"unknown\", this format is not supported on WINDOWS| +|error_origin|string|False|Error origin|CLIENT| +|error_type|string|False|Type of error that occurred|FILE_TYPE_BAD_ERROR| +|related_reports|[]related_reports|False|Related reports which contained analysis information on linked data|None| +|state|string|True|State in which the analysis is in|ERROR| + Example output: ``` { - "found": true, - "reports": [ + "related_reports": [ { - "analysis_start_time": "2021-11-09T19:12:21+00:00", - "av_detect": 0, - "certificates": [], - "classification_tags": [], - "compromised_hosts": [], - "domains": [], - "environment_description": "Static Analysis", - "extracted_files": [], - "hosts": [], - "interesting": false, - "machine_learning_models": [], - "md5": "40451f20371329b992fb1b85c754d062", - "mitre_attcks": [], - "network_mode": "default", - "processes": [], - "sha1": "89504d91c5539a366e153894c1bc17277116342b", - "sha256": "3919059a1e0d38d6116f24945b0bb2aa5e98b85ac688b3aba270d7997bb64a0d", - "sha512": "acfaca234c48f055c0f532e16bd5879f1637ecd639938c3d301b528b08af79988fcd6f0b61e4fd51901b250e72c90a48aca60d20d1b54036373aa6996baae326", - "size": 27298, + "job_id": "61dc148b0cad612f7371d2d3", + "environment_id": 300, "state": "SUCCESS", - "submissions": [ - { - "created_at": "2021-11-10T20:09:28+00:00", - "filename": "file", - "submission_id": "618c26f8099c0e23c541f405" - }, - { - "created_at": "2021-11-09T19:12:21+00:00", - "filename": "file", - "submission_id": "618ac815742aee567341009c" - } - ], - "submit_name": "file", - "tags": [], - "threat_level": 0, - "total_network_connections": 0, - "total_processes": 0, - "total_signatures": 0, - "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", - "type_short": [ - "pedll", - "executable" - ], - "url_analysis": false, - "verdict": "no specific threat" + "sha256": "275a021bbfb6489e54d411499f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" } ], - "threatscore": 0 + "state": "SUCCESS" } +``` + +#### Submit File + +This action is used to submit file for analysis + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|custom_cmd_line|string|None|False|Optional command line that should be passed to the file analysis|None|command|None|None| +|document_password|string|None|False|Optional document password that will be used to fill-in Adobe/Office password prompts|None|somepassword|None|None| +|environment_id|string|Linux (Ubuntu 16.04, 64 bit)|False|Environment ID on which the analysis will be performed|["Linux (Ubuntu 16.04, 64 bit)", "Android Static Analysis", "Windows 7 64 bit", "Windows 7 32 bit (HWP Support)", "Windows 7 32 bit"]|Linux (Ubuntu 16.04, 64 bit)|None|None| +|experimental_anti_evasion|boolean|True|False|When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor|None|True|None|None| +|file|file|None|True|File to be analyzed|None|{"filename": "setup.exe", "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg==" }|None|None| +|hybrid_analysis|boolean|True|False|When set to false, no memory dumps or memory dump analysis will take place|None|True|None|None| +|script_logging|boolean|False|False|When set to true, will set the in-depth script logging engine of the Kernelmode Monitor|None|True|None|None| +|submit_name|string|None|False|Optional property which will be used for file type detection and analysis|None|testName|None|None| + +Example input: +``` +{ + "custom_cmd_line": "command", + "document_password": "somepassword", + "environment_id": "Linux (Ubuntu 16.04, 64 bit)", + "experimental_anti_evasion": true, + "file": { + "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg==", + "filename": "setup.exe" + }, + "hybrid_analysis": true, + "script_logging": false, + "submit_name": "testName" +} ``` -### Triggers +##### Output -_This plugin does not contain any triggers._ +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|environment_id|integer|False|The environment that was used for analysis|300| +|job_id|string|False|Job ID which will be generated by server|61dc148b0cad612f7371d2d3| +|sha256|string|False|SHA256 hash for report retrieval|6617aa88a72e6b526b88cbceda388a7b52a0e856148a12d9b8...| +|submission_id|string|False|Submission ID which will be generated by server|61dc148b0cad612f7371d2d3| + +Example output: -### Custom Output Types +``` +{ + "environment_id": 300, + "job_id": "61dc148b0cad612f7371d2d3", + "sha256": "6617aa88a72e6b526b88cbceda388a7b52a0e856148a12d9b8...", + "submission_id": "61dc148b0cad612f7371d2d3" +} +``` +### Triggers + +*This plugin does not contain any triggers.* +### Tasks + +*This plugin does not contain any tasks.* + +### Custom Types + +**certificates** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Issuer|string|None|False|Issuer|None| +|MD5|string|None|False|MD5|None| +|Owner|string|None|False|Owner|None| +|Serial Number|string|None|False|Serial number|None| +|SHA1|string|None|False|SHA1|None| +|Valid From|string|None|False|Valid from|None| +|Valid Until|string|None|False|Valid until|None| + +**extracted_files** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Available Label|string|None|False|Available label|None| +|Available Matched|integer|None|False|Available matched|None| +|Available Total|integer|None|False|Available total|None| +|Description|string|None|False|Description|None| +|File Available To Download|boolean|None|False|File available to download|None| +|File Path|string|None|False|File path|None| +|File Size|integer|None|False|File size|None| +|MD5|string|None|False|MD5|None| +|Name|string|None|False|Name|None| +|Runtime Process|string|None|False|Runtime process|None| +|SHA1|string|None|False|SHA1|None| +|SHA256|string|None|False|SHA256|None| +|Threat Level|integer|None|False|Threat level|None| +|Threat Level Readable|string|None|False|Threat level readable|None| +|Type Tags|[]string|None|False|Type tags|None| + +**file_metadata** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|File Analysis|[]string|None|False|File analysis|None| +|File Compositions|[]string|None|False|File compositions|None| +|Imported Objects|[]string|None|False|Imported objects|None| +|Total File Compositions Imports|integer|None|False|Total file compositions imports|None| + +**created_files** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|File|string|None|False|File|None| +|Null Byte|boolean|None|False|Null byte|None| + +**file_accesses** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Mask|string|None|False|Mask|None| +|Path|string|None|False|Path|None| +|Type|string|None|False|Type|None| + +**handles** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|ID|integer|None|False|ID|None| +|Path|string|None|False|Path|None| +|Type|string|None|False|Type|None| + +**process_flags** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Data|string|None|False|Data|None| +|Image|string|None|False|Image|None| +|Name|string|None|False|Name|None| + +**registry** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Key|string|None|False|Key|None| +|Operation|string|None|False|Operation|None| +|Path|string|None|False|Path|None| +|Status|string|None|False|Status|None| +|Status Human Readable|string|None|False|Status human readable|None| +|Value|string|None|False|Value|None| + +**parameters** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Argument Number|integer|None|False|Argument number|None| +|Comment|string|None|False|Comment|None| +|Meaning|string|None|False|Meaning|None| +|Name|string|None|False|Name|None| +|Value|string|None|False|Value|None| + +**script_calls** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Cls ID|string|None|False|Cls ID|None| +|Dispatch ID|string|None|False|Dispatch ID|None| +|Matched Malicious Signatures|[]string|None|False|Matched malicious signatures|None| +|Parameters|[]parameters|None|False|Parameters|None| +|Result|string|None|False|Result|None| +|Status|string|None|False|Status|None| + +**matched_signatures** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|ID|string|None|False|ID|None| +|Value|string|None|False|Value|None| + +**streams** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Executed|boolean|None|False|Executed|None| +|File Name|string|None|False|File name|None| +|Human Keywords|string|None|False|Human keywords|None| +|Instructions|[]string|None|False|Instructions|None| +|Matched Signatures|[]matched_signatures|None|False|Matched signatures|None| +|UID|string|None|False|UID|None| + +**processes** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Available Label|string|None|False|Available label|None| +|Available Matched|integer|None|False|Available matched|None| +|Available Total|integer|None|False|Available total|None| +|Command Line|string|None|False|Command line|None| +|Created Files|[]created_files|None|False|Created files|None| +|File Accesses|[]file_accesses|None|False|File accesses|None| +|Handles|[]handles|None|False|Handles|None| +|Icon|string|None|False|Icon|None| +|Mutants|[]string|None|False|Mutants|None| +|Name|string|None|False|Name|None| +|Normalized Path|string|None|False|Normalized path|None| +|Parent UID|string|None|False|Parent UID|None| +|PID|string|None|False|PID|None| +|Process Flags|[]process_flags|None|False|Process flags|None| +|Registry|[]registry|None|False|Registry|None| +|Script Calls|[]script_calls|None|False|Script calls|None| +|SHA256|string|None|False|SHA256|None| +|Streams|[]streams|None|False|Streams|None| +|UID|string|None|False|UID|None| + +**mitre_attcks** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Attck ID|string|None|False|Attck ID|None| +|Attck ID Wiki|string|None|False|Attck ID wiki|None| +|Informative Identifiers|[]string|None|False|Informative identifiers|None| +|Informative Identifiers Count|integer|None|False|Informative identifiers count|None| +|Malicious Identifiers|[]string|None|False|Malicious identifiers|None| +|Malicious Identifiers Count|integer|None|False|Malicious identifiers count|None| +|Suspicious Identifiers|[]string|None|False|Suspicious identifiers|None| +|Suspicious Identifiers Count|integer|None|False|Suspicious identifiers count|None| +|Tactic|string|None|False|Tactic|None| +|Technique|string|None|False|Technique|None| + +**submissions** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Created At|string|None|False|Created at|None| +|Filename|string|None|False|File name|None| +|Submission ID|string|None|False|Submission ID|None| +|URL|string|None|False|URL|None| + +**machine_learning_models** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Created At|string|None|False|Created at|None| +|Data|[]matched_signatures|None|False|Data|None| +|Name|string|None|False|Name|None| +|Status|string|None|False|Status|None| +|Version|string|None|False|Version|None| + +**report** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Analysis Start Time|string|None|False|Analysis start time|None| +|Antivirus Detect|integer|None|False|Antivirus detect|None| +|Certificates|[]certificates|None|False|Certificates|None| +|Classification Tags|[]string|None|False|Classification tags|None| +|Compromised Hosts|[]string|None|False|Compromised hosts|None| +|Domains|[]string|None|False|Domains|None| +|Environment Description|string|None|False|Environment description|None| +|Environment ID|integer|None|False|The environment that was used for analysis|None| +|Error Origin|string|None|False|Error origin|None| +|Error Type|string|None|False|Type of error that occurred|None| +|Extracted Files|[]extracted_files|None|False|Extracted files|None| +|File Metadata|file_metadata|None|False|File metadata|None| +|Hosts|[]string|None|False|Hosts|None| +|IMP Hash|string|None|False|IMP Hash|None| +|Interesting|boolean|None|False|Interesting|None| +|Job ID|string|None|False|Job ID which is generated by server|None| +|Machine Learning Models|[]machine_learning_models|None|False|Machine learning models|None| +|MD5|string|None|False|MD5|None| +|MITRE Attcks|[]mitre_attcks|None|False|MITRE attcks|None| +|Network Mode|string|None|False|Network mode|None| +|Processes|[]processes|None|False|Processes|None| +|SHA1|string|None|False|SHA1|None| +|SHA256|string|None|False|SHA256|None| +|SHA512|string|None|False|SHA512|None| +|Size|integer|None|False|Size|None| +|SS Deep|string|None|False|SS Deep|None| +|State|string|None|False|State in which the analysis is in|None| +|Submissions|[]submissions|None|False|Submissions|None| +|Submit Name|string|None|False|Submit name|None| +|Tags|[]string|None|False|Tags|None| +|Target URL|string|None|False|Target URL|None| +|Threat Level|integer|None|False|Threat level|None| +|Threat Score|integer|None|False|Threat score|None| +|Total Network Connections|integer|None|False|Total network connections|None| +|Total Processes|integer|None|False|Total processes|None| +|Total Signatures|integer|None|False|Total signatures|None| +|Type|string|None|False|Type|None| +|Type Short|[]string|None|False|Type short|None| +|URL Analysis|boolean|None|False|URL analysis|None| +|Verdict|string|None|False|Verdict|None| +|VX Family|string|None|False|VX family|None| + +**search_term** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|ID|string|None|False|Name of search term which was used|None| +|Value|string|None|False|Value of search term|None| + +**result** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Analysis Start Time|string|None|False|The time at which the analysis began|None| +|AV detect|string|None|False|AV MultiScan Detection Percentage|None| +|Environment Description|string|None|False|Description of the environment on which analysis was conducted|None| +|Environment ID|integer|None|False|The environment that was used for analysis|None| +|Job ID|string|None|False|Job ID when file was submited|None| +|SHA256|string|None|False|SHA256 hash|None| +|File Size|integer|None|False|File size in bytes|None| +|Submit Name|string|None|False|Submit name|None| +|Threat score|integer|None|False|Confidence value of VxStream Sandbox in the verdict; lies between 0 and 100|None| +|Type|string|None|False|Type|None| +|File Extension|string|None|False|File type e.g. exe|None| +|Verdict|string|None|False|File verdict e.g. malicious|None| +|VX Family|string|None|False|VX Family e.g. Trojan.Generic|None| + +**related_reports** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Environment ID|integer|None|False|The environment that was used for analysis|None| +|Error Origin|string|None|False|Error origin|None| +|Error Type|string|None|False|Type of error that occurred|None| +|Job ID|string|None|False|Job ID which is generated by server|None| +|SHA256|string|None|False|SHA256|None| +|State|string|None|False|State in which the analysis is in|None| +|Verdict|string|None|False|Verdict|None| -_This plugin does not contain any custom output types._ ## Troubleshooting - -This plugin does not contain any troubleshooting information. + +*This plugin does not contain a troubleshooting.* # Version History +* 3.0.1 - Bumping requirements.txt | SDK bump to 6.1.4 * 3.0.0 - Update to support version 2 API | Created new actions which was moved from plugin **vxstream_sandbox** such as: Submit File, Lookup by Hash, Search Database, Retrieve Report * 2.0.2 - Fix threatscore KeyError * 2.0.1 - New spec and help.md format for the Extension Library @@ -321,7 +586,8 @@ This plugin does not contain any troubleshooting information. # Links -## References - * [Hybrid Analysis](https://www.hybrid-analysis.com/) +## References + +* [Hybrid Analysis](https://www.hybrid-analysis.com/) \ No newline at end of file diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/__init__.py index c988ef7a0c..daa60a3862 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/__init__.py @@ -1,5 +1,10 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + from .lookup_hash.action import LookupHash + from .lookup_terms.action import LookupTerms -from .report.action import Report + from .submit.action import Submit + +from .report.action import Report + diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/__init__.py index 57f361f4ef..5bd8e7021d 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import LookupHash diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/schema.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/schema.py index 1f65697e93..bb8f1b59b1 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/schema.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_hash/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,16 +9,16 @@ class Component: class Input: HASH = "hash" - + class Output: FOUND = "found" REPORTS = "reports" THREATSCORE = "threatscore" - + class LookupHashInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -32,7 +32,8 @@ class LookupHashInput(insightconnect_plugin_runtime.Input): }, "required": [ "hash" - ] + ], + "definitions": {} } """) @@ -41,7 +42,7 @@ def __init__(self): class LookupHashOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -69,467 +70,477 @@ class LookupHashOutput(insightconnect_plugin_runtime.Output): } }, "definitions": { - "certificates": { + "report": { "type": "object", - "title": "certificates", + "title": "report", "properties": { - "issuer": { + "job_id": { "type": "string", - "title": "Issuer", - "description": "Issuer", + "title": "Job ID", + "description": "Job ID which is generated by server", "order": 1 }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", + "environment_id": { + "type": "integer", + "title": "Environment ID", + "description": "The environment that was used for analysis", "order": 2 }, - "owner": { + "environment_description": { "type": "string", - "title": "Owner", - "description": "Owner", + "title": "Environment Description", + "description": "Environment description", "order": 3 }, - "serial_number": { - "type": "string", - "title": "Serial Number", - "description": "Serial number", + "size": { + "type": "integer", + "title": "Size", + "description": "Size", "order": 4 }, - "sha1": { + "type": { "type": "string", - "title": "SHA1", - "description": "SHA1", + "title": "Type", + "description": "Type", "order": 5 }, - "valid_from": { - "type": "string", - "title": "Valid From", - "description": "Valid from", + "type_short": { + "type": "array", + "title": "Type Short", + "description": "Type short", + "items": { + "type": "string" + }, "order": 6 }, - "valid_until": { + "target_url": { "type": "string", - "title": "Valid Until", - "description": "Valid until", + "title": "Target URL", + "description": "Target URL", "order": 7 - } - } - }, - "created_files": { - "type": "object", - "title": "created_files", - "properties": { - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 1 }, - "null_byte": { - "type": "boolean", - "title": "Null Byte", - "description": "Null byte", - "order": 2 - } - } - }, - "extracted_files": { - "type": "object", - "title": "extracted_files", - "properties": { - "av_label": { + "state": { "type": "string", - "title": "Available Label", - "description": "Available label", - "order": 1 - }, - "av_matched": { - "type": "integer", - "title": "Available Matched", - "description": "Available matched", - "order": 2 - }, - "av_total": { - "type": "integer", - "title": "Available Total", - "description": "Available total", - "order": 3 + "title": "State", + "description": "State in which the analysis is in", + "order": 8 }, - "description": { + "error_type": { "type": "string", - "title": "Description", - "description": "Description", - "order": 4 - }, - "file_available_to_download": { - "type": "boolean", - "title": "File Available To Download", - "description": "File available to download", - "order": 5 + "title": "Error Type", + "description": "Type of error that occurred", + "order": 9 }, - "file_path": { + "error_origin": { "type": "string", - "title": "File Path", - "description": "File path", - "order": 6 + "title": "Error Origin", + "description": "Error origin", + "order": 10 }, - "file_size": { - "type": "integer", - "title": "File Size", - "description": "File size", - "order": 7 + "submit_name": { + "type": "string", + "title": "Submit Name", + "description": "Submit name", + "order": 11 }, "md5": { "type": "string", "title": "MD5", "description": "MD5", - "order": 8 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 9 - }, - "runtime_process": { - "type": "string", - "title": "Runtime Process", - "description": "Runtime process", - "order": 10 + "order": 12 }, "sha1": { "type": "string", "title": "SHA1", "description": "SHA1", - "order": 11 + "order": 13 }, "sha256": { "type": "string", "title": "SHA256", "description": "SHA256", - "order": 12 + "order": 14 + }, + "sha512": { + "type": "string", + "title": "SHA512", + "description": "SHA512", + "order": 15 + }, + "ssdeep": { + "type": "string", + "title": "SS Deep", + "description": "SS Deep", + "order": 16 + }, + "imphash": { + "type": "string", + "title": "IMP Hash", + "description": "IMP Hash", + "order": 17 + }, + "av_detect": { + "type": "integer", + "title": "Antivirus Detect", + "description": "Antivirus detect", + "order": 18 + }, + "vx_family": { + "type": "string", + "title": "VX Family", + "description": "VX family", + "order": 19 + }, + "url_analysis": { + "type": "boolean", + "title": "URL Analysis", + "description": "URL analysis", + "order": 20 + }, + "analysis_start_time": { + "type": "string", + "title": "Analysis Start Time", + "description": "Analysis start time", + "order": 21 + }, + "threat_score": { + "type": "integer", + "title": "Threat Score", + "description": "Threat score", + "order": 22 + }, + "interesting": { + "type": "boolean", + "title": "Interesting", + "description": "Interesting", + "order": 23 }, "threat_level": { "type": "integer", "title": "Threat Level", "description": "Threat level", - "order": 13 + "order": 24 }, - "threat_level_readable": { + "verdict": { "type": "string", - "title": "Threat Level Readable", - "description": "Threat level readable", - "order": 14 + "title": "Verdict", + "description": "Verdict", + "order": 25 }, - "type_tags": { + "certificates": { "type": "array", - "title": "Type Tags", - "description": "Type tags", + "title": "Certificates", + "description": "Certificates", "items": { - "type": "string" + "$ref": "#/definitions/certificates" }, - "order": 15 - } - } - }, - "file_accesses": { - "type": "object", - "title": "file_accesses", - "properties": { - "mask": { - "type": "string", - "title": "Mask", - "description": "Mask", - "order": 1 + "order": 26 }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 + "domains": { + "type": "array", + "title": "Domains", + "description": "Domains", + "items": { + "type": "string" + }, + "order": 27 }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "file_metadata": { - "type": "object", - "title": "file_metadata", - "properties": { - "file_analysis": { + "classification_tags": { "type": "array", - "title": "File Analysis", - "description": "File analysis", + "title": "Classification Tags", + "description": "Classification tags", "items": { "type": "string" }, - "order": 1 + "order": 28 }, - "file_compositions": { + "compromised_hosts": { "type": "array", - "title": "File Compositions", - "description": "File compositions", + "title": "Compromised Hosts", + "description": "Compromised hosts", "items": { "type": "string" }, - "order": 2 + "order": 29 }, - "imported_objects": { + "hosts": { "type": "array", - "title": "Imported Objects", - "description": "Imported objects", + "title": "Hosts", + "description": "Hosts", "items": { "type": "string" }, - "order": 3 + "order": 30 }, - "total_file_compositions_imports": { + "total_network_connections": { "type": "integer", - "title": "Total File Compositions Imports", - "description": "Total file compositions imports", - "order": 4 - } - } - }, - "handles": { - "type": "object", - "title": "handles", - "properties": { - "id": { + "title": "Total Network Connections", + "description": "Total network connections", + "order": 31 + }, + "total_processes": { "type": "integer", - "title": "ID", - "description": "ID", - "order": 1 + "title": "Total Processes", + "description": "Total processes", + "order": 32 }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 + "total_signatures": { + "type": "integer", + "title": "Total Signatures", + "description": "Total signatures", + "order": 33 }, - "type": { + "extracted_files": { + "type": "array", + "title": "Extracted Files", + "description": "Extracted files", + "items": { + "$ref": "#/definitions/extracted_files" + }, + "order": 34 + }, + "file_metadata": { + "$ref": "#/definitions/file_metadata", + "title": "File Metadata", + "description": "File metadata", + "order": 35 + }, + "processes": { + "type": "array", + "title": "Processes", + "description": "Processes", + "items": { + "$ref": "#/definitions/processes" + }, + "order": 36 + }, + "tags": { + "type": "array", + "title": "Tags", + "description": "Tags", + "items": { + "type": "string" + }, + "order": 37 + }, + "mitre_attcks": { + "type": "array", + "title": "MITRE Attcks", + "description": "MITRE attcks", + "items": { + "$ref": "#/definitions/mitre_attcks" + }, + "order": 38 + }, + "submissions": { + "type": "array", + "title": "Submissions", + "description": "Submissions", + "items": { + "$ref": "#/definitions/submissions" + }, + "order": 39 + }, + "network_mode": { "type": "string", - "title": "Type", - "description": "Type", - "order": 3 + "title": "Network Mode", + "description": "Network mode", + "order": 40 + }, + "machine_learning_models": { + "type": "array", + "title": "Machine Learning Models", + "description": "Machine learning models", + "items": { + "$ref": "#/definitions/machine_learning_models" + }, + "order": 41 } } }, - "machine_learning_models": { + "certificates": { "type": "object", - "title": "machine_learning_models", + "title": "certificates", "properties": { - "created_at": { + "issuer": { "type": "string", - "title": "Created At", - "description": "Created at", + "title": "Issuer", + "description": "Issuer", "order": 1 }, - "data": { - "type": "array", - "title": "Data", - "description": "Data", - "items": { - "$ref": "#/definitions/matched_signatures" - }, + "md5": { + "type": "string", + "title": "MD5", + "description": "MD5", "order": 2 }, - "name": { + "owner": { "type": "string", - "title": "Name", - "description": "Name", + "title": "Owner", + "description": "Owner", "order": 3 }, - "status": { + "serial_number": { "type": "string", - "title": "Status", - "description": "Status", + "title": "Serial Number", + "description": "Serial number", "order": 4 }, - "version": { + "sha1": { "type": "string", - "title": "Version", - "description": "Version", + "title": "SHA1", + "description": "SHA1", "order": 5 - } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - } - } - }, - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { + }, + "valid_from": { "type": "string", - "title": "ID", - "description": "ID", - "order": 1 + "title": "Valid From", + "description": "Valid from", + "order": 6 }, - "value": { + "valid_until": { "type": "string", - "title": "Value", - "description": "Value", - "order": 2 + "title": "Valid Until", + "description": "Valid until", + "order": 7 } } }, - "mitre_attcks": { + "extracted_files": { "type": "object", - "title": "mitre_attcks", + "title": "extracted_files", "properties": { - "attck_id": { + "av_label": { "type": "string", - "title": "Attck ID", - "description": "Attck ID", + "title": "Available Label", + "description": "Available label", "order": 1 }, - "attck_id_wiki": { - "type": "string", - "title": "Attck ID Wiki", - "description": "Attck ID wiki", + "av_matched": { + "type": "integer", + "title": "Available Matched", + "description": "Available matched", "order": 2 }, - "informative_identifiers": { - "type": "array", - "title": "Informative Identifiers", - "description": "Informative identifiers", - "items": { - "type": "string" - }, + "av_total": { + "type": "integer", + "title": "Available Total", + "description": "Available total", "order": 3 }, - "informative_identifiers_count": { - "type": "integer", - "title": "Informative Identifiers Count", - "description": "Informative identifiers count", + "description": { + "type": "string", + "title": "Description", + "description": "Description", "order": 4 }, - "malicious_identifiers": { - "type": "array", - "title": "Malicious Identifiers", - "description": "Malicious identifiers", - "items": { - "type": "string" - }, + "file_available_to_download": { + "type": "boolean", + "title": "File Available To Download", + "description": "File available to download", "order": 5 }, - "malicious_identifiers_count": { - "type": "integer", - "title": "Malicious Identifiers Count", - "description": "Malicious identifiers count", + "file_path": { + "type": "string", + "title": "File Path", + "description": "File path", "order": 6 }, - "suspicious_identifiers": { - "type": "array", - "title": "Suspicious Identifiers", - "description": "Suspicious identifiers", - "items": { - "type": "string" - }, + "file_size": { + "type": "integer", + "title": "File Size", + "description": "File size", "order": 7 }, - "suspicious_identifiers_count": { - "type": "integer", - "title": "Suspicious Identifiers Count", - "description": "Suspicious identifiers count", + "md5": { + "type": "string", + "title": "MD5", + "description": "MD5", "order": 8 }, - "tactic": { + "name": { "type": "string", - "title": "Tactic", - "description": "Tactic", + "title": "Name", + "description": "Name", "order": 9 }, - "technique": { + "runtime_process": { "type": "string", - "title": "Technique", - "description": "Technique", + "title": "Runtime Process", + "description": "Runtime process", "order": 10 - } - } - }, - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 }, - "comment": { + "sha1": { "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 + "title": "SHA1", + "description": "SHA1", + "order": 11 }, - "meaning": { + "sha256": { "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 + "title": "SHA256", + "description": "SHA256", + "order": 12 }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 + "threat_level": { + "type": "integer", + "title": "Threat Level", + "description": "Threat level", + "order": 13 }, - "value": { + "threat_level_readable": { "type": "string", - "title": "Value", - "description": "Value", - "order": 5 + "title": "Threat Level Readable", + "description": "Threat level readable", + "order": 14 + }, + "type_tags": { + "type": "array", + "title": "Type Tags", + "description": "Type tags", + "items": { + "type": "string" + }, + "order": 15 } } }, - "process_flags": { + "file_metadata": { "type": "object", - "title": "process_flags", + "title": "file_metadata", "properties": { - "data": { - "type": "string", - "title": "Data", - "description": "Data", + "file_analysis": { + "type": "array", + "title": "File Analysis", + "description": "File analysis", + "items": { + "type": "string" + }, "order": 1 }, - "image": { - "type": "string", - "title": "Image", - "description": "Image", + "file_compositions": { + "type": "array", + "title": "File Compositions", + "description": "File compositions", + "items": { + "type": "string" + }, "order": 2 }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", + "imported_objects": { + "type": "array", + "title": "Imported Objects", + "description": "Imported objects", + "items": { + "type": "string" + }, "order": 3 + }, + "total_file_compositions_imports": { + "type": "integer", + "title": "Total File Compositions Imports", + "description": "Total file compositions imports", + "order": 4 } } }, @@ -675,1855 +686,137 @@ class LookupHashOutput(insightconnect_plugin_runtime.Output): "description": "UID", "order": 19 } - }, - "definitions": { - "created_files": { - "type": "object", - "title": "created_files", - "properties": { - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 1 - }, - "null_byte": { - "type": "boolean", - "title": "Null Byte", - "description": "Null byte", - "order": 2 - } - } - }, - "file_accesses": { - "type": "object", - "title": "file_accesses", - "properties": { - "mask": { - "type": "string", - "title": "Mask", - "description": "Mask", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "handles": { - "type": "object", - "title": "handles", - "properties": { - "id": { - "type": "integer", - "title": "ID", - "description": "ID", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - }, - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - }, - "process_flags": { - "type": "object", - "title": "process_flags", - "properties": { - "data": { - "type": "string", - "title": "Data", - "description": "Data", - "order": 1 - }, - "image": { - "type": "string", - "title": "Image", - "description": "Image", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - } - } - }, - "registry": { - "type": "object", - "title": "registry", - "properties": { - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "operation": { - "type": "string", - "title": "Operation", - "description": "Operation", - "order": 2 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 3 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "status_human_readable": { - "type": "string", - "title": "Status Human Readable", - "description": "Status human readable", - "order": 5 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 6 - } - } - }, - "script_calls": { - "type": "object", - "title": "script_calls", - "properties": { - "cls_id": { - "type": "string", - "title": "Cls ID", - "description": "Cls ID", - "order": 1 - }, - "dispatch_id": { - "type": "string", - "title": "Dispatch ID", - "description": "Dispatch ID", - "order": 2 - }, - "matched_malicious_signatures": { - "type": "array", - "title": "Matched Malicious Signatures", - "description": "Matched malicious signatures", - "items": { - "type": "string" - }, - "order": 3 - }, - "parameters": { - "type": "array", - "title": "Parameters", - "description": "Parameters", - "items": { - "$ref": "#/definitions/parameters" - }, - "order": 4 - }, - "result": { - "type": "string", - "title": "Result", - "description": "Result", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 6 - } - }, - "definitions": { - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - } - } - }, - "streams": { - "type": "object", - "title": "streams", - "properties": { - "executed": { - "type": "boolean", - "title": "Executed", - "description": "Executed", - "order": 1 - }, - "file_name": { - "type": "string", - "title": "File Name", - "description": "File name", - "order": 2 - }, - "human_keywords": { - "type": "string", - "title": "Human Keywords", - "description": "Human keywords", - "order": 3 - }, - "instructions": { - "type": "array", - "title": "Instructions", - "description": "Instructions", - "items": { - "type": "string" - }, - "order": 4 - }, - "matched_signatures": { - "type": "array", - "title": "Matched Signatures", - "description": "Matched signatures", - "items": { - "$ref": "#/definitions/matched_signatures" - }, - "order": 5 - }, - "uid": { - "type": "string", - "title": "UID", - "description": "UID", - "order": 6 - } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - } - } - } } }, - "registry": { + "created_files": { "type": "object", - "title": "registry", + "title": "created_files", "properties": { - "key": { + "file": { "type": "string", - "title": "Key", - "description": "Key", + "title": "File", + "description": "File", "order": 1 }, - "operation": { - "type": "string", - "title": "Operation", - "description": "Operation", + "null_byte": { + "type": "boolean", + "title": "Null Byte", + "description": "Null byte", "order": 2 + } + } + }, + "file_accesses": { + "type": "object", + "title": "file_accesses", + "properties": { + "mask": { + "type": "string", + "title": "Mask", + "description": "Mask", + "order": 1 }, "path": { "type": "string", "title": "Path", "description": "Path", - "order": 3 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "status_human_readable": { - "type": "string", - "title": "Status Human Readable", - "description": "Status human readable", - "order": 5 + "order": 2 }, - "value": { + "type": { "type": "string", - "title": "Value", - "description": "Value", - "order": 6 + "title": "Type", + "description": "Type", + "order": 3 } } }, - "report": { + "handles": { "type": "object", - "title": "report", + "title": "handles", "properties": { - "analysis_start_time": { - "type": "string", - "title": "Analysis Start Time", - "description": "Analysis start time", - "order": 21 - }, - "av_detect": { - "type": "integer", - "title": "Antivirus Detect", - "description": "Antivirus detect", - "order": 18 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "$ref": "#/definitions/certificates" - }, - "order": 26 - }, - "classification_tags": { - "type": "array", - "title": "Classification Tags", - "description": "Classification tags", - "items": { - "type": "string" - }, - "order": 28 - }, - "compromised_hosts": { - "type": "array", - "title": "Compromised Hosts", - "description": "Compromised hosts", - "items": { - "type": "string" - }, - "order": 29 - }, - "domains": { - "type": "array", - "title": "Domains", - "description": "Domains", - "items": { - "type": "string" - }, - "order": 27 - }, - "environment_description": { - "type": "string", - "title": "Environment Description", - "description": "Environment description", - "order": 3 - }, - "environment_id": { + "id": { "type": "integer", - "title": "Environment ID", - "description": "The environment that was used for analysis", - "order": 2 - }, - "error_origin": { - "type": "string", - "title": "Error Origin", - "description": "Error origin", - "order": 10 - }, - "error_type": { - "type": "string", - "title": "Error Type", - "description": "Type of error that occurred", - "order": 9 - }, - "extracted_files": { - "type": "array", - "title": "Extracted Files", - "description": "Extracted files", - "items": { - "$ref": "#/definitions/extracted_files" - }, - "order": 34 - }, - "file_metadata": { - "$ref": "#/definitions/file_metadata", - "title": "File Metadata", - "description": "File metadata", - "order": 35 - }, - "hosts": { - "type": "array", - "title": "Hosts", - "description": "Hosts", - "items": { - "type": "string" - }, - "order": 30 - }, - "imphash": { - "type": "string", - "title": "IMP Hash", - "description": "IMP Hash", - "order": 17 - }, - "interesting": { - "type": "boolean", - "title": "Interesting", - "description": "Interesting", - "order": 23 - }, - "job_id": { - "type": "string", - "title": "Job ID", - "description": "Job ID which is generated by server", + "title": "ID", + "description": "ID", "order": 1 }, - "machine_learning_models": { - "type": "array", - "title": "Machine Learning Models", - "description": "Machine learning models", - "items": { - "$ref": "#/definitions/machine_learning_models" - }, - "order": 41 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 12 - }, - "mitre_attcks": { - "type": "array", - "title": "MITRE Attcks", - "description": "MITRE attcks", - "items": { - "$ref": "#/definitions/mitre_attcks" - }, - "order": 38 - }, - "network_mode": { - "type": "string", - "title": "Network Mode", - "description": "Network mode", - "order": 40 - }, - "processes": { - "type": "array", - "title": "Processes", - "description": "Processes", - "items": { - "$ref": "#/definitions/processes" - }, - "order": 36 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 13 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 14 - }, - "sha512": { - "type": "string", - "title": "SHA512", - "description": "SHA512", - "order": 15 - }, - "size": { - "type": "integer", - "title": "Size", - "description": "Size", - "order": 4 - }, - "ssdeep": { - "type": "string", - "title": "SS Deep", - "description": "SS Deep", - "order": 16 - }, - "state": { - "type": "string", - "title": "State", - "description": "State in which the analysis is in", - "order": 8 - }, - "submissions": { - "type": "array", - "title": "Submissions", - "description": "Submissions", - "items": { - "$ref": "#/definitions/submissions" - }, - "order": 39 - }, - "submit_name": { - "type": "string", - "title": "Submit Name", - "description": "Submit name", - "order": 11 - }, - "tags": { - "type": "array", - "title": "Tags", - "description": "Tags", - "items": { - "type": "string" - }, - "order": 37 - }, - "target_url": { + "path": { "type": "string", - "title": "Target URL", - "description": "Target URL", - "order": 7 - }, - "threat_level": { - "type": "integer", - "title": "Threat Level", - "description": "Threat level", - "order": 24 - }, - "threat_score": { - "type": "integer", - "title": "Threat Score", - "description": "Threat score", - "order": 22 - }, - "total_network_connections": { - "type": "integer", - "title": "Total Network Connections", - "description": "Total network connections", - "order": 31 - }, - "total_processes": { - "type": "integer", - "title": "Total Processes", - "description": "Total processes", - "order": 32 - }, - "total_signatures": { - "type": "integer", - "title": "Total Signatures", - "description": "Total signatures", - "order": 33 + "title": "Path", + "description": "Path", + "order": 2 }, "type": { "type": "string", "title": "Type", "description": "Type", - "order": 5 - }, - "type_short": { - "type": "array", - "title": "Type Short", - "description": "Type short", - "items": { - "type": "string" - }, - "order": 6 - }, - "url_analysis": { - "type": "boolean", - "title": "URL Analysis", - "description": "URL analysis", - "order": 20 + "order": 3 + } + } + }, + "process_flags": { + "type": "object", + "title": "process_flags", + "properties": { + "data": { + "type": "string", + "title": "Data", + "description": "Data", + "order": 1 }, - "verdict": { + "image": { "type": "string", - "title": "Verdict", - "description": "Verdict", - "order": 25 + "title": "Image", + "description": "Image", + "order": 2 }, - "vx_family": { + "name": { "type": "string", - "title": "VX Family", - "description": "VX family", - "order": 19 + "title": "Name", + "description": "Name", + "order": 3 } - }, - "definitions": { - "certificates": { - "type": "object", - "title": "certificates", - "properties": { - "issuer": { - "type": "string", - "title": "Issuer", - "description": "Issuer", - "order": 1 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 2 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner", - "order": 3 - }, - "serial_number": { - "type": "string", - "title": "Serial Number", - "description": "Serial number", - "order": 4 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 5 - }, - "valid_from": { - "type": "string", - "title": "Valid From", - "description": "Valid from", - "order": 6 - }, - "valid_until": { - "type": "string", - "title": "Valid Until", - "description": "Valid until", - "order": 7 - } - } - }, - "created_files": { - "type": "object", - "title": "created_files", - "properties": { - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 1 - }, - "null_byte": { - "type": "boolean", - "title": "Null Byte", - "description": "Null byte", - "order": 2 - } - } - }, - "extracted_files": { - "type": "object", - "title": "extracted_files", - "properties": { - "av_label": { - "type": "string", - "title": "Available Label", - "description": "Available label", - "order": 1 - }, - "av_matched": { - "type": "integer", - "title": "Available Matched", - "description": "Available matched", - "order": 2 - }, - "av_total": { - "type": "integer", - "title": "Available Total", - "description": "Available total", - "order": 3 - }, - "description": { - "type": "string", - "title": "Description", - "description": "Description", - "order": 4 - }, - "file_available_to_download": { - "type": "boolean", - "title": "File Available To Download", - "description": "File available to download", - "order": 5 - }, - "file_path": { - "type": "string", - "title": "File Path", - "description": "File path", - "order": 6 - }, - "file_size": { - "type": "integer", - "title": "File Size", - "description": "File size", - "order": 7 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 8 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 9 - }, - "runtime_process": { - "type": "string", - "title": "Runtime Process", - "description": "Runtime process", - "order": 10 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 11 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 12 - }, - "threat_level": { - "type": "integer", - "title": "Threat Level", - "description": "Threat level", - "order": 13 - }, - "threat_level_readable": { - "type": "string", - "title": "Threat Level Readable", - "description": "Threat level readable", - "order": 14 - }, - "type_tags": { - "type": "array", - "title": "Type Tags", - "description": "Type tags", - "items": { - "type": "string" - }, - "order": 15 - } - } - }, - "file_accesses": { - "type": "object", - "title": "file_accesses", - "properties": { - "mask": { - "type": "string", - "title": "Mask", - "description": "Mask", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "file_metadata": { - "type": "object", - "title": "file_metadata", - "properties": { - "file_analysis": { - "type": "array", - "title": "File Analysis", - "description": "File analysis", - "items": { - "type": "string" - }, - "order": 1 - }, - "file_compositions": { - "type": "array", - "title": "File Compositions", - "description": "File compositions", - "items": { - "type": "string" - }, - "order": 2 - }, - "imported_objects": { - "type": "array", - "title": "Imported Objects", - "description": "Imported objects", - "items": { - "type": "string" - }, - "order": 3 - }, - "total_file_compositions_imports": { - "type": "integer", - "title": "Total File Compositions Imports", - "description": "Total file compositions imports", - "order": 4 - } - } - }, - "handles": { - "type": "object", - "title": "handles", - "properties": { - "id": { - "type": "integer", - "title": "ID", - "description": "ID", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "machine_learning_models": { - "type": "object", - "title": "machine_learning_models", - "properties": { - "created_at": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 1 - }, - "data": { - "type": "array", - "title": "Data", - "description": "Data", - "items": { - "$ref": "#/definitions/matched_signatures" - }, - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "version": { - "type": "string", - "title": "Version", - "description": "Version", - "order": 5 - } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - } - } - }, - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - }, - "mitre_attcks": { - "type": "object", - "title": "mitre_attcks", - "properties": { - "attck_id": { - "type": "string", - "title": "Attck ID", - "description": "Attck ID", - "order": 1 - }, - "attck_id_wiki": { - "type": "string", - "title": "Attck ID Wiki", - "description": "Attck ID wiki", - "order": 2 - }, - "informative_identifiers": { - "type": "array", - "title": "Informative Identifiers", - "description": "Informative identifiers", - "items": { - "type": "string" - }, - "order": 3 - }, - "informative_identifiers_count": { - "type": "integer", - "title": "Informative Identifiers Count", - "description": "Informative identifiers count", - "order": 4 - }, - "malicious_identifiers": { - "type": "array", - "title": "Malicious Identifiers", - "description": "Malicious identifiers", - "items": { - "type": "string" - }, - "order": 5 - }, - "malicious_identifiers_count": { - "type": "integer", - "title": "Malicious Identifiers Count", - "description": "Malicious identifiers count", - "order": 6 - }, - "suspicious_identifiers": { - "type": "array", - "title": "Suspicious Identifiers", - "description": "Suspicious identifiers", - "items": { - "type": "string" - }, - "order": 7 - }, - "suspicious_identifiers_count": { - "type": "integer", - "title": "Suspicious Identifiers Count", - "description": "Suspicious identifiers count", - "order": 8 - }, - "tactic": { - "type": "string", - "title": "Tactic", - "description": "Tactic", - "order": 9 - }, - "technique": { - "type": "string", - "title": "Technique", - "description": "Technique", - "order": 10 - } - } - }, - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - }, - "process_flags": { - "type": "object", - "title": "process_flags", - "properties": { - "data": { - "type": "string", - "title": "Data", - "description": "Data", - "order": 1 - }, - "image": { - "type": "string", - "title": "Image", - "description": "Image", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - } - } + } + }, + "registry": { + "type": "object", + "title": "registry", + "properties": { + "key": { + "type": "string", + "title": "Key", + "description": "Key", + "order": 1 }, - "processes": { - "type": "object", - "title": "processes", - "properties": { - "av_label": { - "type": "string", - "title": "Available Label", - "description": "Available label", - "order": 1 - }, - "av_matched": { - "type": "integer", - "title": "Available Matched", - "description": "Available matched", - "order": 2 - }, - "av_total": { - "type": "integer", - "title": "Available Total", - "description": "Available total", - "order": 3 - }, - "command_line": { - "type": "string", - "title": "Command Line", - "description": "Command line", - "order": 4 - }, - "created_files": { - "type": "array", - "title": "Created Files", - "description": "Created files", - "items": { - "$ref": "#/definitions/created_files" - }, - "order": 5 - }, - "file_accesses": { - "type": "array", - "title": "File Accesses", - "description": "File accesses", - "items": { - "$ref": "#/definitions/file_accesses" - }, - "order": 6 - }, - "handles": { - "type": "array", - "title": "Handles", - "description": "Handles", - "items": { - "$ref": "#/definitions/handles" - }, - "order": 7 - }, - "icon": { - "type": "string", - "title": "Icon", - "description": "Icon", - "order": 8 - }, - "mutants": { - "type": "array", - "title": "Mutants", - "description": "Mutants", - "items": { - "type": "string" - }, - "order": 9 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 10 - }, - "normalized_path": { - "type": "string", - "title": "Normalized Path", - "description": "Normalized path", - "order": 11 - }, - "parentuid": { - "type": "string", - "title": "Parent UID", - "description": "Parent UID", - "order": 12 - }, - "pid": { - "type": "string", - "title": "PID", - "description": "PID", - "order": 13 - }, - "process_flags": { - "type": "array", - "title": "Process Flags", - "description": "Process flags", - "items": { - "$ref": "#/definitions/process_flags" - }, - "order": 14 - }, - "registry": { - "type": "array", - "title": "Registry", - "description": "Registry", - "items": { - "$ref": "#/definitions/registry" - }, - "order": 15 - }, - "script_calls": { - "type": "array", - "title": "Script Calls", - "description": "Script calls", - "items": { - "$ref": "#/definitions/script_calls" - }, - "order": 16 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 17 - }, - "streams": { - "type": "array", - "title": "Streams", - "description": "Streams", - "items": { - "$ref": "#/definitions/streams" - }, - "order": 18 - }, - "uid": { - "type": "string", - "title": "UID", - "description": "UID", - "order": 19 - } - }, - "definitions": { - "created_files": { - "type": "object", - "title": "created_files", - "properties": { - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 1 - }, - "null_byte": { - "type": "boolean", - "title": "Null Byte", - "description": "Null byte", - "order": 2 - } - } - }, - "file_accesses": { - "type": "object", - "title": "file_accesses", - "properties": { - "mask": { - "type": "string", - "title": "Mask", - "description": "Mask", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "handles": { - "type": "object", - "title": "handles", - "properties": { - "id": { - "type": "integer", - "title": "ID", - "description": "ID", - "order": 1 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 2 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 3 - } - } - }, - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - }, - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - }, - "process_flags": { - "type": "object", - "title": "process_flags", - "properties": { - "data": { - "type": "string", - "title": "Data", - "description": "Data", - "order": 1 - }, - "image": { - "type": "string", - "title": "Image", - "description": "Image", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - } - } - }, - "registry": { - "type": "object", - "title": "registry", - "properties": { - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "operation": { - "type": "string", - "title": "Operation", - "description": "Operation", - "order": 2 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 3 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "status_human_readable": { - "type": "string", - "title": "Status Human Readable", - "description": "Status human readable", - "order": 5 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 6 - } - } - }, - "script_calls": { - "type": "object", - "title": "script_calls", - "properties": { - "cls_id": { - "type": "string", - "title": "Cls ID", - "description": "Cls ID", - "order": 1 - }, - "dispatch_id": { - "type": "string", - "title": "Dispatch ID", - "description": "Dispatch ID", - "order": 2 - }, - "matched_malicious_signatures": { - "type": "array", - "title": "Matched Malicious Signatures", - "description": "Matched malicious signatures", - "items": { - "type": "string" - }, - "order": 3 - }, - "parameters": { - "type": "array", - "title": "Parameters", - "description": "Parameters", - "items": { - "$ref": "#/definitions/parameters" - }, - "order": 4 - }, - "result": { - "type": "string", - "title": "Result", - "description": "Result", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 6 - } - }, - "definitions": { - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - } - } - }, - "streams": { - "type": "object", - "title": "streams", - "properties": { - "executed": { - "type": "boolean", - "title": "Executed", - "description": "Executed", - "order": 1 - }, - "file_name": { - "type": "string", - "title": "File Name", - "description": "File name", - "order": 2 - }, - "human_keywords": { - "type": "string", - "title": "Human Keywords", - "description": "Human keywords", - "order": 3 - }, - "instructions": { - "type": "array", - "title": "Instructions", - "description": "Instructions", - "items": { - "type": "string" - }, - "order": 4 - }, - "matched_signatures": { - "type": "array", - "title": "Matched Signatures", - "description": "Matched signatures", - "items": { - "$ref": "#/definitions/matched_signatures" - }, - "order": 5 - }, - "uid": { - "type": "string", - "title": "UID", - "description": "UID", - "order": 6 - } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - } - } - } - } + "operation": { + "type": "string", + "title": "Operation", + "description": "Operation", + "order": 2 }, - "registry": { - "type": "object", - "title": "registry", - "properties": { - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "operation": { - "type": "string", - "title": "Operation", - "description": "Operation", - "order": 2 - }, - "path": { - "type": "string", - "title": "Path", - "description": "Path", - "order": 3 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "status_human_readable": { - "type": "string", - "title": "Status Human Readable", - "description": "Status human readable", - "order": 5 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 6 - } - } + "path": { + "type": "string", + "title": "Path", + "description": "Path", + "order": 3 }, - "script_calls": { - "type": "object", - "title": "script_calls", - "properties": { - "cls_id": { - "type": "string", - "title": "Cls ID", - "description": "Cls ID", - "order": 1 - }, - "dispatch_id": { - "type": "string", - "title": "Dispatch ID", - "description": "Dispatch ID", - "order": 2 - }, - "matched_malicious_signatures": { - "type": "array", - "title": "Matched Malicious Signatures", - "description": "Matched malicious signatures", - "items": { - "type": "string" - }, - "order": 3 - }, - "parameters": { - "type": "array", - "title": "Parameters", - "description": "Parameters", - "items": { - "$ref": "#/definitions/parameters" - }, - "order": 4 - }, - "result": { - "type": "string", - "title": "Result", - "description": "Result", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 6 - } - }, - "definitions": { - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } - } - } + "status": { + "type": "string", + "title": "Status", + "description": "Status", + "order": 4 }, - "streams": { - "type": "object", - "title": "streams", - "properties": { - "executed": { - "type": "boolean", - "title": "Executed", - "description": "Executed", - "order": 1 - }, - "file_name": { - "type": "string", - "title": "File Name", - "description": "File name", - "order": 2 - }, - "human_keywords": { - "type": "string", - "title": "Human Keywords", - "description": "Human keywords", - "order": 3 - }, - "instructions": { - "type": "array", - "title": "Instructions", - "description": "Instructions", - "items": { - "type": "string" - }, - "order": 4 - }, - "matched_signatures": { - "type": "array", - "title": "Matched Signatures", - "description": "Matched signatures", - "items": { - "$ref": "#/definitions/matched_signatures" - }, - "order": 5 - }, - "uid": { - "type": "string", - "title": "UID", - "description": "UID", - "order": 6 - } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } - } - } + "status_human_readable": { + "type": "string", + "title": "Status Human Readable", + "description": "Status human readable", + "order": 5 }, - "submissions": { - "type": "object", - "title": "submissions", - "properties": { - "created_at": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 1 - }, - "filename": { - "type": "string", - "title": "Filename", - "description": "File name", - "order": 2 - }, - "submission_id": { - "type": "string", - "title": "Submission ID", - "description": "Submission ID", - "order": 3 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL", - "order": 4 - } - } + "value": { + "type": "string", + "title": "Value", + "description": "Value", + "order": 6 } } }, @@ -2573,43 +866,41 @@ class LookupHashOutput(insightconnect_plugin_runtime.Output): "description": "Status", "order": 6 } - }, - "definitions": { - "parameters": { - "type": "object", - "title": "parameters", - "properties": { - "argument_number": { - "type": "integer", - "title": "Argument Number", - "description": "Argument number", - "order": 1 - }, - "comment": { - "type": "string", - "title": "Comment", - "description": "Comment", - "order": 2 - }, - "meaning": { - "type": "string", - "title": "Meaning", - "description": "Meaning", - "order": 3 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 4 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 5 - } - } + } + }, + "parameters": { + "type": "object", + "title": "parameters", + "properties": { + "argument_number": { + "type": "integer", + "title": "Argument Number", + "description": "Argument number", + "order": 1 + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "Comment", + "order": 2 + }, + "meaning": { + "type": "string", + "title": "Meaning", + "description": "Meaning", + "order": 3 + }, + "name": { + "type": "string", + "title": "Name", + "description": "Name", + "order": 4 + }, + "value": { + "type": "string", + "title": "Value", + "description": "Value", + "order": 5 } } }, @@ -2659,25 +950,98 @@ class LookupHashOutput(insightconnect_plugin_runtime.Output): "description": "UID", "order": 6 } - }, - "definitions": { - "matched_signatures": { - "type": "object", - "title": "matched_signatures", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value", - "order": 2 - } - } + } + }, + "matched_signatures": { + "type": "object", + "title": "matched_signatures", + "properties": { + "id": { + "type": "string", + "title": "ID", + "description": "ID", + "order": 1 + }, + "value": { + "type": "string", + "title": "Value", + "description": "Value", + "order": 2 + } + } + }, + "mitre_attcks": { + "type": "object", + "title": "mitre_attcks", + "properties": { + "attck_id": { + "type": "string", + "title": "Attck ID", + "description": "Attck ID", + "order": 1 + }, + "attck_id_wiki": { + "type": "string", + "title": "Attck ID Wiki", + "description": "Attck ID wiki", + "order": 2 + }, + "informative_identifiers": { + "type": "array", + "title": "Informative Identifiers", + "description": "Informative identifiers", + "items": { + "type": "string" + }, + "order": 3 + }, + "informative_identifiers_count": { + "type": "integer", + "title": "Informative Identifiers Count", + "description": "Informative identifiers count", + "order": 4 + }, + "malicious_identifiers": { + "type": "array", + "title": "Malicious Identifiers", + "description": "Malicious identifiers", + "items": { + "type": "string" + }, + "order": 5 + }, + "malicious_identifiers_count": { + "type": "integer", + "title": "Malicious Identifiers Count", + "description": "Malicious identifiers count", + "order": 6 + }, + "suspicious_identifiers": { + "type": "array", + "title": "Suspicious Identifiers", + "description": "Suspicious identifiers", + "items": { + "type": "string" + }, + "order": 7 + }, + "suspicious_identifiers_count": { + "type": "integer", + "title": "Suspicious Identifiers Count", + "description": "Suspicious identifiers count", + "order": 8 + }, + "tactic": { + "type": "string", + "title": "Tactic", + "description": "Tactic", + "order": 9 + }, + "technique": { + "type": "string", + "title": "Technique", + "description": "Technique", + "order": 10 } } }, @@ -2710,6 +1074,45 @@ class LookupHashOutput(insightconnect_plugin_runtime.Output): "order": 4 } } + }, + "machine_learning_models": { + "type": "object", + "title": "machine_learning_models", + "properties": { + "created_at": { + "type": "string", + "title": "Created At", + "description": "Created at", + "order": 1 + }, + "data": { + "type": "array", + "title": "Data", + "description": "Data", + "items": { + "$ref": "#/definitions/matched_signatures" + }, + "order": 2 + }, + "name": { + "type": "string", + "title": "Name", + "description": "Name", + "order": 3 + }, + "status": { + "type": "string", + "title": "Status", + "description": "Status", + "order": 4 + }, + "version": { + "type": "string", + "title": "Version", + "description": "Version", + "order": 5 + } + } } } } diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/__init__.py index c2daa63d15..9ac4c188b0 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import LookupTerms diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/schema.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/schema.py index 5387fc98fd..73b7316665 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/schema.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/lookup_terms/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -18,16 +18,16 @@ class Input: TAG = "tag" URL = "url" VERDICT = "verdict" - + class Output: COUNT = "count" RESULT = "result" SEARCH_TERMS = "search_terms" - + class LookupTermsInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -101,7 +101,8 @@ class LookupTermsInput(insightconnect_plugin_runtime.Input): ], "order": 4 } - } + }, + "definitions": {} } """) @@ -110,7 +111,7 @@ def __init__(self): class LookupTermsOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -145,15 +146,33 @@ class LookupTermsOutput(insightconnect_plugin_runtime.Output): "search_terms" ], "definitions": { + "search_term": { + "type": "object", + "title": "search_term", + "properties": { + "id": { + "type": "string", + "title": "ID", + "description": "Name of search term which was used", + "order": 1 + }, + "value": { + "type": "string", + "title": "Value", + "description": "Value of search term", + "order": 2 + } + } + }, "result": { "type": "object", "title": "result", "properties": { - "analysis_start_time": { + "verdict": { "type": "string", - "title": "Analysis Start Time", - "description": "The time at which the analysis began", - "order": 8 + "title": "Verdict", + "description": "File verdict e.g. malicious", + "order": 1 }, "av_detect": { "type": "string", @@ -161,17 +180,17 @@ class LookupTermsOutput(insightconnect_plugin_runtime.Output): "description": "AV MultiScan Detection Percentage", "order": 2 }, - "environment_description": { - "type": "string", - "title": "Environment Description", - "description": "Description of the environment on which analysis was conducted", - "order": 10 - }, - "environment_id": { + "threat_score": { "type": "integer", - "title": "Environment ID", - "description": "The environment that was used for analysis", - "order": 7 + "title": "Threat score", + "description": "Confidence value of VxStream Sandbox in the verdict; lies between 0 and 100", + "order": 3 + }, + "vx_family": { + "type": "string", + "title": "VX Family", + "description": "VX Family e.g. Trojan.Generic", + "order": 4 }, "job_id": { "type": "string", @@ -185,11 +204,17 @@ class LookupTermsOutput(insightconnect_plugin_runtime.Output): "description": "SHA256 hash", "order": 6 }, - "size": { + "environment_id": { "type": "integer", - "title": "File Size", - "description": "File size in bytes", - "order": 11 + "title": "Environment ID", + "description": "The environment that was used for analysis", + "order": 7 + }, + "analysis_start_time": { + "type": "string", + "title": "Analysis Start Time", + "description": "The time at which the analysis began", + "order": 8 }, "submit_name": { "type": "string", @@ -197,11 +222,17 @@ class LookupTermsOutput(insightconnect_plugin_runtime.Output): "description": "Submit name", "order": 9 }, - "threat_score": { + "environment_description": { + "type": "string", + "title": "Environment Description", + "description": "Description of the environment on which analysis was conducted", + "order": 10 + }, + "size": { "type": "integer", - "title": "Threat score", - "description": "Confidence value of VxStream Sandbox in the verdict; lies between 0 and 100", - "order": 3 + "title": "File Size", + "description": "File size in bytes", + "order": 11 }, "type": { "type": "string", @@ -214,36 +245,6 @@ class LookupTermsOutput(insightconnect_plugin_runtime.Output): "title": "File Extension", "description": "File type e.g. exe", "order": 13 - }, - "verdict": { - "type": "string", - "title": "Verdict", - "description": "File verdict e.g. malicious", - "order": 1 - }, - "vx_family": { - "type": "string", - "title": "VX Family", - "description": "VX Family e.g. Trojan.Generic", - "order": 4 - } - } - }, - "search_term": { - "type": "object", - "title": "search_term", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "Name of search term which was used", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "Value of search term", - "order": 2 } } } diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/__init__.py index da4c510b52..c8c7be9f54 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Report diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/schema.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/schema.py index e8fc95033a..860d195a1b 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/schema.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/report/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,7 +9,7 @@ class Component: class Input: HASH = "hash" - + class Output: ERROR = "error" @@ -17,10 +17,10 @@ class Output: ERROR_TYPE = "error_type" RELATED_REPORTS = "related_reports" STATE = "state" - + class ReportInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -34,7 +34,8 @@ class ReportInput(insightconnect_plugin_runtime.Input): }, "required": [ "hash" - ] + ], + "definitions": {} } """) @@ -43,7 +44,7 @@ def __init__(self): class ReportOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/__init__.py index 3f89f476ca..bbaa0f96e4 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Submit diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/schema.py b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/schema.py index 2f00f302b4..729cc494f1 100644 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/schema.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/actions/submit/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -16,17 +16,17 @@ class Input: HYBRID_ANALYSIS = "hybrid_analysis" SCRIPT_LOGGING = "script_logging" SUBMIT_NAME = "submit_name" - + class Output: ENVIRONMENT_ID = "environment_id" JOB_ID = "job_id" SHA256 = "sha256" SUBMISSION_ID = "submission_id" - + class SubmitInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -101,16 +101,16 @@ class SubmitInput(insightconnect_plugin_runtime.Input): "title": "File", "description": "File Object", "properties": { - "content": { - "type": "string", - "title": "Content", - "description": "File contents", - "format": "bytes" - }, "filename": { "type": "string", "title": "Filename", "description": "Name of file" + }, + "content": { + "type": "string", + "format": "bytes", + "title": "Content", + "description": "File contents" } } } @@ -123,7 +123,7 @@ def __init__(self): class SubmitOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -152,7 +152,8 @@ class SubmitOutput(insightconnect_plugin_runtime.Output): "description": "Submission ID which will be generated by server", "order": 2 } - } + }, + "definitions": {} } """) diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/connection/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/connection/__init__.py index a515dcf6b0..c78d3356be 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/connection/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/connection/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .connection import Connection diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/connection/schema.py b/plugins/hybrid_analysis/icon_hybrid_analysis/connection/schema.py index 39d88b8546..541b1ecfaf 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/connection/schema.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/connection/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -6,10 +6,10 @@ class Input: API_KEY = "api_key" URL = "url" - + class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -38,18 +38,18 @@ class ConnectionSchema(insightconnect_plugin_runtime.Input): "type": "object", "title": "Credential: Secret Key", "description": "A shared secret key", + "required": [ + "secretKey" + ], "properties": { "secretKey": { "type": "string", "title": "Secret Key", - "displayType": "password", "description": "The shared secret key", - "format": "password" + "format": "password", + "displayType": "password" } - }, - "required": [ - "secretKey" - ] + } } } } diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/tasks/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/tasks/__init__.py new file mode 100644 index 0000000000..7020c9a4ad --- /dev/null +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/tasks/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/hybrid_analysis/icon_hybrid_analysis/triggers/__init__.py b/plugins/hybrid_analysis/icon_hybrid_analysis/triggers/__init__.py index bace8db897..7020c9a4ad 100755 --- a/plugins/hybrid_analysis/icon_hybrid_analysis/triggers/__init__.py +++ b/plugins/hybrid_analysis/icon_hybrid_analysis/triggers/__init__.py @@ -1 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/hybrid_analysis/plugin.spec.yaml b/plugins/hybrid_analysis/plugin.spec.yaml index 84983a3eb6..a9f6b54fbc 100644 --- a/plugins/hybrid_analysis/plugin.spec.yaml +++ b/plugins/hybrid_analysis/plugin.spec.yaml @@ -7,17 +7,39 @@ vendor: rapid7 support: community status: [ ] description: Lookup file hashes to determine if they are malicious -version: 3.0.0 +version: 3.0.1 +connection_version: 3 supported_versions: - Hybrid Analysis API v2 +sdk: + type: slim + version: 6.1.4 + user: nobody resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/hybrid_analysis license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE vendor_url: https://www.hybrid-analysis.com/ +links: + - "[Hybrid Analysis](https://www.hybrid-analysis.com/)" +references: + - "[Hybrid Analysis](https://www.hybrid-analysis.com/)" tags: - malware - sandbox - malware analysis +key_features: + - "Lookup a file hash to identify known and unknown threats using Hybrid Analysis technology" +requirements: + - "A HybridAnalysis API key and token" +version_history: + - "3.0.1 - Bumping requirements.txt | SDK bump to 6.1.4" + - "3.0.0 - Update to support version 2 API | Created new actions which was moved from plugin **vxstream_sandbox** such as: Submit File, Lookup by Hash, Search Database, Retrieve Report" + - "2.0.2 - Fix threatscore KeyError" + - "2.0.1 - New spec and help.md format for the Extension Library" + - "2.0.0 - Update to new secret key credential type" + - "1.0.0 - Update to v2 Python plugin architecture | Support web server mode | Update to new credential types" + - "0.1.1 - SSL bug fix in SDK" + - "0.1.0 - Initial plugin" hub_tags: use_cases: [ threat_detection_and_response ] keywords: [ malware_analysis ] @@ -890,11 +912,13 @@ actions: description: True if found type: boolean required: false + example: true threatscore: title: Threat Score description: Threat Score (max found) type: integer required: false + example: 0 reports: title: Reports type: '[]report' @@ -983,6 +1007,7 @@ actions: description: Number of results returned type: integer required: true + example: 1 result: title: Results List description: List of results @@ -1056,21 +1081,25 @@ actions: description: Job ID which will be generated by server type: string required: false + example: 61dc148b0cad612f7371d2d3 submission_id: title: Submission ID description: Submission ID which will be generated by server type: string required: false + example: 61dc148b0cad612f7371d2d3 environment_id: title: Enviroment ID description: The environment that was used for analysis type: integer required: false + example: 300 sha256: title: SHA256 description: SHA256 hash for report retrieval type: string required: false + example: 6617aa88a72e6b526b88cbceda388a7b52a0e856148a12d9b8... report: title: Retrieve Report description: Retrieve report by providing SHA256 generated by the Submit File action @@ -1087,21 +1116,25 @@ actions: type: string description: State in which the analysis is in required: true + example: ERROR error_type: title: Error Type type: string description: Type of error that occurred required: false + example: FILE_TYPE_BAD_ERROR error_origin: title: Error Origin type: string description: Error origin required: false + example: CLIENT error: title: Error type: string description: An error that occurred during the analysis required: false + example: File \"testing.com.txt\" was detected as \"unknown\", this format is not supported on WINDOWS related_reports: title: Related Reports type: '[]related_reports' diff --git a/plugins/hybrid_analysis/requirements.txt b/plugins/hybrid_analysis/requirements.txt index 97eb40df7d..03cabb0152 100755 --- a/plugins/hybrid_analysis/requirements.txt +++ b/plugins/hybrid_analysis/requirements.txt @@ -1,4 +1,4 @@ # List third-party dependencies here, separated by newlines. # All dependencies must be version-pinned, eg. requests==1.2.0 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -validators==0.18.2 \ No newline at end of file +validators==0.34.0 diff --git a/plugins/hybrid_analysis/setup.py b/plugins/hybrid_analysis/setup.py index 858678606e..bbc7102c16 100644 --- a/plugins/hybrid_analysis/setup.py +++ b/plugins/hybrid_analysis/setup.py @@ -1,9 +1,9 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from setuptools import setup, find_packages setup(name="hybrid_analysis-rapid7-plugin", - version="3.0.0", + version="3.0.1", description="Lookup file hashes to determine if they are malicious", author="rapid7", author_email="", diff --git a/plugins/hybrid_analysis/unit_test/test_action_lookup_hash.py b/plugins/hybrid_analysis/unit_test/test_action_lookup_hash.py index 7fb0c097fe..cc78904d9c 100644 --- a/plugins/hybrid_analysis/unit_test/test_action_lookup_hash.py +++ b/plugins/hybrid_analysis/unit_test/test_action_lookup_hash.py @@ -3,12 +3,12 @@ from unittest import TestCase from unittest.mock import patch +sys.path.append(os.path.abspath("../")) + from icon_hybrid_analysis.actions.lookup_hash import LookupHash from icon_hybrid_analysis.actions.lookup_hash.schema import Input from insightconnect_plugin_runtime.exceptions import PluginException -from unit_test.util import Util - -sys.path.append(os.path.abspath("../")) +from util import Util class TestLookUpHash(TestCase): diff --git a/plugins/hybrid_analysis/unit_test/test_action_lookup_terms.py b/plugins/hybrid_analysis/unit_test/test_action_lookup_terms.py index 454362ca99..03f2bde426 100644 --- a/plugins/hybrid_analysis/unit_test/test_action_lookup_terms.py +++ b/plugins/hybrid_analysis/unit_test/test_action_lookup_terms.py @@ -3,12 +3,12 @@ from unittest import TestCase from unittest.mock import patch +sys.path.append(os.path.abspath("../")) + from icon_hybrid_analysis.actions.lookup_terms import LookupTerms from icon_hybrid_analysis.actions.lookup_terms.schema import Input from insightconnect_plugin_runtime.exceptions import PluginException -from unit_test.util import Util - -sys.path.append(os.path.abspath("../")) +from util import Util class TestLookUpTerms(TestCase): diff --git a/plugins/hybrid_analysis/unit_test/test_action_report.py b/plugins/hybrid_analysis/unit_test/test_action_report.py index 59979687d7..2941e4b0a1 100644 --- a/plugins/hybrid_analysis/unit_test/test_action_report.py +++ b/plugins/hybrid_analysis/unit_test/test_action_report.py @@ -3,12 +3,12 @@ from unittest import TestCase from unittest.mock import patch +sys.path.append(os.path.abspath("../")) + from icon_hybrid_analysis.actions.report import Report from icon_hybrid_analysis.actions.report.schema import Input from insightconnect_plugin_runtime.exceptions import PluginException -from unit_test.util import Util - -sys.path.append(os.path.abspath("../")) +from util import Util class TestReport(TestCase): diff --git a/plugins/hybrid_analysis/unit_test/test_action_submit.py b/plugins/hybrid_analysis/unit_test/test_action_submit.py index 7143ce9988..cf62989d3a 100644 --- a/plugins/hybrid_analysis/unit_test/test_action_submit.py +++ b/plugins/hybrid_analysis/unit_test/test_action_submit.py @@ -3,11 +3,11 @@ from unittest import TestCase from unittest.mock import patch +sys.path.append(os.path.abspath("../")) + from icon_hybrid_analysis.actions.submit import Submit from icon_hybrid_analysis.actions.submit.schema import Input -from unit_test.util import Util - -sys.path.append(os.path.abspath("../")) +from util import Util class TestSubmit(TestCase):