stephen-oleary / cortex-analyzers Goto Github PK

Feature description
Automatically extract observables such as file hashes, URLs, domains, IPs etc from the contents of the reports and add them to the case

Describe the solution you'd like
Dynamic analysis shows network traffic, DNS requests, HTTP flow and various other data that may be useful to track, static analysis shows nearest neighbor files, which could potentially be useful, but probably less so. Would be good to extract all this data and add to the case.

Describe the bug
If there are no screenshots available in a dynamic analysis report, the section heading still displays in the report

To Reproduce
Run dynamic analysis that does not generate screenshots

Expected behavior
If there are no screenshots the heading should not appear

Possible solutions
Probably need to add/amend the ng-if statement on the div containing the screenshots

Feature description
For the static/dynamic analysis reports, the API allows you to retrieve the report by using the SHA256 file hash so even if you didn't have the file, you could get the report if it had been submitted previously

Describe the solution you'd like
Allow the analyzer to work on hash datatype
For hash datatype attempt to retrieve the report via the SHA256 hash and display it if it exists, otherwise return the message that no report is available until the file is submitted

Feature description
Currently the file hash lookup only returns the classification of the file, there is more data that could be exposed such as the reputation score and the detection signature

Describe the solution you'd like
Return the more detailed information and update the long template to display it correctly