Feature description
Automatically extract observables such as file hashes, URLs, domains, IPs etc from the contents of the reports and add them to the case
Describe the solution you'd like
Dynamic analysis shows network traffic, DNS requests, HTTP flow and various other data that may be useful to track, static analysis shows nearest neighbor files, which could potentially be useful, but probably less so. Would be good to extract all this data and add to the case.
Feature description
For the static/dynamic analysis reports, the API allows you to retrieve the report by using the SHA256 file hash so even if you didn't have the file, you could get the report if it had been submitted previously
Describe the solution you'd like
Allow the analyzer to work on hash datatype
For hash datatype attempt to retrieve the report via the SHA256 hash and display it if it exists, otherwise return the message that no report is available until the file is submitted
Feature description
Currently the file hash lookup only returns the classification of the file, there is more data that could be exposed such as the reputation score and the detection signature
Describe the solution you'd like
Return the more detailed information and update the long template to display it correctly