Malware bazaar ingestor by federicofantini · Pull Request #2259 · intelowlproject/IntelOwl

federicofantini · 2024-04-11T15:41:44Z

Description

Addition of MalwareBazaar Ingestor and minor bug fixing

Type of change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue).
New feature (non-breaking change which adds functionality).
Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

fixed json serialization for types: bytes and File

in this way you can set an health checker if you want

…estor # Conflicts: # api_app/serializers/job.py

code-review-doctor

Some food for thought. View full project report here.

api_app/ingestors_manager/ingestors/malware_bazaar.py

0ssigeno · 2024-04-12T08:01:15Z

api_app/classes.py

+            if all(isinstance(n, bytes) for n in report_content):
+                report_content = [
+                    base64.b64encode(b).decode("utf-8") for b in report_content
+                ]


elif we do not want to check the content 2 times

0ssigeno · 2024-04-12T08:02:29Z

api_app/classes.py

+                    base64.b64encode(b).decode("utf-8") for b in report_content
+                ]
+
+        self.content = content


not necessary

0ssigeno · 2024-04-12T08:04:41Z

api_app/ingestors_manager/classes.py

    def after_run_success(self, content):
        super().after_run_success(content)
        self._config: IngestorConfig
-        # exhaust generator
        deque(
            self._config.create_jobs(
                # every job created from an ingestor
-                content,
+                self.content,
                TLP.CLEAR.value,
                self._user,
+                self._config.delay,
            ),
            maxlen=0,
        )


def after_run_success(self, content): pre_parsing_content = content # <------------ super().after_run_success(content) self._config: IngestorConfig deque( self._config.create_jobs( # every job created from an ingestor pre_parsing_content, # <----------- TLP.CLEAR.value, self._user, self._config.delay, ), maxlen=0, ) ```

0ssigeno · 2024-04-12T08:07:03Z

api_app/ingestors_manager/ingestors/malware_bazaar.py

+
+class MalwareBazaar(Ingestor):
+    url: str
+    hours: int


Can you add as comment the same description that you added in the Parameter model?
Just so that if someone only reads this code, understand what is this parameter for

0ssigeno · 2024-04-12T08:08:29Z

api_app/ingestors_manager/migrations/0019_ingestor_config_malwarebazaar.py

+
+plugin = {'id': 2, 'python_module': {'health_check_schedule': None, 'update_schedule': {'minute': '0', 'hour': '*', 'day_of_week': '*', 'day_of_month': '*', 'month_of_year': '*'}, 'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'schedule': {'minute': '0', 'hour': '*', 'day_of_week': '*', 'day_of_month': '*', 'month_of_year': '*'}, 'periodic_task': {'crontab': {'minute': '0', 'hour': '*', 'day_of_week': '*', 'day_of_month': '*', 'month_of_year': '*'}, 'name': 'MalwarebazaarIngestor', 'task': 'intel_owl.tasks.execute_ingestor', 'kwargs': '{"config_name": "MalwareBazaar"}', 'queue': 'default', 'enabled': True}, 'user': {'username': 'MalwarebazaarIngestor', 'first_name': '', 'last_name': '', 'email': ''}, 'name': 'MalwareBazaar', 'description': 'MalwareBazaar ingestor', 'disabled': False, 'soft_time_limit': 60, 'routing_key': 'default', 'health_check_status': True, 'maximum_jobs': 30, 'delay': '00:00:30', 'health_check_task': None, 'playbook_to_execute': 2, 'model': 'ingestors_manager.IngestorConfig'}
+
+params = [{'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'url', 'type': 'str', 'description': 'API endpoint', 'is_secret': False, 'required': True}, {'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'hours', 'type': 'int', 'description': 'Download samples that are up to X hours old', 'is_secret': False, 'required': True}, {'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'signatures', 'type': 'list', 'description': 'Download samples from chosen signatures (aka malware families)', 'is_secret': True, 'required': True}]


Does it make sense that signatures is a secret?

Maybe you dont't want to revealt that information, dunno. Anyway I changed that as NOT secret parameter

0ssigeno · 2024-04-12T08:10:33Z

api_app/ingestors_manager/ingestors/malware_bazaar.py

+class MalwareBazaar(Ingestor):
+    url: str
+    hours: int
+    signatures: str


if the Parameter called signatures it is actually a secret, the config() function would have assigned it to _signatures in this class.
Idk how this is working on your side

0ssigeno · 2024-04-12T08:12:24Z

api_app/ingestors_manager/ingestors/threatfox.py

 class ThreatFox(Ingestor):
+    url: str
    days: int

-    BASE_URL = "https://threatfox-api.abuse.ch/api/v1/"
-
    def run(self) -> Iterable[Any]:
-        result = requests.post(
-            self.BASE_URL, json={"query": "get_iocs", "days": self.days}
-        )
+        result = requests.post(self.url, json={"query": "get_iocs", "days": self.days})


Why did you change the URL? Why someone should be able to change the URL to something differently?

I changed the BASE_URL to url in order to enable the healthcheck feature (it's present, why disable it completely?).
I made it to do things the same way, as if it were a standard. If it doesn't go well I'll put it back as before.

…estor # Conflicts: # requirements/project-requirements.txt

fixed threatfox migration

federicofantini · 2024-06-05T07:50:22Z

api_app/classes.py

0ssigeno · 2024-06-06T07:04:05Z

api_app/ingestors_manager/ingestors/malware_bazaar.py

+            result = requests.post(
+                self.url,
+                data={"query": "get_siginfo", "signature": signature, "limit": 100},
+            )


Can we add a timeout to the post request? Just in case

0ssigeno · 2024-06-06T07:04:55Z

api_app/ingestors_manager/ingestors/malware_bazaar.py

+            sample_archive = requests.post(
+                self.url,
+                data={
+                    "query": "get_file",
+                    "sha256_hash": h,
+                },
+            )


Add a timeout

0ssigeno · 2024-06-06T07:06:39Z

api_app/ingestors_manager/ingestors/malware_bazaar.py

+    # Download samples from chosen signatures (aka malware families)
+    signatures: str
+
+    def run(self) -> Iterable[Any]:


This function imho should be split in 3 parts:

Where we are retrieving the results of each signatures

Where we are parsing the results and adding stuff in the hashes variable

Where we are downloading the file from the hashes
I would split this function in these 3 parts, to decrease its complexity

…estor

api_app/ingestors_manager/ingestors/malware_bazaar.py

api_app/ingestors_manager/ingestors/threatfox.py

0ssigeno · 2024-07-01T10:55:28Z

For the error, you have to cast the datetime retrieved to aware (or viceversa)

* Fix phoneinfoga name Signed-off-by: 0ssigeno <[email protected]> * Start with --traefik/--traefik_local option. Closes #2305 (#2351) * add traefik config and options for dev and prod working config with traefik finish traefik config prod/dev add documentation * Update traefik_local.override.yml - remove comment * rework prod/local traefik and add deletion of get-docker.sh * split traefik compose into base, prod and local * remove print of compose files * parent c45c84a author David Mihajlovic <[email protected]> 1716908101 +0200 committer David Mihajlovic <[email protected]> 1717135119 +0200 add traefik config and options for dev and prod working config with traefik finish traefik config prod/dev add documentation Vulners#1257 (#2340) * vulners * vulners wrapper * docs * lesser variables * migrations * code quality * migration * code --------- Co-authored-by: g4ze <[email protected]> bump 6.0.3 updated docs Bump django-ses from 4.0.0 to 4.1.0 in /requirements (#2342) Bumps [django-ses](https://github.com/django-ses/django-ses) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/django-ses/django-ses/releases) - [Changelog](https://github.com/django-ses/django-ses/blob/main/CHANGES.md) - [Commits](django-ses/django-ses@v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: django-ses dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> rework prod/local traefik and add deletion of get-docker.sh split traefik compose into base, prod and local get-docker.sh deletion without sudo change traefik compose naming * remove unnecessary files * remove print of compose files * change doc --------- Co-authored-by: Ubuntu <[email protected]> * Fix url Signed-off-by: 0ssigeno <[email protected]> * Visualizer improvements (#2366) * table visualizer improvements * adjusted tests * prettier * changes * fixed start script * Split folder creation into two parts removing sudo (#2373) * Bump elasticsearch-dsl from 8.13.0 to 8.14.0 in /requirements (#2370) Bumps [elasticsearch-dsl](https://github.com/elasticsearch/elasticsearch-dsl-py) from 8.13.0 to 8.14.0. - [Release notes](https://github.com/elasticsearch/elasticsearch-dsl-py/releases) - [Changelog](https://github.com/elastic/elasticsearch-dsl-py/blob/main/Changelog.rst) - [Commits](elastic/elasticsearch-dsl-py@v8.13.0...v8.14.0) --- updated-dependencies: - dependency-name: elasticsearch-dsl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump quark-engine from 24.5.1 to 24.6.1 in /requirements (#2371) Bumps [quark-engine](https://github.com/quark-engine/quark-engine) from 24.5.1 to 24.6.1. - [Release notes](https://github.com/quark-engine/quark-engine/releases) - [Commits](ev-flow/quark-engine@v24.5.1...v24.6.1) --- updated-dependencies: - dependency-name: quark-engine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Auto creation default test user with debug=true#1189 (#2369) * create super user * env files :p --------- Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: g4ze <[email protected]> * Bump library/nginx from 1.26.0-alpine to 1.27.0-alpine in /docker (#2358) Bumps library/nginx from 1.26.0-alpine to 1.27.0-alpine. --- updated-dependencies: - dependency-name: library/nginx dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump authlib from 1.3.0 to 1.3.1 in /requirements (#2368) Bumps [authlib](https://github.com/lepture/authlib) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/lepture/authlib/releases) - [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst) - [Commits](authlib/authlib@v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: authlib dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * detect-it-easy analyzer, closes #1590 (#2354) * die * tweeks * codefactor * codefactor * ypo * gitignore * typo fix * detectiteasyyyyy * tests * supported files * msdos * logs, file support, soft t/o, poll * migrate * for all files * docker_based_true * params * tests debug[1] * Update api_app/analyzers_manager/migrations/0094_analyzer_config_detectiteasy.py * Update api_app/analyzers_manager/file_analyzers/detectiteasy.py --------- Co-authored-by: g4ze <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> * Bi update (#2326) * added bi document * update bi interface * update bi interface * fix bi serializer * update certego-saas version * mign fix (#2375) Co-authored-by: g4ze <[email protected]> * watchman adjusts test (#2349) * watchman adjusts test * watchman right version * test * adjust * right watchman version * Malprob analyzer, closes #1521 (#2357) * init updates works, weirdly new flow updates tests deepsrc * tests * disable_ratelimit(), t/o * timeout,reform response,TLP:CLEAR,logs,no raise,disableRatelimit * migrations * reponse format * t/o * t/o(agn) * api_key * ratelimit,migrations,healthcheck --------- Co-authored-by: g4ze <[email protected]> * Passive_DNS playbook and visualizer (#2374) * created 'passive_dns' playbook and visualizer * dnsdb * validin * changes * refactor * changes * refactor + tests * changes * changes * Add create user docs (#2381) * docs for test user creation docs for test user creation * typo :"( --------- Co-authored-by: g4ze <[email protected]> * fixed capesandbox short analysis time limit (#2364) * fixed capesandbox short analysis time limit * added url to soft time limit error * fixed code doctor * added update method * added info installation process * Orkl_search analyzer, closes #1274 (#2380) * orkl search * docs * migrations * free to use * typo --------- Co-authored-by: g4ze <[email protected]> * Frontend - no more required analyzer in scan form (#2397) * no more requried analyzer in scan form * fix test * removed bad migration * Bump whitenoise from 6.6.0 to 6.7.0 in /requirements (#2396) Bumps [whitenoise](https://github.com/evansd/whitenoise) from 6.6.0 to 6.7.0. - [Changelog](https://github.com/evansd/whitenoise/blob/main/docs/changelog.rst) - [Commits](evansd/whitenoise@6.6.0...6.7.0) --- updated-dependencies: - dependency-name: whitenoise dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump greynoise from 2.1.0 to 2.2.0 in /requirements (#2389) Bumps [greynoise](https://github.com/GreyNoise-Intelligence/pygreynoise) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/GreyNoise-Intelligence/pygreynoise/releases) - [Changelog](https://github.com/GreyNoise-Intelligence/pygreynoise/blob/master/CHANGELOG.rst) - [Commits](GreyNoise-Intelligence/pygreynoise@v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: greynoise dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * crtsh (#2379) crt_sh Passive_DNS playbook and visualizer (#2374) * created 'passive_dns' playbook and visualizer * dnsdb * validin * changes * refactor * changes * refactor + tests * changes * changes Add create user docs (#2381) * docs for test user creation docs for test user creation * typo :"( --------- Co-authored-by: g4ze <[email protected]> fixed capesandbox short analysis time limit (#2364) * fixed capesandbox short analysis time limit * added url to soft time limit error * fixed code doctor * added update method added info installation process Orkl_search analyzer, closes #1274 (#2380) * orkl search * docs * migrations * free to use * typo --------- Co-authored-by: g4ze <[email protected]> Frontend - no more required analyzer in scan form (#2397) * no more requried analyzer in scan form * fix test docs, migrations and corrections ci Co-authored-by: g4ze <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> * Added external link to output (#2399) * Fixed load_env() parsing of .env files (#2400) * Spamhaus_WQS Analyzer, closes #1526 (#2378) * init * init * migration * docs * python * better code * code handling and migrations * better code * docs link * docs link --------- Co-authored-by: g4ze <[email protected]> * Pdf uri extractor and pivoting (#2391) * uri extraction * added download file analyzer and pivot configs * fixed code review doctor * made code review changes added job creation check to avoid graph related issues * added abstract update method * fixed migration order * fixed validated_data dict access * fixed migrations order * fixed migrations order * Malware bazaar ingestor (#2259) * added malware bazaar ingestor fixed json serialization for types: bytes and File * typo * added support to delayed celery jobs startup for ingestors * moved url to config parameter in this way you can set an health checker if you want * fixed wrong access to observable name * changed timedelta from class to object * added _monkeypatch() * omitted full_name field and generate ingestors plugin config * added threatfox url migration * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * updated threatfox migration * changed migration order * fixed reverse migrations * fixed default signatures * fixed default signatures * added malware bazaar userprofile fixed threatfox migration * isort * added default value to timedelta * fixed delay parameter default value and int conversion * fixed userprofile dumpplugin * reduced code complexity and fixed generator job creation * fixed deepsource warnings * fixed deepsoruce cyclic import * changed order PivotConfigurationException * made code review changes * fixed errors * fixed errors * fixed empty analyzer report * Adguard dns analyzer, closes #1361 (#2363) * adguard * adguard * bad query * tests * adguard works now :p * adguard * docs+mign * ci * ci * ci * tests * ci * ci * playbook * ci try * ci try * mign * mign --------- Co-authored-by: g4ze <[email protected]> * Fix ingestor (#2405) * Update Usage.md * disabled ingestors by default * fixed migration ingestors (#2406) * ja4db analyzer, closes #2361 (#2402) * adguard * adguard * bad query * ja4db * ci fixes * ci fix * ci fix * ci * cro tests * tests * adguard works now :p * adguard * docs+mign * ci * ci * ci * tests * ci * ci * playbook * ci try * ci try * mign * mign * mign upate * checks and amber * more precise * little refactor * added docstring --------- Co-authored-by: g4ze <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> * Goresym analyzer, fixes#1451 and fixes executable file support (#2401) * file support * goresym * mign * ci fix * mign update * file types * file-types * mign * revert * pass tests * executable support * params mign * params add in run * params * tests * test files * tests * fix * fix * ci * tests files * main.out for Goresym * test files * comment * mign * changes * errorssss * update * conflict * tests --------- Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: g4ze <[email protected]> * Fix ingestor dump Signed-off-by: 0ssigeno <[email protected]> * Bump djangorestframework from 3.15.1 to 3.15.2 in /requirements (#2398) Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.15.1 to 3.15.2. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.15.1...3.15.2) --- updated-dependencies: - dependency-name: djangorestframework dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jsonschema from 4.22.0 to 4.23.0 in /requirements (#2409) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.22.0 to 4.23.0. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.22.0...v4.23.0) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump quark-engine from 24.6.1 to 24.7.1 in /requirements (#2410) Bumps [quark-engine](https://github.com/quark-engine/quark-engine) from 24.6.1 to 24.7.1. - [Release notes](https://github.com/quark-engine/quark-engine/releases) - [Commits](ev-flow/quark-engine@v24.6.1...v24.7.1) --- updated-dependencies: - dependency-name: quark-engine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flake8 from 7.0.0 to 7.1.0 in /requirements (#2388) Bumps [flake8](https://github.com/pycqa/flake8) from 7.0.0 to 7.1.0. - [Commits](PyCQA/flake8@7.0.0...7.1.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix duplicated ingestor users (#2412) * fix * removed if condition and added defaults * removed .title() * fixed test due to .title() change * fixed test due to .title() change * Bump django from 4.2.11 to 4.2.14 in /requirements (#2415) Bumps [django](https://github.com/django/django) from 4.2.11 to 4.2.14. - [Commits](django/django@4.2.11...4.2.14) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Playbook choice for pivot and ingestor (#2411) * As title Signed-off-by: 0ssigeno <[email protected]> * Blake Signed-off-by: 0ssigeno <[email protected]> * Fixes Signed-off-by: 0ssigeno <[email protected]> * Fix tests Signed-off-by: 0ssigeno <[email protected]> * Fixes Signed-off-by: 0ssigeno <[email protected]> * Fixes Signed-off-by: 0ssigeno <[email protected]> * Fixes Signed-off-by: 0ssigeno <[email protected]> * Fix migrations after rebase Signed-off-by: 0ssigeno <[email protected]> --------- Signed-off-by: 0ssigeno <[email protected]> * Fix serializer Signed-off-by: 0ssigeno <[email protected]> * Fixes Signed-off-by: 0ssigeno <[email protected]> * Fix Signed-off-by: 0ssigeno <[email protected]> * Fix Signed-off-by: 0ssigeno <[email protected]> * Frontend - Replaced the time picker with a date picker (#2413) * created TimePicker component + useTimePickerSore * test * fix * Fix Signed-off-by: 0ssigeno <[email protected]> * updated frontend dependencies * Speed up query Signed-off-by: 0ssigeno <[email protected]> * Leakix analyzer, closes#1256 (#2423) * LeakIx * tests * lint * fix tasks duplicates (#2424) * fix tasks duplicates * reformatted out of scope fie * Apivoid analyzer, closes 1245 (#2428) * apivoid * tests * tests * qa * qa * qa * tests * Iocextract analyzer#1228 (#2426) * iocextract * iocextract * iocextract * ioc * iocextract * logs * mign * IocFinder Analyzer, closes #1229 (#2427) * IocFinder * bool * mign * mign * spamhaus_drop analyzer, closes #2408 (#2422) * spamhaus_drop * spamhaus_drop * ip matching * migratiuons * migrations * tests * tests * tests * tests * tests * tests * IocFinder * bool * mign * docs * mign * mign * mign * Criminalip analyzer closes#1240 (#2435) * cip * criminalip * criminalip * criminalip * criminalip * variables * Bump checkdmarc from 5.3.1 to 5.4.0 in /requirements (#2433) Bumps [checkdmarc](https://github.com/domainaware/checkdmarc) from 5.3.1 to 5.4.0. - [Changelog](https://github.com/domainaware/checkdmarc/blob/master/CHANGELOG.md) - [Commits](https://github.com/domainaware/checkdmarc/commits) --- updated-dependencies: - dependency-name: checkdmarc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump setuptools in /integrations/malware_tools_analyzers/requirements (#2416) Bumps [setuptools](https://github.com/pypa/setuptools) from 67.6.0 to 70.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v67.6.0...v70.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Default value Signed-off-by: 0ssigeno <[email protected]> * Enable/disable admin actions Signed-off-by: 0ssigeno <[email protected]> * removed recaptcha (#2437) * removed recaptcha * removed useless import * prettier * removed env.js setup * Criminalip_Scan analyzer closes#1240 (#2438) * cip * criminalip * criminalip * criminalip * criminalip * variables * init * tests * mign * fixes * fixes * mign * mign * mign * mign * mign * adjusted investigation filters (#2440) * adjusted investigation filters * fixed 'playbook to execute' column * fix * fix deepsource * Bump greynoise from 2.2.0 to 2.3.0 in /requirements (#2446) Bumps [greynoise](https://github.com/GreyNoise-Intelligence/pygreynoise) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/GreyNoise-Intelligence/pygreynoise/releases) - [Changelog](https://github.com/GreyNoise-Intelligence/pygreynoise/blob/master/CHANGELOG.rst) - [Commits](GreyNoise-Intelligence/pygreynoise@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: greynoise dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * job_id BI (#2449) * added job_id field to bi * removed name from JobBISerializer * Polyswarm analyzer closes#1255 (#2439) * polyswarm * polyswarm * polyswarm * polyswarm * polyswarm * mign * logs * logs * mign * obs * obs * obs * tests * modular * Knock analyzer (#2448) * knock * migration * knock but no deletion reqed * t/o test * rmv log * timeout tests * t/o * mock * mock * tests * tests * t/o * typo * tlp * pypi * works now * log * mign --------- Co-authored-by: g4ze <[email protected]> * Fix triage (#2452) * fix triage manage submission response * fix * Bump quark-engine from 24.7.1 to 24.8.1 in /requirements (#2459) Bumps [quark-engine](https://github.com/quark-engine/quark-engine) from 24.7.1 to 24.8.1. - [Release notes](https://github.com/quark-engine/quark-engine/releases) - [Commits](ev-flow/quark-engine@v24.7.1...v24.8.1) --- updated-dependencies: - dependency-name: quark-engine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump polyswarm-api from 3.8.0 to 3.9.0 in /requirements (#2458) Bumps [polyswarm-api](https://github.com/polyswarm/polyswarm-api) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/polyswarm/polyswarm-api/releases) - [Commits](polyswarm/polyswarm-api@3.8.0...3.9.0) --- updated-dependencies: - dependency-name: polyswarm-api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-filter from 24.2 to 24.3 in /requirements (#2457) Bumps [django-filter](https://github.com/carltongibson/django-filter) from 24.2 to 24.3. - [Release notes](https://github.com/carltongibson/django-filter/releases) - [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst) - [Commits](carltongibson/django-filter@24.2...24.3) --- updated-dependencies: - dependency-name: django-filter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump dnstwist[full] from 20240116 to 20240812 in /requirements (#2456) Bumps [dnstwist[full]](https://github.com/elceef/dnstwist) from 20240116 to 20240812. - [Release notes](https://github.com/elceef/dnstwist/releases) - [Commits](https://github.com/elceef/dnstwist/commits) --- updated-dependencies: - dependency-name: dnstwist[full] dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump elasticsearch-dsl from 8.14.0 to 8.15.0 in /requirements (#2455) Bumps [elasticsearch-dsl](https://github.com/elasticsearch/elasticsearch-dsl-py) from 8.14.0 to 8.15.0. - [Release notes](https://github.com/elasticsearch/elasticsearch-dsl-py/releases) - [Changelog](https://github.com/elastic/elasticsearch-dsl-py/blob/main/Changelog.rst) - [Commits](elastic/elasticsearch-dsl-py@v8.14.0...v8.15.0) --- updated-dependencies: - dependency-name: elasticsearch-dsl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django from 4.2.11 to 4.2.15 in /requirements (#2450) Bumps [django](https://github.com/django/django) from 4.2.11 to 4.2.15. - [Commits](django/django@4.2.11...4.2.15) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated blint * removing documentation in favor of new doc repo * removing documentation in favor of new doc repo * update test-requirements and pr template * chore: update pluginTableColumns.jsx (#2466) fitler -> filter Co-authored-by: Matteo Lodi <[email protected]> * removed quotes * get back images for the ReadME * updated frontend dependencies * Improved PE_info analyzer (#2464) * update * update * init * init * blint fix * black and flake8 * upgraded lief * complexity --------- Co-authored-by: Matteo Lodi <[email protected]> * [WIP] Adding docstrings in IntelOwl Codebase. (#2430) * Added docstrings in Authentication Signed-off-by: aryan <[email protected]> * Added docstrings in api_app module. Signed-off-by: aryan <[email protected]> * fixed linters Signed-off-by: aryan <[email protected]> --------- Signed-off-by: aryan <[email protected]> * fixed frontend issues * updated PR automation * Bump django-iam-dbauth from 0.1.4 to 0.2.0 in /requirements (#2476) Bumps [django-iam-dbauth](https://github.com/LabD/django-iam-dbauth) from 0.1.4 to 0.2.0. - [Release notes](https://github.com/LabD/django-iam-dbauth/releases) - [Changelog](https://github.com/labd/django-iam-dbauth/blob/main/CHANGES) - [Commits](labd/django-iam-dbauth@0.1.4...0.2.0) --- updated-dependencies: - dependency-name: django-iam-dbauth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump checkdmarc from 5.4.0 to 5.5.0 in /requirements (#2475) Bumps [checkdmarc](https://github.com/domainaware/checkdmarc) from 5.4.0 to 5.5.0. - [Changelog](https://github.com/domainaware/checkdmarc/blob/master/CHANGELOG.md) - [Commits](https://github.com/domainaware/checkdmarc/commits) --- updated-dependencies: - dependency-name: checkdmarc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed wrong task deletion (#2477) * email cc sender (#2468) * email sender Signed-off-by: 0ssigeno <[email protected]> * Fix Signed-off-by: 0ssigeno <[email protected]> * Added case for list Signed-off-by: 0ssigeno <[email protected]> * Blake Signed-off-by: 0ssigeno <[email protected]> --------- Signed-off-by: 0ssigeno <[email protected]> * removed obsolete docker compose version * updated readme * improved quad9 analyzers (#2453) * improved quad9 analyzers * fix * Refactor old documentation link. (#2465) * Refactor old documentation link. Signed-off-by: Aryan Bhokare <[email protected]> * fix prettier test Signed-off-by: Aryan Bhokare <[email protected]> * Fixed formatting Signed-off-by: Aryan Bhokare <[email protected]> * Improved PE_info analyzer (#2464) * update * update * init * init * blint fix * black and flake8 * upgraded lief * complexity --------- Co-authored-by: Matteo Lodi <[email protected]> * Fixed flake8 errors. Signed-off-by: Aryan Bhokare <[email protected]> * [WIP] Adding docstrings in IntelOwl Codebase. (#2430) * Added docstrings in Authentication Signed-off-by: aryan <[email protected]> * Added docstrings in api_app module. Signed-off-by: aryan <[email protected]> * fixed linters Signed-off-by: aryan <[email protected]> --------- Signed-off-by: aryan <[email protected]> * fixed frontend issues * updated PR automation * Bump django-iam-dbauth from 0.1.4 to 0.2.0 in /requirements (#2476) Bumps [django-iam-dbauth](https://github.com/LabD/django-iam-dbauth) from 0.1.4 to 0.2.0. - [Release notes](https://github.com/LabD/django-iam-dbauth/releases) - [Changelog](https://github.com/labd/django-iam-dbauth/blob/main/CHANGES) - [Commits](labd/django-iam-dbauth@0.1.4...0.2.0) --- updated-dependencies: - dependency-name: django-iam-dbauth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump checkdmarc from 5.4.0 to 5.5.0 in /requirements (#2475) Bumps [checkdmarc](https://github.com/domainaware/checkdmarc) from 5.4.0 to 5.5.0. - [Changelog](https://github.com/domainaware/checkdmarc/blob/master/CHANGELOG.md) - [Commits](https://github.com/domainaware/checkdmarc/commits) --- updated-dependencies: - dependency-name: checkdmarc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fixed wrong task deletion (#2477) * email cc sender (#2468) * email sender Signed-off-by: 0ssigeno <[email protected]> * Fix Signed-off-by: 0ssigeno <[email protected]> * Added case for list Signed-off-by: 0ssigeno <[email protected]> * Blake Signed-off-by: 0ssigeno <[email protected]> --------- Signed-off-by: 0ssigeno <[email protected]> * removed obsolete docker compose version * updated readme * Refactor old documentation link. Signed-off-by: Aryan Bhokare <[email protected]> * fix prettier test Signed-off-by: Aryan Bhokare <[email protected]> * Fixed formatting Signed-off-by: Aryan Bhokare <[email protected]> * Fixed flake8 errors. Signed-off-by: Aryan Bhokare <[email protected]> * linters again Signed-off-by: Aryan Bhokare <[email protected]> --------- Signed-off-by: Aryan Bhokare <[email protected]> Signed-off-by: aryan <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: 0ssigeno <[email protected]> Co-authored-by: Nilay Gupta <[email protected]> Co-authored-by: Matteo Lodi <[email protected]> Co-authored-by: Daniele Rosetti <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Federico Fantini <[email protected]> Co-authored-by: Simone Berni <[email protected]> * misp fix: invalid json (#2481) * fix1 * adjusted pymisp and upgraded * update pymisp --------- Co-authored-by: Matteo Lodi <[email protected]> * updated readme * Added docstrings in API_APP for api documentation (#2484) Signed-off-by: aryan <[email protected]> * mobsf (#2461) * mobsf * MobSF * tests * req:p * typo:p * extra file * mign * files * seperate migns * fix * fixes * no mock * mock * mock * mock * comments * Droidlysis analyzer closes#1591 (#2454) * droid * droid * droid * config fixes * config fixes * fixes * mobsf * fixes * MobSF * tests * req:p * typo:p * extra file * mign * files * fixes * mign * test * tests * tests * add imgs * seperate migns * fix * fixes * no mock * mock * mock * mock * mock * comments * comments * comms * mign * merge conflict * Bump pefile from 2023.2.7 to 2024.8.26 in /requirements (#2489) Bumps [pefile](https://github.com/erocarrera/pefile) from 2023.2.7 to 2024.8.26. - [Release notes](https://github.com/erocarrera/pefile/releases) - [Commits](erocarrera/pefile@v2023.2.7...v2024.8.26) --- updated-dependencies: - dependency-name: pefile dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-silk from 5.1.0 to 5.2.0 in /requirements (#2487) Bumps [django-silk](https://github.com/jazzband/django-silk) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/jazzband/django-silk/releases) - [Changelog](https://github.com/jazzband/django-silk/blob/master/CHANGELOG.md) - [Commits](jazzband/django-silk@5.1.0...5.2.0) --- updated-dependencies: - dependency-name: django-silk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-celery-beat from 2.6.0 to 2.7.0 in /requirements (#2488) Bumps [django-celery-beat](https://github.com/celery/django-celery-beat) from 2.6.0 to 2.7.0. - [Release notes](https://github.com/celery/django-celery-beat/releases) - [Changelog](https://github.com/celery/django-celery-beat/blob/main/Changelog) - [Commits](celery/django-celery-beat@v2.6.0...v2.7.0) --- updated-dependencies: - dependency-name: django-celery-beat dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * apk artifacts analyzer closes#2444 + upgraded stringsifter (#2469) * init * init * works * docker * comments * apk_artifacts * apk_artifacts * file supp --------- Signed-off-by: 0ssigeno <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: aryan <[email protected]> Signed-off-by: Aryan Bhokare <[email protected]> Co-authored-by: 0ssigeno <[email protected]> Co-authored-by: David Mihajlovic <[email protected]> Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Martina Carella <[email protected]> Co-authored-by: Daniele Rosetti <[email protected]> Co-authored-by: fgibertoni <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nilay Gupta <[email protected]> Co-authored-by: g4ze <[email protected]> Co-authored-by: Cristina Ascari <[email protected]> Co-authored-by: Federico Fantini <[email protected]> Co-authored-by: Simone Berni <[email protected]> Co-authored-by: Daniele Rosetti <[email protected]> Co-authored-by: Ikko Eltociear Ashimine <[email protected]> Co-authored-by: Aryan Bhokare <[email protected]>

* added malware bazaar ingestor fixed json serialization for types: bytes and File * typo * added support to delayed celery jobs startup for ingestors * moved url to config parameter in this way you can set an health checker if you want * fixed wrong access to observable name * changed timedelta from class to object * added _monkeypatch() * omitted full_name field and generate ingestors plugin config * added threatfox url migration * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * fixed linter * updated threatfox migration * changed migration order * fixed reverse migrations * fixed default signatures * fixed default signatures * added malware bazaar userprofile fixed threatfox migration * isort * added default value to timedelta * fixed delay parameter default value and int conversion * fixed userprofile dumpplugin * reduced code complexity and fixed generator job creation * fixed deepsource warnings * fixed deepsoruce cyclic import * changed order PivotConfigurationException * made code review changes * fixed errors * fixed errors

federicofantini added 9 commits April 4, 2024 18:35

added malware bazaar ingestor

e4f450f

fixed json serialization for types: bytes and File

typo

8ed18f1

added support to delayed celery jobs startup for ingestors

1d27bf5

moved url to config parameter

6497a98

in this way you can set an health checker if you want

fixed wrong access to observable name

5ac7d17

changed timedelta from class to object

b3d20a3

added _monkeypatch()

e359d83

omitted full_name field and generate ingestors plugin config

87d9a3d

added threatfox url migration

570c62e

federicofantini requested a review from 0ssigeno April 11, 2024 15:41

federicofantini added 6 commits April 11, 2024 17:45

Merge remote-tracking branch 'public/develop' into malware_bazaar_inj…

e636124

…estor # Conflicts: # api_app/serializers/job.py

fixed linter

90e30e6

fixed linter

9913052

fixed linter

30ca00a

fixed linter

8088cf4

fixed linter

5eda409

code-review-doctor bot suggested changes Apr 11, 2024

View reviewed changes

api_app/ingestors_manager/ingestors/malware_bazaar.py Outdated Show resolved Hide resolved

federicofantini added 3 commits April 11, 2024 18:02

fixed linter

718ff36

fixed linter

ee48aaf

fixed linter

01bf119

0ssigeno requested changes Apr 12, 2024

View reviewed changes

mlodic marked this pull request as draft May 10, 2024 15:03

federicofantini added 7 commits June 3, 2024 09:55

updated threatfox migration

0682935

Merge remote-tracking branch 'public/develop' into malware_bazaar_inj…

bb6e436

…estor # Conflicts: # requirements/project-requirements.txt

changed migration order

ff7cf12

fixed reverse migrations

a60eab2

fixed default signatures

570b047

fixed default signatures

33fc56a

added malware bazaar userprofile

bb5e1c6

fixed threatfox migration

federicofantini added 4 commits June 5, 2024 09:53

isort

2164e00

added default value to timedelta

a44d70e

fixed delay parameter default value and int conversion

d530b74

fixed userprofile dumpplugin

63544a4

federicofantini requested a review from 0ssigeno June 5, 2024 14:42

0ssigeno requested changes Jun 6, 2024

View reviewed changes

federicofantini added 5 commits June 10, 2024 16:56

reduced code complexity and fixed generator job creation

33ffb01

fixed deepsource warnings

8d946bb

Merge remote-tracking branch 'public/develop' into malware_bazaar_inj…

ff7fa2a

…estor

fixed deepsoruce cyclic import

f419a5a

changed order PivotConfigurationException

9e7e6b3

mlodic changed the title ~~Malware bazaar injestor~~ Malware bazaar ingestor Jun 12, 2024

0ssigeno requested changes Jul 1, 2024

View reviewed changes

api_app/ingestors_manager/ingestors/malware_bazaar.py Outdated Show resolved Hide resolved

api_app/ingestors_manager/ingestors/threatfox.py Outdated Show resolved Hide resolved

federicofantini added 2 commits July 1, 2024 11:17

Merge branch 'develop' into malware_bazaar_injestor

1892e4d

made code review changes

7f7b814

federicofantini added 3 commits July 1, 2024 15:02

fixed errors

75a450c

Merge branch 'develop' into malware_bazaar_injestor

ad63bc0

fixed errors

7edd869

federicofantini marked this pull request as ready for review July 1, 2024 13:42

0ssigeno merged commit cb3b4ba into develop Jul 1, 2024

0ssigeno deleted the malware_bazaar_injestor branch July 1, 2024 15:02


		plugin = {'id': 2, 'python_module': {'health_check_schedule': None, 'update_schedule': {'minute': '0', 'hour': '', 'day_of_week': '', 'day_of_month': '', 'month_of_year': ''}, 'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'schedule': {'minute': '0', 'hour': '', 'day_of_week': '', 'day_of_month': '', 'month_of_year': ''}, 'periodic_task': {'crontab': {'minute': '0', 'hour': '', 'day_of_week': '', 'day_of_month': '', 'month_of_year': ''}, 'name': 'MalwarebazaarIngestor', 'task': 'intel_owl.tasks.execute_ingestor', 'kwargs': '{"config_name": "MalwareBazaar"}', 'queue': 'default', 'enabled': True}, 'user': {'username': 'MalwarebazaarIngestor', 'first_name': '', 'last_name': '', 'email': ''}, 'name': 'MalwareBazaar', 'description': 'MalwareBazaar ingestor', 'disabled': False, 'soft_time_limit': 60, 'routing_key': 'default', 'health_check_status': True, 'maximum_jobs': 30, 'delay': '00:00:30', 'health_check_task': None, 'playbook_to_execute': 2, 'model': 'ingestors_manager.IngestorConfig'}

		params = [{'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'url', 'type': 'str', 'description': 'API endpoint', 'is_secret': False, 'required': True}, {'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'hours', 'type': 'int', 'description': 'Download samples that are up to X hours old', 'is_secret': False, 'required': True}, {'python_module': {'module': 'malware_bazaar.MalwareBazaar', 'base_path': 'api_app.ingestors_manager.ingestors'}, 'name': 'signatures', 'type': 'list', 'description': 'Download samples from chosen signatures (aka malware families)', 'is_secret': True, 'required': True}]

Uh oh!

Conversation

federicofantini commented Apr 11, 2024

Description

Type of change

Checklist

Uh oh!

code-review-doctor bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

0ssigeno Apr 12, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

federicofantini commented Jun 5, 2024

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

0ssigeno commented Jul 1, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

0ssigeno Apr 12, 2024 •

edited

Loading