2.4/dev Analyzers for Threatfox, MalwareBazaar, Echotrail, Elasticsearch #12003
Conversation
|
There are a few references to "Elastic Search" and "ElasticSearch". Those should be corrected to the proper name "Elasticsearch". |
|
Can you please update the Supported Observable Types and Authentication sections here: https://github.com/HoangLongVu/securityonion/blob/2.4/dev/salt/sensoroni/files/analyzers/README.md |
|
Thanks for updating the README! The pull request is definitely looking better, but It looks like some of the files are not passing the flake8 test. The build.sh script should perform the test for you, or you can use the command it uses to lint the files. Additionally, I noticed the Elasticsearch analyzer does not have an option to fall back to verify=False for the request. While not required, it might be useful to have an option for individuals who are not able to easily provide the necessary certificate. In this case, the default behavior would be to verify unless a key is set to disable verification. Let me know if you have any questions or thoughts. Thanks! |
|
Hi Mr Lambert, Could you let us know if we need to fix all the errors that are given or just the one that has letter E. |
All of the errors mentioned will need to be fixed so the build will be compliant with the requirements in the pytest.ini file. https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/dev/pytest.ini |
|
Thanks for the additional changes @semphorin! Would it be possible to have the commit signed? It doesn't look like it is verified at the moment. |
Completed Analyzers for ThreatFox, MalwareBazaar, Echotrail, Elasticsearch
Each analyzer follows a similar format as the existing analyzers. They include the code itself, a unit test file, README, metadata and a configuration file where applicable.