Skip to content

Cyberprotect/Cortex-Runner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
cortexrunner
cortexrunner
 
 
example
example
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Rémi ALLAIN rallain@cyberprotect.fr

Cortex-Runner

Cortex jobs automation for TheHive

Requirements

  • thehive4py
  • requests

Installation

git clone 'https://github.com/Cyberprotect/Cortex-Runner.git'
cd CortexRunner-master
python setup.py install

or

pip install Cortex-Runner

Usage

from cortexrunner.api import CortexRunner

observable = '1234abcd1234abcd1234abcd1234abcd'
config = {
    'thehive': {
        'url': 'http://127.0.0.1:8080',
        'proxies': None,
        'cert': True,
        'key': '--API-KEY--'
    }
}
rules = {
    'file': [{
        'analyzer': 'Cuckoo_Sandbox_File_Analysis_1_0',
        'scope': 'internal'
    },{
        'analyzer': 'VirusTotal_Report_2_0',
        'scope': 'external'
    }],
    'filename': [{
        'analyzer': 'MISP_2_0',
        'scope': 'internal'
    },{
        'analyzer': 'HybridAnalysis_GetReport_1_0',
        'scope': 'external'
    }],
    'url': [{
        'analyzer': 'Threatcrowd_1_0',
        'scope': 'external'
    }]
}

runner = CortexRunner(observable, rules, config)

result = runner.launch()

print(result)

For a more complete and real example, get a look at example/ directory

About

Cortex jobs automation for TheHive

Topics

observable malware-analysis thehive iocs cortex security-automation threat-intelligence thehive4py

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages