[Bug] Inoitsu Analyzer Bug - 'NoneType' object has no attribute 'group' AND config json Error #1032
Description
Describe the bug
Issue 1:
The Analyzer is throwing an NoneType Error when starting an Analysis with an email address. On the URL https://www.hotsheet.com/inoitsu/ there is no Critical Identity Alerts information anymore (at least when checked on 29.08.2021). It seems like this was removed from the URL and therefore the python code runs into errors during information harvesting.
Issue 2:
In the Inoitsu.json file the "config": {} part is missing which causes Elastic NotFoundError in the log file.
To Reproduce
Steps to reproduce the behavior:
- Configure the Analyzer under the Cortex Analyzer Config.
- Enable the Inoitsu Analyzer.
- Run a new Analysis with the Inoitsu Analyzer.
Expected behavior
The Analyzer should start the Analysis and request a reputation check against the URL https://www.hotsheet.com/inoitsu/ with the given e-mail address provided as input.
Complementary information
The Cortex WEB UI Error when starting an Analysis
Issue 1:
Issue 2:
The Elastic NotFoundError in the Cortex application.log, when starting an Analysis with the Analyzer:
2021-08-12 13:49:01,638 [INFO] from org.thp.cortex.services.ErrorHandler in application-akka.actor.default-dispatcher-9 - GET /api/analyzerconfig/Inoitsu returned 404 org.elastic4play.NotFoundError: config Inoitsu not found
Work environment
- Cortex version: 3.1.1-1
- Cortex Analyzer/Responder name: Inoitsu
- Cortex Analyzer/Responder version: 1.0
Possible solutions
Issue 1:
Remove Critical Identity Alerts from the result, because this information is not available on the URL anymore.
Issue 2:
Adding the a config part to the Inoitsu.json file liek:
"config": {
"check_tlp": true,
"max_tlp": 2,
"auto_extract": false
},