Merge pull request #1447 from TheHive-Project/opencti-v6-backwards-compatability-analyzers

OpenCTI v6 Analyzers

Author: nusantara-self

.github/workflows/build.yml

@@ -133,11 +133,13 @@ jobs:
             version=$(jq -r '.version // empty' "$json_file")
             description=$(jq -r '.description // empty' "$json_file")
             command=$(jq -r '.command // empty' "$json_file")
+            requirements=$(jq -r '.requirements // "requirements.txt"' "$json_file")
 
             echo "LOWERCASE_NAME=${lower_name}" >> $GITHUB_ENV
             echo "VERSION=${version}" >> $GITHUB_ENV
             echo "DESCRIPTION=${description}" >> $GITHUB_ENV
             echo "COMMAND=${command}" >> $GITHUB_ENV
+            echo "REQUIREMENTS=${requirements}" >> $GITHUB_ENV
 
             if [[ "$version" == *.* ]]; then
               version_split=$(echo "$version" | cut -d '.' -f 1)
@@ -296,6 +298,7 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
           push: true
           tags: ${{ env.IMAGE_TAGS }}
+          build-args: REQUIREMENTS=${{ env.REQUIREMENTS }}
           cache-from: type=gha
           cache-to: type=gha,mode=max,scope=shared
           labels: |
@@ -614,11 +617,13 @@ jobs:
             version=$(jq -r '.version // empty' "$json_file")
             description=$(jq -r '.description // empty' "$json_file")
             command=$(jq -r '.command // empty' "$json_file")
+            requirements=$(jq -r '.requirements // "requirements.txt"' "$json_file")
 
             echo "LOWERCASE_NAME=${lower_name}" >> $GITHUB_ENV
             echo "VERSION=${version}" >> $GITHUB_ENV
             echo "DESCRIPTION=${description}" >> $GITHUB_ENV
             echo "COMMAND=${command}" >> $GITHUB_ENV
+            echo "REQUIREMENTS=${requirements}" >> $GITHUB_ENV
 
             if [[ "$version" == *.* ]]; then
               version_split=$(echo "$version" | cut -d '.' -f 1)
@@ -777,6 +782,7 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
           push: true
           tags: ${{ env.IMAGE_TAGS }}
+          build-args: REQUIREMENTS=${{ env.REQUIREMENTS }}
           cache-from: type=gha
           cache-to: type=gha,mode=max,scope=shared
           labels: |
@@ -1095,11 +1101,13 @@ jobs:
             version=$(jq -r '.version // empty' "$json_file")
             description=$(jq -r '.description // empty' "$json_file")
             command=$(jq -r '.command // empty' "$json_file")
+            requirements=$(jq -r '.requirements // "requirements.txt"' "$json_file")
 
             echo "LOWERCASE_NAME=${lower_name}" >> $GITHUB_ENV
             echo "VERSION=${version}" >> $GITHUB_ENV
             echo "DESCRIPTION=${description}" >> $GITHUB_ENV
             echo "COMMAND=${command}" >> $GITHUB_ENV
+            echo "REQUIREMENTS=${requirements}" >> $GITHUB_ENV
 
             if [[ "$version" == *.* ]]; then
               version_split=$(echo "$version" | cut -d '.' -f 1)
@@ -1258,6 +1266,7 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
           push: true
           tags: ${{ env.IMAGE_TAGS }}
+          build-args: REQUIREMENTS=${{ env.REQUIREMENTS }}
           cache-from: type=gha
           cache-to: type=gha,mode=max,scope=shared
           labels: |

analyzers/OpenCTI/Dockerfile

@@ -1,11 +1,13 @@
 FROM python:3-alpine
 WORKDIR /worker
 
+ARG REQUIREMENTS=requirements.txt
+
 # Install libmagic (development package provides libmagic.so symlink)
 RUN apk add --no-cache file-dev
 
-COPY requirements.txt OpenCTI/
-RUN test ! -e OpenCTI/requirements.txt || pip install --no-cache-dir -r OpenCTI/requirements.txt
+COPY requirements*.txt OpenCTI/
+RUN test ! -e OpenCTI/${REQUIREMENTS} || pip install --no-cache-dir -r OpenCTI/${REQUIREMENTS}
 COPY . OpenCTI/
 
 ENTRYPOINT ["python", "OpenCTI/opencti.py"]

analyzers/OpenCTI/OpenCTI_v6_SearchExactObservable.json

@@ -0,0 +1,67 @@
+{
+  "name": "OpenCTI_v6_SearchExactObservable",
+  "author": "ANSSI",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers/",
+  "version": "2.0",
+  "description": "Query multiple OpenCTI v6 instances for a specific observable.",
+  "dataTypeList": [
+    "domain",
+    "ip",
+    "url",
+    "fqdn",
+    "uri_path",
+    "user-agent",
+    "hash",
+    "mail",
+    "mail_subject",
+    "registry",
+    "regexp",
+    "other",
+    "filename",
+    "mail-subject"
+  ],
+  "config": {
+      "service": "search_exact"
+  },
+  "requirements": "requirements_v6.txt",
+  "baseConfig": "OpenCTI_v6",
+  "command": "OpenCTI/opencti.py",
+  "configurationItems": [
+    {
+      "name": "name",
+      "description": "Name of OpenCTI servers",
+      "multi": true,
+      "required": false,
+      "type": "string"
+    },
+    {
+      "name": "url",
+      "description": "URL of OpenCTI servers",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "API key for each server",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://www.opencti.io",
+  "service_logo": {"path":"assets/logo_opencti.png", "caption": "logo"},
+  "screenshots": []
+}

analyzers/OpenCTI/OpenCTI_v6_SearchObservables.json

@@ -0,0 +1,67 @@
+{
+  "name": "OpenCTI_v6_SearchObservables",
+  "author": "ANSSI",
+  "license": "AGPL-V3",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers/",
+  "version": "2.0",
+  "description": "Query multiple OpenCTI v6 instances for a list of observables matching a pattern.",
+  "dataTypeList": [
+    "domain",
+    "ip",
+    "url",
+    "fqdn",
+    "uri_path",
+    "user-agent",
+    "hash",
+    "mail",
+    "mail_subject",
+    "registry",
+    "regexp",
+    "other",
+    "filename",
+    "mail-subject"
+  ],
+  "config": {
+      "service": "search_observables"
+  },
+  "requirements": "requirements_v6.txt",
+  "baseConfig": "OpenCTI_v6",
+  "command": "OpenCTI/opencti.py",
+  "configurationItems": [
+    {
+      "name": "name",
+      "description": "Name of OpenCTI servers",
+      "multi": true,
+      "required": false,
+      "type": "string"
+    },
+    {
+      "name": "url",
+      "description": "URL of OpenCTI servers",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "API key for each server",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": false,
+  "free_subscription": false,
+  "service_homepage": "https://www.opencti.io",
+  "service_logo": {"path":"assets/logo_opencti.png", "caption": "logo"},
+  "screenshots": []
+}

analyzers/OpenCTI/requirements_v6.txt

@@ -0,0 +1,3 @@
+cortexutils
+pycti>=6.0.0,<7.0.0
+six>=1.14.0