Skip to content

hashscanner/hashscanner-cortex

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

HashScanner Cortex Analyzer

PyPI License: MIT

Prefer code? There's also an official Python client & CLI: pip install hashscannerPyPI · GitHub.

A Cortex analyzer (for use with TheHive) that looks up a hash observable in the NIST NSRL via the HashScanner API.

Run it on any MD5 / SHA-1 / SHA-256 observable to instantly tell whether the file is known (cataloged in NSRL) — so you can filter the known out of a case and focus analyst time on the unknown.

A match means the file is knownnot that it is safe, clean, or malicious. NIST does not label files good or bad.

Layout

analyzers/HashScanner/        # the analyzer (flavor JSON + program + requirements)
thehive-templates/            # TheHive short/long report templates

This mirrors the Cortex-Analyzers catalog layout, so the analyzers/HashScanner/ and thehive-templates/ folders can be copied straight into a Cortex-Analyzers PR.

Install (custom analyzer path)

  1. Clone this repo onto your Cortex host and add analyzers/ to Cortex's analyzer.path (or copy analyzers/HashScanner/ into an existing analyzers path).
  2. Install dependencies: pip install -r analyzers/HashScanner/requirements.txt
  3. In the Cortex UI, enable HashScanner_NSRL, set your api_key (free at https://www.hashscanner.com/register), and run it on a hash observable.

Configuration

Item Required Default Description
api_key yes HashScanner API key (hs_..._sk_...)
api_url no https://api.hashscanner.com/v1 API base URL
timeout no 30 Request timeout (seconds)

Links

License

MIT

About

Cortex analyzer (TheHive) for the HashScanner API — look up file hashes in the NIST NSRL (known-file check)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors