Merge branch 'release/3.3.3'

.github/workflows/build.yml

@@ -46,6 +46,7 @@ jobs:
     name: Build Catalog
     runs-on: [ ubuntu-latest ]
     needs: [ build_analyzers, build_responders ]
+    if: always()
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -77,7 +78,7 @@ jobs:
     name: Build documentation
     runs-on: [ ubuntu-latest ]
     needs: [build_analyzers, build_responders ]
-    if: startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/') && always()
     steps:
       - uses: actions/checkout@v3
       - name: Prepare documentation files

analyzers/Autofocus/Dockerfile

@@ -0,0 +1,5 @@
+FROM python:3.11
+WORKDIR /worker
+COPY . Autofocus
+RUN test ! -e Autofocus/requirements.txt || pip install --no-cache-dir -r Autofocus/requirements.txt
+ENTRYPOINT Autofocus/analyzer.py

analyzers/Maltiverse/Dockerfile

@@ -1,5 +1,6 @@
 FROM python:3-slim
 WORKDIR /worker
 COPY . Maltiverse
+RUN apt update && apt install -y git
 RUN test ! -e Maltiverse/requirements.txt || pip install --no-cache-dir -r Maltiverse/requirements.txt
 ENTRYPOINT Maltiverse/maltiverse-client.py

analyzers/MalwareClustering/requirements.txt

@@ -1,6 +1,7 @@
 cortexutils
 requests
 pyimpfuzzy==0.5
-py2neo==2021.0.1
+# py2neo is EOL and older versions were deleted from pipy https://github.com/neo4j-contrib/py2neo
+py2neo==2021.2.4
 apiscout==1.1.5
 python-magic==0.4.22

analyzers/RecordedFuture/README.md

@@ -0,0 +1,27 @@
+This analyzer will return Recorded Future Intelligence for the following datatypes:
+* ip
+* domain
+* fqdn
+* hash
+* url
+
+Enriched observables can display:
+* Risk Summary: Risk Score, Criticality, and link to the Intelligence Card
+* Recorded Future AI Insights
+
+![](assets/RecordedFutureAnalyzerReport.jpg)
+
+* Risk Rules and Evidence Details
+
+![](assets/RiskRulesReport.jpg)
+
+* Technical & Insikt Group Research Links
+
+![](assets/LinksReport.jpg)
+
+* Related Threat Actors
+* Related Attack Vectors
+* Malware Family / Category
+* Related IPs
+* Related Domains
+* Related Hashes

analyzers/RecordedFuture/RecordedFuture.json

@@ -0,0 +1,27 @@
+{
+  "name": "RecordedFuture",
+  "version": "2.0",
+  "author": "Recorded Future",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "dataTypeList": ["ip", "domain", "fqdn", "hash", "url"],
+  "description": "Enrich IP, Domain, FQDN, URL, or Hash with Recorded Future context:  Risk Score, Risk Details, AI Insights, Links, Threat Actor, Attack Vector, Malware Category / Family, and Related Entities (IPs, Domains, and Hashes)",
+  "command": "RecordedFuture/recordedfuture.py",
+  "baseConfig": "RecordedFuture",
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API Token",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "service_homepage": "https://www.recordedfuture.com/",
+  "service_logo": {
+    "path": "assets/recordedfuture-logo.png",
+    "caption": "logo"
+  }
+}