Added optional force rerun control for cortex

frikky · frikky · commit df5aa6c1097b · 2022-04-07T01:45:01.000+02:00
diff --git a/cortex/1.0.0/api.yaml b/cortex/1.0.0/api.yaml
@@ -75,6 +75,14 @@ actions:
         required: false 
         schema:
           type: tlp
+      - name: force 
+        description: Whether to force rerun the analysis
+        required: false 
+        options:
+          - true
+          - false
+        schema:
+          type: tlp
     returns:
       schema:
         type: string 
@@ -118,6 +126,14 @@ actions:
         required: false 
         schema:
           type: tlp
+      - name: force 
+        description: Whether to force rerun the analysis
+        required: false 
+        options:
+          - true
+          - false
+        schema:
+          type: tlp
     returns:
       schema:
         type: string
diff --git a/cortex/1.0.0/src/app.py b/cortex/1.0.0/src/app.py
@@ -46,9 +46,17 @@ def get_available_analyzers(self, apikey, url, datatype):
 
         return all_results
 
-    def run_available_analyzers(self, apikey, url, data, datatype, message="", tlp=1):
+    def run_available_analyzers(self, apikey, url, data, datatype, message="", tlp=1, force="true"):
         if data == "" or data == "[]":
-            return "No values to handle []"
+            return {
+                "success": False,
+                "reason": "No values to handle []",
+            }
+
+        if str(force.lower()) == "true":
+            force = 1
+        else:
+            force = 0
 
         self.api = Api(url, apikey, cert=False)
         analyzers = self.get_available_analyzers(apikey, url, datatype)
@@ -61,7 +69,7 @@ def run_available_analyzers(self, apikey, url, data, datatype, message="", tlp=1
                     'dataType': datatype,
                     'tlp': tlp,
                     'message': message,
-                }, force=1)
+                }, force=force)
 
                 alljobs.append(job.id)
             except cortex4py.exceptions.ServiceUnavailableError as e:
@@ -75,15 +83,20 @@ def run_available_analyzers(self, apikey, url, data, datatype, message="", tlp=1
         #    return alljobs[0]
         return alljobs
 
-    def run_analyzer(self, apikey, url, analyzer_name, data, datatype, message="", tlp=1):
+    def run_analyzer(self, apikey, url, analyzer_name, data, datatype, message="", tlp=1, force="true"):
+        if str(force.lower()) == "true":
+            force = 1
+        else:
+            force = 0
+
         self.api = Api(url, apikey, cert=False)
         try:
             job = self.api.analyzers.run_by_name(analyzer_name, {
                 'data': data,
                 'dataType': datatype,
                 'tlp': tlp,
                 'message': message,
-            }, force=1)
+            }, force=force)
         except cortex4py.exceptions.ServiceUnavailableError as e:
             return str(e)
         except cortex4py.exceptions.AuthorizationError as e:
diff --git a/thehive/1.1.3/src/app.py b/thehive/1.1.3/src/app.py
@@ -417,6 +417,7 @@ def create_case_from_alert(
         response = self.thehive.promote_alert_to_case(
             alert_id=alert_id, case_template=case_template
         )
+
         return response.text
 
     def merge_alert_into_case(self, apikey, url, organisation, alert_id, case_id):

Original file line number	Diff line number	Diff line change
`@@ -417,6 +417,7 @@ def create_case_from_alert(`
`417`	`417`	`response = self.thehive.promote_alert_to_case(`
`418`	`418`	`alert_id=alert_id, case_template=case_template`
`419`	`419`	`)`
	`420`	`+`
`420`	`421`	`return response.text`
`421`	`422`
`422`	`423`	`def merge_alert_into_case(self, apikey, url, organisation, alert_id, case_id):`