{
  "name": "ONYPHE_Vulnscan",
  "version": "1.1",
  "author": "Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack",
  "license": "AGPL-V3",
  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
  "description": "Retrieve vulnerability data from ONYPHE vulnscan category for a given ip, domain, fqdn or hash (sha256 TLS fingerprint)",
  "dataTypeList": ["ip", "domain", "fqdn", "hash"],
  "command": "Onyphe/onyphe_analyzer.py",
  "baseConfig": "Onyphe",
  "config": {
    "service": "vulnscan",
    "base_uri": "/api/v2/",
    "base_url": "https://www.onyphe.io"
  },
  "configurationItems": [
    {
      "name": "key",
      "description": "Define the API key to use to connect the service",
      "type": "string",
      "multi": false,
      "required": true
    },
    {
      "name": "time_filter",
      "description": "Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)",
      "type": "string",
      "multi": false,
      "required": false,
      "defaultValue": "-since:1M"
    },
    {
      "name": "only_vulnerable",
      "description": "Only return results where a CVE exists (-exists:cve)",
      "type": "boolean",
      "multi": false,
      "required": true,
      "defaultValue": true
    },
    {
      "name": "auto_import",
      "description": "Automatically import artifacts as observables (risks, cves, assets, ...)",
      "type": "boolean",
      "multi": false,
      "required": true,
      "defaultValue": false
    }
  ],
  "registration_required": true,
  "subscription_required": true,
  "free_subscription": true,
  "service_homepage": "https://www.onyphe.io",
  "service_logo": {
    "path": "assets/onyphe_logo.png",
    "caption": "logo"
  },
  "screenshots": [
    {
      "path": "assets/ONYPHE_Vulnscan_long.png",
      "caption": "ONYPHE Vulnscan report sample (IPs obscured)"
    },
    {
      "path": "assets/ONYPHE_Vulnscan_short.png",
      "caption": "ONYPHE Vulnscan mini report showing no. of CVEs"
    }
  ]
}