Few improvements have been introduced in this version :
- Proofpoint analyzer has been updated to use python3 (#417)
- Long report of Cuckoo Sandbox analyzer has been improved to be able to display Cuckoo v. 2.0.6 reports (#418)
- URLhaus analyzer has also been updated to use the recently introduced API (#431)
On your Cortex server, update your analyzers with the following command:
$ cd /opt/Cortex-Analyzers && git pull
$ for I in analyzers/*/requirements.txt; do sudo -H /usr/bin/python2 -m pip install -r $I
$ for I in analyzers/*/requirements.txt; do sudo -H /usr/bin/python3 -m pip install -r $I
Updating analyzers should be followed by also updating report templates. Download new report templates and add the archive in TheHive report templates.
Detailed information
Cuckoo Sandbox
Thanks to @nicpenning Cuckoo analyzer is now able to display reports from version 2.0.6 of Cuckoo. With this version, remote connections part of the report has been fixed and is now well displayed
Notice: This fix has been reviewed by our core team, unfortunately, we have not been able to test it.
URLhaus
Abuse.ch, the operator of URLhaus recently introduced a new API for their service in order to handle bulk queries and reduce costs for their main page that uses CDNs for delivery. Because of that, thanks to Nils Kuhnert, the URLhaus analyzer has been rewritten from scratch. Also, the templates changed because there are three different API endpoints used:
URL template for URLhaus analyzer 
Domain and IP template for URLhaus analyzer 
Hash template for URLhaus analyzer
The short reports now display the threat type – which currently is always malware_download and, for the hash observable type, the malware family – if given by URLhaus:
URLhaus analyzer short template for URLs, domains and IPs 
URLhaus analyzer short template for hashes
Running Into Trouble?
Shall you encounter any difficulty, please join our user forum, contact us on Gitter, or send us an email at support@thehive-project.org. We will be more than happy to help!
TheHive Project 