Initial sandbox integration development for review.

Author: radar989

.gitignore

@@ -0,0 +1,39 @@
+# Ignore Maven Compiled Project Files
+*/target/
+
+# Ignore IntelliJ Project Information
+*.iml
+.idea/
+
+# Ignore Sublime Text Project Files
+*.sublime-project
+*.sublime-workspace
+
+
+# Ignore Eclipse Project Information
+*.settings
+*.project
+*.classpath
+dependency-reduced-pom.xml
+
+
+# Ignore Excel Files
+*.xlsx
+
+# Ignore local log files
+*.log
+
+# Ignore Generated HTML README Files
+README.html
+
+# Ignored installed NPM modules
+node_modules/
+
+# Ignore private keys
+key/
+
+#Ignore VSCode 
+*.history
+.histoy
+*.vscode
+.vscode

LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2021 Polarity.io, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,34 @@
+# Polarity Sandbox Integration
+
+The Polarity Sandbox integrations uses the Google search API to search malware on different internet hosted sandboxes, to provide more information on the malware hashes. 
+
+
+|![image](assets/overlay.png)
+|---|---|
+|*Sandbox example* |
+
+## Sandbox Integration Options
+
+### API Key
+
+Valid Google CSE API Key
+
+### Sandboxes to Search 
+Specify which Sandboxes you want the integration to search. 
+
+## Installation Instructions
+
+Generate a new CSE API key on the following page:
+
+https://developers.google.com/custom-search/v1/overview
+
+A free account allows for up to 100 search queries per day.
+
+Once the API key has been generated, input the information into the API Key field in the integration and start searching for exploits. 
+
+
+## Polarity
+
+Polarity is a memory-augmentation platform that improves and accelerates analyst decision making.  For more information about the Polarity platform please see:
+
+https://polarity.io/

assets/overlay.png

@@ -0,0 +1,159 @@
+polarity.export = PolarityComponent.extend({
+  // Hides the filter menu by default
+  viewFilters: false,
+  // This is the initial view limit. The user can view up to 10 by clicking on a "view more" action link
+  viewLimit: 5,
+  // Stores any error messages from our onMessage hook
+  errorMessage: '',
+  infoMessage: '',
+  details: Ember.computed.alias('block.data.details'),
+  searchResults: Ember.computed.alias('details.searchResults'),
+  searchInformation: Ember.computed.alias('searchResults.searchInformation'),
+  icons: Ember.computed.alias('details.icons'),
+  searchFilters: Ember.computed.alias('block.storage.searchFilters'),
+  numSourcesToSearch: Ember.computed.alias('block.storage.numSourcesToSearch'),
+  init: function () {
+    this._super(...arguments);
+    if (!this.get('block.storage.searchFilters')) {
+      this.set('block.storage', {});
+      this.set('block.storage.searchFilters', [
+        {
+          displayValue: 'app.any.run',
+          filterValue: 'app.any.run',
+          id: 'app-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'any.run',
+          filterValue: 'any.run',
+          id: 'any-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'VirusTotal',
+          filterValue: 'virustotal.com',
+          id: 'vt-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Joe Sandbox',
+          filterValue: 'joesandbox.com',
+          id: 'js-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Intezer',
+          filterValue: 'analyze.intezer.com',
+          id: 'intezer-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Hybrid Analysis',
+          filterValue: 'hybrid-analysis.com',
+          id: 'ha-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Valkyrie Comodo',
+          filterValue: 'valkyrie.comodo.com',
+          id: 'comodo-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'IRIS-H',
+          filterValue: 'iris-h.services',
+          id: 'irish-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Labs.Inquest',
+          filterValue: 'labs.inquest.net',
+          id: 'inquest-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Manalyzer',
+          filterValue: 'manalyzer.org',
+          id: 'manalyzer-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Sandbox Pikker',
+          filterValue: 'sandbox.pikker.ee',
+          id: 'pikker-checkbox',
+          value: true
+        },
+        {
+          displayValue: 'Yomi Yoroi',
+          filterValue: 'yomi.yoroi.company',
+          id: 'yomi-checkbox',
+          value: true
+        }
+      ]);
+      this.set('block.storage.numSourcesToSearch', this.get('block.storage.searchFilters.length'));
+    }
+  },
+  actions: {
+    toggleFilter: function () {
+      this.toggleProperty('viewFilters');
+    },
+    applyFilter: function () {
+      this.set('errorMessage', '');
+      this.set('infoMessage', '');
+
+      const numSourcesToSearch = this.getNumSourcesSearched();
+      if (numSourcesToSearch === 0) {
+        this.set('infoMessage', 'Select at least one source to search');
+        return;
+      }
+      this.set('filtering', true);
+      const payload = {
+        entity: this.block.entity,
+        searchFilters: this.searchFilters
+      };
+
+      this.sendIntegrationMessage(payload)
+        .then((searchResults) => {
+          this.set('block.data.details.searchResults', searchResults);
+        })
+        .catch((err) => {
+          console.error(err);
+          if (typeof err.meta === 'string') {
+            this.set('errorMessage', err.meta);
+          } else if (typeof err.meta === 'object' && typeof err.meta.error === 'string') {
+            this.set('errorMessage', err.meta.error);
+          } else if (typeof err.meta === 'object' && typeof err.meta.detail === 'string') {
+            this.set('errorMessage', err.meta.detail);
+          } else {
+            this.set('errorMessage', JSON.stringify(err.meta));
+          }
+        })
+        .finally(() => {
+          this.set('numSourcesToSearch', numSourcesToSearch);
+          this.set('filtering', false);
+        });
+    },
+    selectAll: function () {
+      for (let i = 0; i < this.searchFilters.length; i++) {
+        this.set(`searchFilters.${i}.value`, true);
+      }
+    },
+    clearAll: function () {
+      for (let i = 0; i < this.searchFilters.length; i++) {
+        this.set(`searchFilters.${i}.value`, false);
+      }
+    },
+    viewMore: function () {
+      this.set('viewLimit', 10);
+    }
+  },
+  getNumSourcesSearched() {
+    let numSourcesToSearch = 0;
+    for (let i = 0; i < this.searchFilters.length; i++) {
+      if (this.searchFilters[i].value === true) {
+        ++numSourcesToSearch;
+      }
+    }
+    return numSourcesToSearch;
+  }
+});