def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of hashes.
Args:
all_iocs - a list of hashes.
Returns:
A dict with hash as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep(
'virustotal.LookupHashesFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key,
resource_per_req,
cache_file_name=cache_file_name)
reports = vt.get_file_reports(all_iocs)
for hash_val in reports:
report = reports[hash_val]
if not report:
continue
if self._should_store_ioc_info(report):
threat_info[hash_val] = self._trim_hash_report(report)
return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name)
iocs = [x for x in all_iocs if not self._whitelist.match_values(x)]
reports = vt.get_domain_reports(iocs)
for domain in reports:
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name)
iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
reports = vt.get_domain_reports(iocs)
for domain in reports.keys():
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of hashes.
Args:
all_iocs - a list of hashes.
Returns:
A dict with hash as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupHashesFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name)
reports = vt.get_file_reports(all_iocs)
for hash_val in reports.keys():
report = reports[hash_val]
if not report:
continue
if self._should_store_ioc_info(report):
threat_info[hash_val] = self._trim_hash_report(report)
return threat_info
def setup_vt(self):
self.vt = VirusTotalApi('test_key')