def file_reputation_command(client: SixgillEnrichClient,
args) -> List[CommandResults]:
files = argToList(args.get("file"))
skip = int(args.get("skip"))
if len(files) == 0:
raise ValueError("HASH(s) not specified")
command_results: List[CommandResults] = []
for file_hash in files:
file_data = client.enrich_ioc("hash", file_hash, skip)
score = 0
if len(file_data) != 0:
score = max(list(map(get_score, file_data)))
file_hash_types = get_file_hashes(file_data)
dbot_score = Common.DBotScore(
indicator=file_hash,
indicator_type=DBotScoreType.FILE,
integration_name="SixgillDarkfeedEnrichment",
score=score,
malicious_description="; ".join(
{ioc.get("description")
for ioc in file_data}))
file_standard_context = Common.File(
md5=file_hash_types.get("md5"),
sha256=file_hash_types.get("sha256"),
sha1=file_hash_types.get("sha1"),
sha512=file_hash_types.get("sha512"),
ssdeep=file_hash_types.get("ssdeep"),
dbot_score=dbot_score,
)
readable_output = tableToMarkdown("File", file_data)
command_results.append(
CommandResults(
readable_output=readable_output,
outputs_prefix="Sixgill.File",
outputs_key_field="file",
outputs=file_data,
indicator=file_standard_context,
))
return command_results
def domain_reputation_command(client: SixgillEnrichClient,
args) -> List[CommandResults]:
domains = argToList(args.get("domain"))
skip = int(args.get("skip"))
if len(domains) == 0:
raise ValueError("DOMAIN(s) not specified")
command_results: List[CommandResults] = []
for domain in domains:
domain_data = client.enrich_ioc("domain", domain, skip)
score = 0
if len(domain_data) != 0:
score = max(list(map(get_score, domain_data)))
dbot_score = Common.DBotScore(
indicator=domain,
indicator_type=DBotScoreType.DOMAIN,
integration_name="SixgillDarkfeedEnrichment",
score=score,
malicious_description="; ".join(
{ioc.get("description")
for ioc in domain_data}))
domain_standard_context = Common.Domain(domain=domain,
dbot_score=dbot_score)
readable_output = tableToMarkdown("Domain", domain_data)
command_results.append(
CommandResults(
readable_output=readable_output,
outputs_prefix="Sixgill.Domain",
outputs_key_field="domain",
outputs=domain_data,
indicator=domain_standard_context,
))
return command_results
def url_reputation_command(client: SixgillEnrichClient,
args) -> List[CommandResults]:
urls = argToList(args.get("url"))
skip = int(args.get("skip"))
if len(urls) == 0:
raise ValueError("URL(s) not specified")
command_results: List[CommandResults] = []
for url in urls:
url_data = client.enrich_ioc("url", url, skip)
score = 0
if len(url_data) != 0:
score = max(list(map(get_score, url_data)))
dbot_score = Common.DBotScore(
indicator=url,
indicator_type=DBotScoreType.URL,
integration_name="SixgillDarkfeedEnrichment",
score=score,
malicious_description="; ".join(
{ioc.get("description")
for ioc in url_data}))
url_standard_context = Common.URL(url=url, dbot_score=dbot_score)
readable_output = tableToMarkdown("URL", url_data)
command_results.append(
CommandResults(
readable_output=readable_output,
outputs_prefix="Sixgill.URL",
outputs_key_field="url",
outputs=url_data,
indicator=url_standard_context,
))
return command_results