def __create_stix_virustotal(self, jdict, log, config):
toolsList = []
if 'permalink' in jdict:
vtTool = ToolInformation(tool_name = "VirusTotal")
vtTool.description = String("%s" % (jdict['permalink']))
toolsList.append(vtTool)
for scanner in jdict['scans']:
if jdict['scans'][scanner]['detected']:
vtTool = ToolInformation(tool_name = "VirusTotal", tool_vendor = "%s" % (scanner))
vtTool.version = String("%s" % (jdict['scans'][scanner]['version']))
vtTool.description = String("%s" % (jdict['scans'][scanner]['result']))
toolsList.append(vtTool)
return toolsList
def _create_observables(self, msg):
o = Observables(self.__parse_email_message(msg))
t = ToolInformation()
t.name = os.path.basename(__file__)
t.description = StructuredText("Email to CybOX conversion script")
t.vendor = "The MITRE Corporation"
t.version = __version__
t_list = ToolInformationList()
t_list.append(t)
m = MeasureSource()
m.tools = t_list
o.observable_package_source = m
return o
