def loop_pull_feed():
tmp_oldest = 999999999999
tmp_newest = 0
global LOOP_TIME
rule_actions = funct_parse_rule_actions()
vtIDS = []
json_notif_feed = func_pull_feed(API_KEY)
if (json_notif_feed == 0):
print "Problem pulling feed. Sleeping..."
return
# Notification Purge
for vt_notif in json_notif_feed["notifications"]:
vtIDS.append( int(vt_notif["id"]) )
func_delete_notif(API_KEY, vtIDS)
for vt_notif in json_notif_feed["notifications"]:
if (func_to_epoch(vt_notif["date"]) > tmp_newest):
tmp_newest = func_to_epoch(vt_notif["date"])
if (func_to_epoch(vt_notif["date"]) < tmp_oldest):
tmp_oldest = func_to_epoch(vt_notif["date"])
try:
tmp_sample = sample()
tmp_sample.define_sample(
vt_notif["md5"],
vt_notif["sha1"],
vt_notif["sha256"],
vt_notif["ruleset_name"],
vt_notif["subject"],
func_to_epoch(vt_notif["date"]),
func_to_epoch(vt_notif["first_seen"]),
(float(vt_notif["positives"]) / float(vt_notif["total"])),
vt_notif["size"],
)
except KeyError:
sys.exit(" [X] Problem parsing VT feed")
if (tmp_sample.check_new()):
sample_path = func_download_sample(API_KEY, STORAGE_PATH, vt_notif["md5"])
tmp_sample.set_path( sample_path )
if ( tmp_sample.insert_db() == True ):
tmp_sample.print_short()
if '%s' in DEFAULT_ACTION:
try:
thread.start_new_thread( funct_run_rule_action, (DEFAULT_ACTION, sample_path ) )
except:
funct_run_rule_action( DEFAULT_ACTION , sample_path )
if (str(vt_notif["subject"]) in rule_actions ):
try:
thread.start_new_thread( funct_run_rule_action, (rule_actions[vt_notif["subject"]], sample_path ) )
except:
funct_run_rule_action( rule_actions[vt_notif["subject"]] , sample_path )
else:
print " [-] Problem submitting sample to DB"
if ( ((tmp_newest - tmp_oldest) < LOOP_TIME) and (LOOP_TIME > 60) ) :
LOOP_TIME = (LOOP_TIME / 2)
def main(): rule_actions = funct_parse_rule_actions() print " [!] %-*s: ( Command )\n" % (40, "Signature") for rule in rule_actions.keys(): print " [+] %-*s: %s " % (40,rule, rule_actions[rule])
def loop_pull_feed():
tmp_oldest = 999999999999
tmp_newest = 0
global LOOP_TIME
rule_actions = funct_parse_rule_actions()
json_notif_feed = func_pull_feed(API_KEY)
if (json_notif_feed == 0):
print "Problem pulling feed. Sleeping..."
return
for vt_notif in json_notif_feed["notifications"]:
if (func_to_epoch(vt_notif["date"]) > tmp_newest):
tmp_newest = func_to_epoch(vt_notif["date"])
if (func_to_epoch(vt_notif["date"]) < tmp_oldest):
tmp_oldest = func_to_epoch(vt_notif["date"])
try:
tmp_sample = sample()
tmp_sample.define_sample(
vt_notif["md5"],
vt_notif["sha1"],
vt_notif["sha256"],
vt_notif["ruleset_name"],
vt_notif["subject"],
func_to_epoch(vt_notif["date"]),
func_to_epoch(vt_notif["first_seen"]),
(float(vt_notif["positives"]) / float(vt_notif["total"])),
vt_notif["size"],
)
except KeyError:
sys.exit(" [X] Problem parsing VT feed")
if (tmp_sample.check_new()):
sample_path = func_download_sample(API_KEY, STORAGE_PATH,
vt_notif["md5"])
tmp_sample.set_path(sample_path)
if (tmp_sample.insert_db() == True):
tmp_sample.print_short()
if '%s' in DEFAULT_ACTION:
try:
thread.start_new_thread(funct_run_rule_action,
(DEFAULT_ACTION, sample_path))
except:
funct_run_rule_action(DEFAULT_ACTION, sample_path)
if (str(vt_notif["subject"]) in rule_actions):
try:
thread.start_new_thread(
funct_run_rule_action,
(rule_actions[vt_notif["subject"]], sample_path))
except:
funct_run_rule_action(
rule_actions[vt_notif["subject"]], sample_path)
else:
print " [-] Problem submitting sample to DB"
if (((tmp_newest - tmp_oldest) < LOOP_TIME) and (LOOP_TIME > 60)):
LOOP_TIME = (LOOP_TIME / 2)
def main():
rule_actions = funct_parse_rule_actions()
print " [!] %-*s: ( Command )\n" % (40, "Signature")
for rule in rule_actions.keys():
print " [+] %-*s: %s " % (40, rule, rule_actions[rule])
