Exemple #1
0
def _get_ioc_type(ioc):

    if util.is_ip(ioc):
        return (phantom.APP_SUCCESS, "ip")

    if util.is_hash(ioc):
        return _get_hash_type(ioc)

    if util.is_domain(ioc):
        return (phantom.APP_SUCCESS, "domain")

    return (phantom.APP_ERROR, "Failed to detect the IOC type")
Exemple #2
0
def _get_ioc_type(ioc):

    if util.is_ip(ioc):
        return phantom.APP_SUCCESS, "ip"

    try:
        ipv6_type = ipaddress.IPv6Address(ioc)
        if ipv6_type:
            return phantom.APP_SUCCESS, "ip"
    except:
        pass

    if util.is_hash(ioc):
        return _get_hash_type(ioc)

    if util.is_domain(ioc):
        return phantom.APP_SUCCESS, "domain"

    return phantom.APP_ERROR, "Failed to detect the IOC type"