def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name)
iocs = [x for x in all_iocs if not self._whitelist.match_values(x)]
reports = vt.get_domain_reports(iocs)
for domain in reports:
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name)
iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
reports = vt.get_domain_reports(iocs)
for domain in reports.keys():
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
