Esempi in Python per malicious_detector_response

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: api_app.script_analyzers.observable_analyzers.dns.dns_responses

Metodo/funzione: malicious_detector_response

Esempi su hotexamples.com: 4

malicious_detector_response in Python: 4 esempi trovati. Questi sono i migliori esempi reali in Python per api_app.script_analyzers.observable_analyzers.dns.dns_responses.malicious_detector_response, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

    def run(self):
        try:
            is_malicious = False
            observable = self.observable_name
            # for URLs we are checking the relative domain
            if self.observable_classification == "url":
                observable = urlparse(self.observable_name).hostname

            client = requests.session()
            params = {
                "name": observable,
                "type": "A",
                "ct": "application/dns-json",
            }
            response = client.get(
                "https://security.cloudflare-dns.com/dns-query", params=params)
            response.raise_for_status()
            response_dict = response.json()

            response_answer = response_dict.get("Answer", [])
            if response_answer:
                resolution = response_answer[0].get("data", "")
                # CloudFlare answers with 0.0.0.0 if the domain is known as malicious
                if resolution == "0.0.0.0":
                    is_malicious = True

        except requests.exceptions.RequestException:
            raise AnalyzerRunException("Connection to CloudFlare failed")

        return malicious_detector_response(self.observable_name, is_malicious)

Esempio n. 2

Mostra file

File: quad9_malicious_detector.py Progetto: f0r3ns1cat0r/IntelOwl

    def run(self):
        observable = self.observable_name
        # for URLs we are checking the relative domain
        if self.observable_classification == "url":
            observable = urlparse(self.observable_name).hostname

        quad9_answer = self._quad9_dns_query(observable)
        # if Quad9 has not an answer the site could be malicious
        if not quad9_answer:
            # Google dns request
            google_answer = self._google_dns_query(observable)
            # if Google response, Quad9 marked the site as malicious,
            # elsewhere the site does not exist
            if google_answer:
                return malicious_detector_response(self.observable_name, True)

        return malicious_detector_response(self.observable_name, False)

Esempio n. 3

Mostra file

File: google_webrisk.py Progetto: f0r3ns1cat0r/IntelOwl

    def run(self):
        api_key_name = "GOOGLE_APPLICATION_CREDENTIALS"
        credentials = secrets.get_secret(api_key_name)
        if not credentials:
            raise AnalyzerRunException(
                f"No credentials retrieved with name: '{api_key_name}'")
        if not exists(credentials):
            raise AnalyzerRunException(
                f"{credentials} should be an existing file. "
                "Check the docs on how to add this file to"
                " properly execute this analyzer")

        web_risk_client = WebRiskServiceClient()
        # threat types
        # MALWARE = 1
        # SOCIAL_ENGINEERING = 2
        # THREAT_TYPE_UNSPECIFIED = 0 should not be used
        # UNWANTED_SOFTWARE = 3
        threat_types = [ThreatType(1), ThreatType(2), ThreatType(3)]
        response = web_risk_client.search_uris(uri=self.observable_name,
                                               threat_types=threat_types,
                                               timeout=5)
        threats_found = response.threat
        # ThreatUri object
        logger.debug(f"threat founds {threats_found}")

        threat_types = threats_found.threat_types

        malicious = True if threat_types else False
        web_risk_result = malicious_detector_response(self.observable_name,
                                                      malicious)
        # append extra data
        if malicious:
            threats_list = []
            if 1 in threat_types:
                threats_list.append("MALWARE")
            if 2 in threat_types:
                threats_list.append("SOCIAL_ENGINEERING")
            if 3 in threat_types:
                threats_list.append("UNWANTED_SOFTWARE")
            web_risk_result["threats"] = threats_list
        return web_risk_result

Esempio n. 4

Mostra file

    def run(self):
        api_key_name = "GSF_KEY"
        api_key = secrets.get_secret(api_key_name)
        if not api_key:
            raise AnalyzerRunException(
                f"No API key retrieved with name: '{api_key_name}'")

        sb_instance = SafeBrowsing(api_key)
        response = sb_instance.lookup_urls([self.observable_name])
        if self.observable_name in response and isinstance(
                response[self.observable_name], dict):
            result = response[self.observable_name]
        else:
            raise AnalyzerRunException(f"result not expected: {response}")

        malicious = result["malicious"]
        googlesb_result = malicious_detector_response(self.observable_name,
                                                      malicious)
        # append google extra data
        if malicious:
            googlesb_result["cache"] = result["cache"]
            googlesb_result["threats"] = result["threats"]
            googlesb_result["platforms"] = result["platforms"]
        return googlesb_result