def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep(
'virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
reports = vt.get_domain_reports(iocs)
for domain in reports.keys():
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of URLs.
Args:
all_iocs - a list of URLs.
Returns:
A dict with URL as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep(
'virustotal.LookupURLsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
reports = vt.get_url_reports(all_iocs)
for url in reports.keys():
report = reports[url]
if not report:
continue
if self._should_store_ioc_info(report):
threat_info[url] = self._trim_url_report(report)
return threat_info
